nanog mailing list archives
Re: HTTPS redirects to HTTP for monitoring
From: William Herrin <bill () herrin us>
Date: Sun, 18 Jan 2015 12:35:02 -0500
On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 () gmail com> wrote:
I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise?
Hi Grant, Fidelis Security (part of GD) does this for USG customers. Good guys with a strong, scalable product. http://www.fidelissecurity.com/ Basically, all internal web browsers get a custom CA which authenticates a re-signing cert. HTTPS traffic is decrypted by an IDS agent, examined and then re-encrypted with the resigning cert. You have to decide for yourself whether you really want to examine your users' HTTPS traffic. It does create a rather hostile work environment for the folks you're playing big brother to. Not quite camera-in-the-men's-room hostile but hostile enough to deter quality staff from seeking and maintaining employment. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/> May I solve your unusual networking challenges?
Current thread:
- Re: HTTPS redirects to HTTP for monitoring, (continued)
- Re: HTTPS redirects to HTTP for monitoring John R. Levine (Jan 18)
- Message not available
- Re: HTTPS redirects to HTTP for monitoring Larry Sheldon (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring William Waites (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Kelly Setzer (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Matt Palmer (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Damian Menscher (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring Ca By (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Geoffrey Keating (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Larry Sheldon (Jan 19)