undefined | Better HN

0 pointssithadmin4y ago0 comments

Probably doing MITM SSL inspection. Basically, a corporate security appliance with trusted certs on the endpoint sits in the middle of everything to inspect for malware/viruses/blocked content.

A relatively common corporate practice, honestly. It's a shame more people aren't aware of it.

0 comments

licebmi__at__4y ago

I had a problem once when I was testing setting up a central VPN for all my devices to go through, but I forgot to exclude the work laptop. So I got a call by security that they got an alert of somebody trying to connect using my credentials on an overseas location.

I explained the guy on the other line the reason why that happened and he told me not to worry about it, but warned me that they were going to monitor my traffic by protocol for a few hours, so I should avoid looking at porn in the meantime. I replied that I wouldn't look at porn on the work laptop, and he told me that the warning was also routine and that I wouldn't believe what people watch during working hours.

gruez4y ago

>Probably doing MITM SSL inspection.

Probably not, judging by the gp's use of the term "end to end encrypted". Nearly every site uses HTTPS, so if they were really doing MITM, either everything would be broken (because the root certs aren't installed), or everything works. My guess is that his employer's network has some sort of network filter installed, and "end to end encrypted" is a classification category for sites that is blocked for whatever reason.

sithadminOP4y ago

HTTPS is not an obstacle to this.

As I mentioned before, the methodology requires publishing a trusted cert to endpoints. This is done with GPOs or whatever RMM tool is used to manage workstations + MDM to push to mobile.

You will find this implemented in nearly any high-security network environment (finance, government, etc.), primary schools, and a lot of miscellaneous businesses.

j / k navigate · click thread line to collapse