Firewall Wizards mailing list archives

Re: The Outgoing Traffic Problem --

From: damnliberals () gmail com
Date: Wed, 19 Jul 2006 03:36:46 +0300

On 7/12/06, Marcus J. Ranum <mjr () ranum com> wrote:
<..>

As far as I can see, the endgame is going to be one of two
things.
- Organizations are going to try to add signature-style
controls to SSL transactions and are going to rely on "man
in the middle" style interception tricks and (call 'em what
you want) signatures to detect malicious traffic
- Organizations are going to have to positively identify
sites with which it is necessary/appropriate to do SSL
transactions

I don't see a lot of future in EITHER of those options. The first
one falls apart really fast if anyone ever fixes SSL's certificate
trust model (not highly likely) but since it's signature-based
it'll fail when the hackers add superencryption to their command
streams. The second option would have worked if it had been

<..>


One branch of the military that I'm working with across the pond, has
recently moved to option 1, specifically using bluecoat SSL proxies to
scan SSL-encrypted traffic.  They are also significantly reducing the
(already limited) sites that can be accessed.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

The Outgoing Traffic Problem -- Marcus J. Ranum (Jul 17)
- Re: The Outgoing Traffic Problem -- Paul D. Robertson (Jul 17)
  - Re: The Outgoing Traffic Problem -- R. DuFresne (Jul 21)
- Re: The Outgoing Traffic Problem -- damnliberals (Jul 19)
- PIX monitoring and fine tunning question Shahin Ansari (Jul 20)
- Re: The Outgoing Traffic Problem -- Carson Gaspar (Jul 26)