PDA

View Full Version : how to scan file in the SSL channel?

cpliu903
11-15-2008, 05:26 AM
how to scan file in the SSL channel?
mdh
11-15-2008, 09:46 AM
Untangle does not touch SSL traffic.
jontz
12-05-2008, 06:48 AM
If you could scan SSL files, it would kind of defeat the purpose of SSL...
mdh
12-05-2008, 06:55 AM
I guess that depends on who you ask. If you ask a user, they want their transaction to be secure from any prying eyes. From a network administrator's view, they want to know what is entering and leaving their network. Which one is right?
jontz
12-05-2008, 07:11 AM
Good question.

In my case, working for a school, all of the computers are public property so you have no expectation of privacy. At any point any computer could be seized and examined, that goes for my servers and computers as a network admin as well.

Usually, if I can't scan it and/or don't know what it is doing, it gets blocked. You need SSL to do you online banking? Do it from home. Sorry. If you can prove to me that it is something worthwhile, educationally related, helps kids learn, etc. I'll let it through. I have to trust you though. You get one shot at that, you burn that bridge, the only site you are getting to is the internal web page.
datdamnmachine
12-06-2008, 09:21 PM
Good question.

In my case, working for a school, all of the computers are public property so you have no expectation of privacy. At any point any computer could be seized and examined, that goes for my servers and computers as a network admin as well.

Usually, if I can't scan it and/or don't know what it is doing, it gets blocked. You need SSL to do you online banking? Do it from home. Sorry. If you can prove to me that it is something worthwhile, educationally related, helps kids learn, etc. I'll let it through. I have to trust you though. You get one shot at that, you burn that bridge, the only site you are getting to is the internal web page.

Well, you can block HTTPS period. There is a thread on here on how to use the firewall module to do this. You can allow what is required and business related.

HOWEVER, be aware of the potential consequences of this. What people need access to can change at the drop of a dime and as the IT person, it will be your responsibility to reconfigure stuff if the equipment you are managing is blocking it.

Example: Teacher needs to create account on secure website for registration on testing (or something like that) it's school related, but may be specific to this one teacher or class. As such, its something that will likely not be known to the IT department until after the user is having massive problems connecting.

With the firewall fix, unfortunately, you won't be getting an Untangle block page since it is being handled by the firewall...

...hmmmm, I smell feature request!