curiousecurity

Yet another blog about info & networking security this and that… Buzzword… Catchphrase…

CONNECT

Web Proxy And The Need For SSL Decryption

by

Most organizations will deploy a Web Proxy solution, but not intercept HTTPS traffic to do SSL decryption and inspection. This may be done for various reasons

* Not yet having a PKI infrastructure to manage the SSL browser certificates
* Perhaps the AD/GPO team doesn’t want to manage SSL certificate on the user PC
* Security teams may be weary about man-in-the-middle issues
* Maybe SSL interception just wasn’t a concern at the time.

Without doing SSL decryption and inspection our ability to filter or perform an action on HTTPS  traffic is tricky unless the destination IP is known and added to a DENY rule on the proxy. The problem with doing this, is that it even if you are good enough to find the specific IP that is being misused over HTTPS, it is impossible to see what is going on inside the tunnel without SSL decryption and inspection, so you are just guessing on what is actually happening. It’s not a very exact science, and takes much more time that its worth to fight the issue.
[Read more…]

BlueCoat Proxy – Log Injection For Rule Tracking

by

Unfortunately BlueCoat doesn’t have a nice and fancy log tracker type utility like CheckPoint has in Smart Tracker, so the rules do not have numbers.  However, you can work around this by using some log injection smoke and mirror tricks. There are a few unused (or not very often used) log variables that can be used in conjunction with a specific action on a rule, that when matched, will create a log line with a piece of text of your choosing.
[Read more…]

FireEye Integration With BlueCoat Proxy

by

This tutorial will assist you in setting up FireEye Integration With BlueCoat Proxy, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc…
[Read more…]