> My question is if I've opened myself up to an admin nightmare or am I
> being smart by preventing some really bad stuff into my network?
Depends on your users necessities; in most firms I suppose there is no
absolute need to use webmail accounts from inside the company. If you
have a usage policy denying private use you can happily allow the dozen
or so needed https connects.
The only other way would be to analyze -insted of blocking- https
traffic, but to do that you need a https protocol analyzer. There are
commercial products that ca ndo just that, plus limiting the traffic
over such a tunnel - eg. file transfer etc. But this has nothing to do
with squid, short of making the point that squid cannot read or
understand the https stream. Sure you are preventing bad stuff, I would
just reverse the direction - who would notice or prevent the most secret
information collected by a trojan and transmitted via standard https ?
You would not even detect it.
JC
Received on Mon Jun 18 2007 - 15:40:03 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT