Re: HTTPS redirects to HTTP for monitoring

[kendrick eastes <keastes () gmail com>]

On Sun, Jan 18, 2015 at 5:29 AM, Grant Ridder <shortdudey123 () gmail com>
wrote:

> Hi Everyone,
>
> I wanted to see what opinions and thoughts were out there.  What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things?  personal use?
> enterprise enterprise?
>
> It looks like Websense might do decryption (
> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
> some sort of session hijack to redirect to non-ssl (atleast for Google) (
> https://twitter.com/CovenantEyes/status/451382865914105856).
>
> Thoughts on having a product that decrypts SSL traffic internally vs one
> that doesn't allow SSL to start with?
>
> -Grant


Admittedly I've only been on the user side of things for this, but IMO for
cases like this MITM > striping. if your users need to access anything
outside your intranet (google apps comes to mind right away, any kind of
outsourced web-based training, etc) that requires SSL to function would be
broken by stripping, but with MITMing the connection and having your
internal certs set up properly, it won't even blip.

that being said, squid can be configured to transparently decrypt and
reencrypt the session. (http://wiki.squid-cache.org/Features/SslBump)