hype-free: Interesting method for website blocking

Sunday, April 26, 2009

Interesting method for website blocking

Quick note: I was listening to the latest episode of Watchguard’s Radio Free Security podcast (no relation with them, other than a listener to the podcast) and they discussed an interesting technique for filtering websites (I’m no fan of traffic filtering, but the technique seemed interesting):

Usually SSL requests are either blocked by the target IP or by the target hostname, because the filtering proxy doesn’t have the ability to look into the actual content. An other frequently used approach is for the proxy to decrypt and the re-encrypt the traffic, however this requires a certificate to be installed on every users computer, otherwise they will get an “Invalid certificate” error on every SSL website they visit. What the Watchguard appliance can do is to look at the certificate of the website (which is transmitted in the clear at the beginning of the session negotiation) and block based on the name present in the certificate. Nifty!

Picture taken from kpwerker's photostream with permission.

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.

Using the embedded comment form requires JavaScript to be turned on for the blogger.com domain. However, you can still comment using the traditional method.