Re: dissecting HTTPS traffic

[Mark Semkiw <Mark.Semkiw () commtrans org>]

Agreed.

Mark Semkiw, Senior Network Engineer

CCNA  CNSE  WCNA








On 10/14/15, 9:25 AM, "wireshark-users-bounces () wireshark org on behalf of gedropi () allmail net" 
<wireshark-users-bounces () wireshark org on behalf of gedropi () allmail net> wrote:

> Given that AT&T (and other telcos) have been making mirrored copies of
> phone messages for years (see EFF discovery), since Google has been
> saving our data on freighters in the Atlantic & Pacific, since Google &
> ad companies have been holding ports open and forcing their presence if
> we would like content served (somewhat like extortion), the concept of
> legality has vanished due to the complicity of so many.
>
> On Wed, Oct 14, 2015, at 09:18 AM, Mark Semkiw wrote:
> > It may not strictly be illegal but at our company we have taken the tack
> > that we just don’t decrypt users traffic, especially sensitive usernames
> > and passwords to sites like online banking and healthcare, it’s not worth
> > the risk of an employee getting compromised and then coming back and
> > saying that we had the data so we must have been the one’s that got
> > compromised.   I guess it’s more of a management decision, but I imagine
> > depending on what country/state you are in there are also some legal
> > issues to content with.
> >
> > Mark Semkiw, Senior Network Engineer
> >
> > CCNA  CNSE  WCNA
> >
> >
> > From:
> > <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>>
> > on behalf of Noam Birnbaum
> > Reply-To: Community support list for Wireshark
> > Date: Tuesday, October 13, 2015 at 8:08 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] dissecting HTTPS traffic
> >
> > Mark, I'm curious about your statement that it's not legal to decrypt
> > users' traffic without them being aware. Since companies are constantly
> > asserting that they own all the data on their devices and network, why
> > would a user's personal traffic, even if it's of a sensitive nature, be
> > any different?
> >
> > Thanks!
> > noam
> >
> > On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw
> > <Mark.Semkiw () commtrans org<mailto:Mark.Semkiw () commtrans org>> wrote:
> > Because technically it’s not legal to decrypt users traffic without them
> > being aware.  It could reveal things like online banking passwords and
> > such.  We use PA firewalls and they have the ability to do SSL decryption
> > but I can’t actually see the traffic, the firewall uses layer 7
> > inspection to and it’s own internal rule base/security signatures do
> > decide if the traffic gets passed or not.
> >
> > Mark Semkiw, Senior Network Engineer
> >
> > CCNA  CNSE  WCNA
> >
> >
> > From:
> > <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>>
> > on behalf of Noam Birnbaum
> > Reply-To: Community support list for Wireshark
> > Date: Monday, October 12, 2015 at 4:32 PM
> > To: Community support list for Wireshark
> > Subject: Re: [Wireshark-users] dissecting HTTPS traffic
> >
> > Curious, why wouldn't you recommend doing our own MITM attack? (And how
> > would we do it?)
> >
> > On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw
> > <Mark.Semkiw () commtrans org<mailto:Mark.Semkiw () commtrans org>> wrote:
> > All you can really do at that point is analyze the endpoints and see if
> > you can get any info from that.  Well I guess you could setup your own
> > man-in-the-middle attack, but I wouldn’t suggest it.
> >
> > Mark Semkiw, Senior Network Engineer
> >
> > CCNA  CNSE  WCNA
> >
> >
> > From:
> > <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>>
> > on behalf of Noam Birnbaum
> > Reply-To: Community support list for Wireshark
> > Date: Friday, October 9, 2015 at 4:12 PM
> > To: "wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>"
> > Subject: [Wireshark-users] dissecting HTTPS traffic
> >
> > Hey folks,
> >
> > One of our clients has recently been having their WAN bandwidth eaten up,
> > and we've narrowed it down to one executive's computer.
> >
> > Now we want to dissect that computer's traffic to see what it's doing.
> > However, much of it is HTTPS, so we can't see the content. Any
> > suggestions on getting a useful analysis?
> >
> > Thanks!
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list
> > <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
> > org>?subject=unsubscribe
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list
> > <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
> > org>?subject=unsubscribe
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe