[mdlug] decrypting ssl connections on the fly?
Wojtak, Greg
GregWojtak at quickenloans.com
Fri Nov 24 09:25:06 EST 2006
I saw this a while back and the company I used to work for was about to get
some before I left. I am not completely sure how it works, but to me it
sounds like the device sitting between the browser and the site is fed
information about how the data is being encrypted and is therefore able to
decrypt it and re-encrypt it. I am pretty sure this is not a false claim.
Maybe it acts as a proxy, and the session from browser to SCM is
encrypted/decrypted, then the SCM makes the connection out. Since it is
sitting on both connections, it will know how to encrypt/decrypt?
Speculating wildly,
Greg
On 11/24/06 9:10 AM, "Carl T. Miller" <millerc at cantonpl.org> wrote:
> Secure Computing is a company that makes several products to
> filter Internet connections. This makes sense for a company
> that doesn't want inappropriate content on their network.
>
> What caught my eye is that they now claim they can decrypt
> ssl content and filter it the same as they do with unencrypted
> content. I thought that the whole point of ssl is that
> securely encrypts data between the two endpoints.
>
> Am I missing something or is this claim not right?
>
> Secure Content Management (SCM) Suite, efficiently decrypts all inbound
> and outbound SSL traffic at the gateway, applies multiple anti-virus and
> content scanners, and then re-encrypts the content and directs it to the
> intended recipient.
>
> c
>
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
More information about the mdlug
mailing list