[mdlug] [WLUG] decrypting ssl connections on the fly?
Joe Landman
landman at scalableinformatics.com
Fri Nov 24 10:16:20 EST 2006
Hi Carl
Carl T. Miller wrote:
> Secure Computing is a company that makes several products to
> filter Internet connections. This makes sense for a company
> that doesn't want inappropriate content on their network.
>
> What caught my eye is that they now claim they can decrypt
> ssl content and filter it the same as they do with unencrypted
> content. I thought that the whole point of ssl is that
Hmmm.... bad news for VPN traffic if this is the case.
> securely encrypts data between the two endpoints.
>
> Am I missing something or is this claim not right?
I would think that you have incomplete information, or that the
marketeers who wrote it may not have written this correctly.
I am guessing it is a proxy filter of some sort. So it does ssl point
to point with the machine requests come from, decrypts it, filters,
re-encrypts, and passes back to user. This is a man-in-the-middle
attack if this is what is implemented. Somehow it wouldn't make me
comfortable doing that (if it could be done once ...)
>
> Secure Content Management (SCM) Suite, efficiently decrypts all inbound
> and outbound SSL traffic at the gateway, applies multiple anti-virus and
> content scanners, and then re-encrypts the content and directs it to the
> intended recipient.
>
> c
> --
> *** Sent from linux-users at lugwash.org *** http://www.lugwash.org
> to unsubscribe: `echo "unsubscribe" | mail linux-users-request at lugwash.org`
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 734 786 8452 or +1 866 888 3112
cell : +1 734 612 4615
More information about the mdlug
mailing list