nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTPS redirects to HTTP for monitoring

From: Ca By <cb.list6 () gmail com>
Date: Sun, 18 Jan 2015 10:29:05 -0800
On Sunday, January 18, 2015, John Levine <johnl () iecc com> wrote:


So your idea is to block every HTTPS website?

From my point of view, it is better than violate user privacy & safety.

Sneaky is evil.


I expect your users would fire you when they found you'd blocked access to
Google.



And they would sue you for gross negligence for decrypting their ssn when
access company  payroll and cpni data


These boxes that violate end to end encryption are a great place for

hackers to steal the bank and identity info of everyone in your

company.

Since the end user machines are generally running Windows, why would bad
guys
waste time on a much harder and more obscure target?



Who said the mitm box was not running windows ?

That said, a properly admin'd win7 box is about as secure as any other end
station in my opinion. Yea, win2k and xp were a pain, msft has come a long
long way.

The same cannot be said for Adobe or Java.

CB
Previous By Date Next
Previous By Thread Next

Current thread: