Search squid archive

Re: webwasher ssl content scanner anyone ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 07 September 2006 18:28, Jakob Curdes wrote:
> several months ago we had a lengthy discussion here about the prevention
> of ssl tunneling through a http proxy. The conclusion was that to avid
> this type of misuse which can undermine your entire security strategy
> you need to inspect the ssl content.

Definitely. People will play tricks on you for sure otherwise. Guess how 
many SSH servers run on port 443...

> I just sutmbled on the commercial 
> product "WebWasher" from Securecomputing Inc.  Does anybody have
> experience with this or similar products?

Yes, we are running WebWasher for 5,500 users. While the previous versions 
were a bit unstable the current 5.x versions are working smoothly. The SSL 
scanner they developed works like a charm.

> Can it be integrated in a linux-based squid / iptables system (there is
> a linux version but no technical details)? Is there any open source
> program to achieve the same thing ?

I don't know any free SSL scanner. We are using the WebWasher for much more 
than just SSL scanning anyway. Squid isn't sufficient at all for enforcing 
a corporate security policy. This may change once large companies will 
stop using crap like Windows and especially the Internet Explorer.

We use Squid and WebWasher in a proxy chain though because WebWasher is 
weak at ACLs. Squid has an unmatched flexibility in terms of ACLs and is 
obviously a cache - what WebWasher isn't. You could as well try to use 
both through an ICAP connection since WebWasher works both as a 
HTTP/HTTPS/FTP proxy and as an ICAP server.

Enough advertisement. :)

Cheers
 Christoph

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux