Search squid archive

Re: How Bad is CONNECT and Should I Prevent It?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Does anyone have a "good" list of known online banking sites to start with? Much like the porn list and anti-malware?

Thanks again,

.vp


My question is if I've opened myself up to an admin nightmare or am I being smart by preventing some really bad stuff into my network?
Depends on your users necessities; in most firms I suppose there is no absolute need to use webmail accounts from inside the company. If you have a usage policy denying private use you can happily allow the dozen or so needed https connects. The only other way would be to analyze -insted of blocking- https traffic, but to do that you need a https protocol analyzer. There are commercial products that ca ndo just that, plus limiting the traffic over such a tunnel - eg. file transfer etc. But this has nothing to do with squid, short of making the point that squid cannot read or understand the https stream. Sure you are preventing bad stuff, I would just reverse the direction - who would notice or prevent the most secret information collected by a trojan and transmitted via standard https ? You would not even detect it.

JC





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux