undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsdcow2y ago0 comments

Honest question: have you ever seen a corporate TLS middleware box stop an active threat? And I don’t mean drive-by crap like port scanning for sshd…

0 comments

4 comments · 2 top-level

chelmzy2y ago· 2 in thread

Its typically used for detecting malware, detecting data loss prevention, or forensics. "Drive by crap like port scanning for sshd" isn't even relevant to why companies mitm SSL. And yes I see it detect but not stop active threats on a daily basis.

dcowOP2y ago

These tools typically claim to block or catch stupidly high number of threats per unit time. And they usually bucket the drive-by stuff as a threat to achieve this narrative. I agree it’s hogwash.

So you’re essentially admitting that these TLS boxes are more about controlling employees and “data loss prevention” than actually preventing real threats and doing honest security. Got it.

https://honest.security

unethical_ban2y ago

>I agree it’s hogwash.

I think the parent commenter was pointing out that "MITM TLS box" has nothing to do with sshd scans. Not that MITM TLS boxes have no use.

Oh, and #4 on that "tenets of honest security" is an opinion not shared by all.

In the modern era of guest wifi and ubiquitous personal mobile devices, personal use on a work machine is not necessary or advisable. That said, in most places it is common to *not* decrypt websites related to health and government and banking.

Everything is about liability and protection of company data.

GartzenDeHaes2y ago

These are more of an analyst tool for detection than blocking.

j / k navigate · click thread line to collapse