Firewall Wizards mailing list archives
RE: Blocking email through the web services
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Fri, 24 Jan 2003 17:35:46 +0200
Sure, they can check the certificate, but if there is no other way out, they will either accept it, or not surf their email. Either way, you win. Implications are obviously that you are responsible for maintaining the security of that intermediate certificate, in order to protect your users. If anyone gets their hands on that cert, and your users are accustomed to accepting it, or if their browsers have accepted the cert with which it was signed, the attacker could snarf their banking credentials, etc. Rogan -----Original Message----- From: Nieveler, Juergen [mailto:Juergen.Nieveler () akzonobeldeco de] Sent: 24 January 2003 05:09 PM To: 'John Keeton'; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Blocking email through the web services
There are products out there(I have product spew at work w/ the vendors
name if
anyone is interested) that will be the ssl server to the browsers, so you can then forward the http traffic to a filtering proxy, then back to it,
and it
will make the session to the remote ssl server. The luser never knows
what
happened. Costly though IIRC.
IIRC, MS ISA Server can do this, too. But a half-competent luser will check the SSL certificate and notice that it's not the original one. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Blocking email through the web services, (continued)
- Re: Blocking email through the web services Martin Peikert (Jan 22)
- Re: Blocking email through the web services Mikael Olsson (Jan 22)
- RE: Blocking email through the web services Noonan, Wesley (Jan 22)
- RE: Blocking email through the web services Nieveler, Juergen (Jan 22)
- Re: Blocking email through the web services Martin Peikert (Jan 22)
- RE: Blocking email through the web services Skough Axel U/IT-S (Jan 22)
- RE: Blocking email through the web services Chapman, Justin T (Jan 22)
- Re: Blocking email through the web services Mikael Olsson (Jan 23)
- Re: Blocking email through the web services John Keeton (Jan 24)
- Re: Blocking email through the web services Mikael Olsson (Jan 23)
- RE: Blocking email through the web services Nieveler, Juergen (Jan 24)
- RE: Blocking email through the web services Dawes, Rogan (ZA - Johannesburg) (Jan 24)
- Re: Blocking email through the web services Martin Peikert (Jan 22)