RE: [fw-wiz] HTTPS, proxies, and remote developers.
From: Eugene Kuznetsov (eugene_at_datapower.com)
Date: 06/16/03
- Previous message: Paul Robertson: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
- In reply to: Devdas Bhagat: "[fw-wiz] HTTPS, proxies, and remote developers."
- Next in thread: Melson, Paul: "RE: [fw-wiz] HTTPS, proxies, and remote developers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Firewall-Wizards'" <firewall-wizards@honor.icsalabs.com> Date: Mon, 16 Jun 2003 13:44:33 -0400
> me. The remote client does not like the idea.
> What would be the easiest way to handle this situation? How would you
> resolve a policy issue if one of your clients requires that you use
> unencrypted traffic outbound from their network into yours.
> (Their need to know for traffic on their network against your need for
> security).
Why not an outbound SSL proxy, where the developers open up an SSL
session to the proxy, everything can be scanned in clear-text on the
proxy, and then the proxy re-initiates an SSL connection to the
mothership? This would also mean that only authorized staff on client
site would be able to see the traffic, not everyone.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Robertson: "Re: [fw-wiz] HTTPS, proxies, and remote developers."
- In reply to: Devdas Bhagat: "[fw-wiz] HTTPS, proxies, and remote developers."
- Next in thread: Melson, Paul: "RE: [fw-wiz] HTTPS, proxies, and remote developers."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
