[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTTPS redirects to HTTP for monitoring

Subject: HTTPS redirects to HTTP for monitoring
From: bill at herrin.us (William Herrin)
Date: Sun, 18 Jan 2015 12:35:02 -0500
In-reply-to: <CAPiURgX9jGFQMvVcW2ON1gnUkG1yEF2=n6AqfS9U6HjJu_vWdA@mail.gmail.com>
References: <CAPiURgX9jGFQMvVcW2ON1gnUkG1yEF2=n6AqfS9U6HjJu_vWdA@mail.gmail.com>

On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 at gmail.com> wrote:
> I wanted to see what opinions and thoughts were out there.  What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things?  personal use?
> enterprise enterprise?

Hi Grant,

Fidelis Security (part of GD) does this for USG customers. Good guys
with a strong, scalable product.
http://www.fidelissecurity.com/

Basically, all internal web browsers get a custom CA which
authenticates a re-signing cert. HTTPS traffic is decrypted by an IDS
agent, examined and then re-encrypted with the resigning cert.

You have to decide for yourself whether you really want to examine
your users' HTTPS traffic. It does create a rather hostile work
environment for the folks you're playing big brother to. Not quite
camera-in-the-men's-room hostile but hostile enough to deter quality
staff from seeking and maintaining employment.

Regards,
Bill Herrin

-- 
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?

References:
- HTTPS redirects to HTTP for monitoring
  - From: shortdudey123 at gmail.com (Grant Ridder)

Prev by Date: HTTPS redirects to HTTP for monitoring
Next by Date: HTTPS redirects to HTTP for monitoring
Previous by thread: HTTPS redirects to HTTP for monitoring
Next by thread: HTTPS redirects to HTTP for monitoring
Index(es):
- Date
- Thread