Re: [squid-users] Re: Squid log details - HTTPS tunnel detection

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 23 May 2007 23:26:33 +0200

ons 2007-05-23 klockan 16:00 -0500 skrev K K:

> Another option is to route SSL through a commercial product which does
> true SSL/TLS "interception", terminating the crypto in the analysis
> box and then re-establishing a new SSL session to the Internet. This
> has *huge* implications for privacy, HIPAA, etc.

Or hire a developer to add this to Squid. Not much missing to be honest.

> I've spoken with Bluecoat, Radware, Checkpoint, and others about
> products in this space, but the whole idea gives me the willies.

Privacy is a luxury. In some environments it's not something you are
allowed to have and in such environments these decrypting proxies makes
sense.

Have seen a number of large corporations where their security policy do
not allow encrypted communication between the internal LAN and Internet,
absolutely requiring the ability to inspect the traffic. Naturally these
also have enforced policies defining how Internet may be used at the
office, only allowing it to be used as part of the work and not for
private purposes.

Regards
Henrik

Received on Wed May 23 2007 - 15:26:39 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT