CERT: HTTPS Interception Products Weaken Companies' Security

Status
Not open for further replies.

firefoxx04

Distinguished
Jan 23, 2009
1,371
1
19,660
144
A lot of companies willing to do this do not use certificate authorities in the first place. The browser already thinks there is a MITM attack 24/7. So why does it matter that we are performing a MITM attack on ourselves if we already do not use signed certificates?
 

BPusch

Reputable
Oct 29, 2015
1
0
4,510
0
We call it content filtering in the EDU universe and that won't be going away anytime soon. The secret to success is to pay, continuously, for a high quality product that does check the SSL connections it forms against known quality lists. Money won't solve everything, but it works here. This content filtering is important to keep us compliant with state laws. With the push to move everything to SSL, it has presented some challenges that perhaps policy and legislation haven't kept up with.
 
Status
Not open for further replies.

ASK THE COMMUNITY