Re: SSL Web Proxy is a Double Edged Sword

On 7/23/05, primero <primero@fastwebnet.it> wrote:
> Greg Jones wrote:
>
> > Greetings,
> hi there
>
> > What concerns me is the proxying of SSL.  Many think this is super
> > duper secure, saying "Since SSL encrypts, it must be good!"  But if
> > what you are trying to do is limit outbound connections from your
> > employees, this is basically a wide open hole.  Here's how:
>
> yes ok, this is true ... and i think that a lot of people here knows
> about it and how to use it for his needs.
> what i think is that you always have to ask "why am i setting this
> security feature for my network?" and "who is gonna be limited by this
> security feature?" . I mean, in a normal enterprise network where you
> use an HTTP/HTTPS proxy to limit outbound connections for your employees
> , i would expect the these employees would not even imagine that using
> the SSL Tunnel trhough the proxy can give them access to whatever they want.
> http/https Proxy is a measure i use for a general and low-level control
> ... is not something i would use as Security-Base for my network ,
> because it is not intended to accomplish such a scope.

In the cases I have heard of.. you are right, the employees didnt have
a clue how to do this themselves. The malware rats being paid by a
competitor did.. all they had to do was set up a directed email that
some silly employee installed on their machine and all the .doc files
and shell access in were nicely taken out without the common IDS
catching onto it because it was tunneled HTTPS traffic that looked
legit.

-- 
Stephen J Smoogen.
CSIRT/Linux System Administrator