Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Censorware boxes? (Score 1) 90

Sorry. I missed that first "not" in your post. As for apps with their own certs, you would let those stay encrypted, but limit where they can go. These kinds of apps (ones that use client certs if I'm reading you right) usually perform specific business functions and are not for general surfing. In fact, if it was me, I'd bypass the proxy entirely for these apps to keeps the number of moving parts to a minimum.

Comment Re:Censorware boxes? (Score 1) 90

Actually that's not what these devices "are for". They're tools for enforcing company policy. That's it. They are not evil in and of themselves. Do clueless organizations try to use them for "nannying" their employees to death? Every day. And they're so busy making sure Joan in Accounting doesn't spend 15 extra minutes on Facebook that they miss all the PII and company IP going out one of the other many other open transports out of the company network. Any company that is serious about security either doesn't allow this information on the untrusted network (where the users live) in the first place or they lock down internet access to the point that most employees don't even know the company has a connection to the internet. Everyone else is a breach in progress.

And no, you don't need a certificate from a trusted CA to do SSL MITM on on a Bluecoat (but it would come in handy for a government entity spying on its citizens). All you need is a trusted wildcard cert. The Active Directory CA cert would work just as well in a corporate environment.

Comment Re:Look into more serious UTM firewalls (Score 1) 414

UTM? That's soooo 2002! Though at the low end, that is probably the best solution today. Next Generation firewalls work at Layer 7 and inspect the packet once (instead of once for each way you want to look at it: stateful inspection, authentication, antivirus, IPS, etc.). I know of several UTM manufacturers at your price point whereas a Next Generation firewall starts at about $5000.00.

Slashdot Top Deals

Make sure your code does nothing gracefully.