Network Security

There are far too many IT ‘experts’ set loose upon this world that it is no longer a safe world to be in. I cannot believe the number of responses to the question on how to filter HTTPS traffic through a proxy server suggested performing a man-in-the-middle attack on their own networks. To me, this is just totally brainless and intolerable. Good thing that most of these people do not actually work in IT security or administration (at least I hope that they do not).

I cannot even begin to explain why it is such a stupid idea to use that method to control HTTPS traffic. It is the lazy man solution to the problem. The trouble with this method is that it totally undermines the security of HTTPS traffic. It allows the proxy server or system admin guys to actually sniff the sensitive data traveling inside the secure connection. If the employees are doing banking online, this would allow the server to actually see private and confidential information. That breaks the whole security chain.

The best way to do it would actually be to filter the traffic externally. For example, the traffic pattern can be analysed to determine if it is a streaming connection (possibly streaming video) or if it is a transactional connection (possibly online shopping and banking). It is also possible to block HTTPS connections to certain websites by analysing the CONNECT command used to initiate the transaction through the proxy. Obviously, all these other methods are more difficult and require more work than the lazy man solution.

I most certainly hope that they do not use the lazy man solution at work. Just to be safe, I should refrain from doing my online banking at work.

Published by

Shawn Tan

Chip Doctor, Chartered Engineer, Entrepreneur, Law Graduate.

3 thoughts on “Network Security”

  1. You’re right, but for the particular example you give, I think there’s not much of a difference: given that the sysadmins control your desktops (or don’t they?), they could listen it at the end point anyway, without breaking the chain…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s