RE: HTTPS Question

From: Javier Otero (jotero@smartekh.com)
Date: 04/12/02


From: Javier Otero <jotero@smartekh.com>
To: Kenzo <kenzo_chin@hotmail.com>, Chip Upsal <chip.upsal@biosgroup.com>, acoston@csc.com, security-basics@securityfocus.com
Date: Fri, 12 Apr 2002 14:09:10 -0500

You can use a contenf fileter like Trend Micro InterScan Messagin Security
Suite, you can download a trial from www.antivirus.com) and web filter like
WebSense or WebManager.
This combination can geave you a very powerfull and fexible solution.

Javier Otero
Grupo Smartekh
Antivirus Expertos
Business Continuity
Inftegrity
Investigación y Desarrollo
5243-4782/83/84
México, D.F.

-----Mensaje original-----
De: Kenzo [mailto:kenzo_chin@hotmail.com]
Enviado el: jueves, 11 de abril de 2002 14:33
Para: Chip Upsal; acoston@csc.com; security-basics@securityfocus.com
Asunto: Re: HTTPS Question

IF you really want to block people from going to certain sites. You can get
a program to block the web pages. We use surfcontrol to limit internet
access and set up rules. You can pretty much control who you want to have
access and where and at what time. It's cool to lock up people's internet
access when they piss you off. It's the only program that I know of. I'm
sure that there are others, but this is the one that I use and it's ok.
Kind of pricy though.

----- Original Message -----
From: "Chip Upsal" <chip.upsal@biosgroup.com>
To: <acoston@csc.com>; <security-basics@securityfocus.com>
Sent: Wednesday, April 10, 2002 10:26 AM
Subject: RE: HTTPS Question

You can turn off port 443 at the router/firewall. However this might prevent
some legitimate secure web traffic as well. You might try it and evaluate
any complaints.

Chip

-----Original Message-----
From: acoston@csc.com [mailto:acoston@csc.com]
Sent: Wednesday, April 10, 2002 6:44 AM
To: security-basics@securityfocus.com
Subject: HTTPS Question

Hi All,

I want to turn off HTTPS to prevent people on the network from shopping at
various sites at work. Anyone know of any vulnerability in doing so? Will
I kill something else that uses HTTPS that I haven't thought about?

Alissa