zlacker

[return to "BlueCoat and other proxies hang up during TLS 1.3"]
1. db48x+D2[view] [source] 2017-02-28 02:06:00
>>codero+(OP)
The long-term solution is simply not to work anywhere that insists on running a MITM attack on all of your communications.
◧◩
2. wildmu+n4[view] [source] 2017-02-28 02:34:57
>>db48x+D2
Without an SSL MITM, Intrusion Detection Systems (IDS's) are much less effective.

If you're using your company's network, then they have every right to monitor all of the activity on it. They're trying to protect trade secrets, future plans, customer data, employee records, etc. from attackers who would use that information to do harm to the company, its customers, and its employees. If you don't want your employer to know what you're doing, then don't use the company computer or company network to do it. And while you may think that you're too tech savvy to fall prey to malware 1) not everyone at your company is, and 2) no amount of savvy will protect you from all malware, especially ones that gain a foothold through an unpatched exploit. And there's also that whole other can of worms: malicious employees.

◧◩◪
3. riffic+ke[view] [source] 2017-02-28 04:46:22
>>wildmu+n4 

  If you're using your company's network, then they have every right to monitor all of the activity on it.
This is tantamount to steaming open and resealing the envelopes of all physical mail. Have some god damn ethics, I'd sooner quit than snoop traffic in this manner.
◧◩◪◨
4. btbuil+Yi[view] [source] 2017-02-28 05:44:26
>>riffic+ke
All MITM proxies I know require an enterprise CA trusted by the end-point. If that CA is on your machine the endpoint is probably owned by your employer. It is legal in most jurisdictions for your employer to monitor the usage of resources they have provided, be it computer or network.

I would never trust a company device, or company network, with anything I consider sensitive. Use your own device and keep it on cellular.

Also though I don't like it, employers in the US do have the right to open mail addressed to you personally if delivered to the office.

◧◩◪◨⬒
5. NoGrav+TO[view] [source] 2017-02-28 13:27:10
>>btbuil+Yi
Legal and ethical aren't the same thing, though. I agree it's legal for your employer to monitor traffic on their network. But an ethical sysadmin would not facilitate their doing so (unless there were a fairly significant and unusual justification in context).

(Note: I would also never trust a company device or company network, and I keep my personal devices completely separate from the company network for this reason. But I consider this a workaround for a deplorable situation, rather than just the way things are.)

[go to top]