Re: Oxford and Google Apps

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Feb 19, 2013 at 02:46:25PM +0000, Sigmon, Aaron wrote:

>    At the previous educational institute I worked for, we added the google
>    docs phishing URL's to a block list on our Palo Alto's.  This was achieved
>    by creating a custom URL category called "Phishing Links", and then used
>    SSL-Decryption on that custom category for it to decrypt the SSL session
>    and block the URL.

The same can be achieved for significantly less cash using Squid as an
SSL proxy (of course, that means you need folks who understand the
intricacies of proxying content and Unix or Linux in general...).

The kicker for either is that you have to terminate the SSL connections
on the proxy and a lot of institutions have very vocal faculty who take
offence to that. InfoSec may take offence to it as well, depending on
who controls the proxies (a lot of institutions still have InfoSec as a
joint networking/systems function, even if they have the equivalent of
an ISO/CISO).

As much as it's a game of whack-a-mole, I still think that SSL
decryption and blocking as you're made aware of them is The Right Thing
To Do -- defence-in-depth and all that.

kmw

PS - Aaron, congratulations on the new .edu address!

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlEjmWgACgkQsKMTOtQ3fKGV2ACgldXBiS/WRyDwBIG9dge9+Wy0
mUAAmwS50QyPDOBWnJgy5qe3TyuHey2h
=0tjs
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlEjmXIACgkQsKMTOtQ3fKFzfACcC2XGyyoOgAMnbeS5ihulIeKf
CAcAnRP820vo6Cb3aAsks5d9xrKPuyLO
=GoLb
-----END PGP SIGNATURE-----