Re: HTTPS redirects to HTTP for monitoring

[William Herrin <bill () herrin us>]

On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 () gmail com> wrote:
> I wanted to see what opinions and thoughts were out there.  What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things?  personal use?
> enterprise enterprise?

Hi Grant,

Fidelis Security (part of GD) does this for USG customers. Good guys
with a strong, scalable product.
http://www.fidelissecurity.com/

Basically, all internal web browsers get a custom CA which
authenticates a re-signing cert. HTTPS traffic is decrypted by an IDS
agent, examined and then re-encrypted with the resigning cert.

You have to decide for yourself whether you really want to examine
your users' HTTPS traffic. It does create a rather hostile work
environment for the folks you're playing big brother to. Not quite
camera-in-the-men's-room hostile but hostile enough to deter quality
staff from seeking and maintaining employment.

Regards,
Bill Herrin


-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?