Click here to Skip to main content
15,346,406 members

Welcome to the Lounge

   

For discussing anything related to a software developer's life but is not for programming questions. Got a programming question?

The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.

 
GeneralRe: Internet security he%%... Pin
obermd1-Sep-21 9:22
Memberobermd1-Sep-21 9:22 
GeneralRe: Internet security he%%... Pin
charlieg1-Sep-21 15:24
Membercharlieg1-Sep-21 15:24 
GeneralRe: Internet security he%%... Pin
harvyk01-Sep-21 20:03
Memberharvyk01-Sep-21 20:03 
GeneralRe: Internet security he%%... Pin
GuyThiebaut1-Sep-21 20:19
professionalGuyThiebaut1-Sep-21 20:19 
GeneralRe: Internet security he%%... Pin
Kiriander2-Sep-21 1:31
MemberKiriander2-Sep-21 1:31 
GeneralRe: Internet security he%%... Pin
charlieg2-Sep-21 0:54
Membercharlieg2-Sep-21 0:54 
GeneralRe: Internet security he%%... Pin
milo-xml2-Sep-21 2:40
professionalmilo-xml2-Sep-21 2:40 
GeneralRe: Internet security he%%... Pin
adudley2562-Sep-21 4:45
Memberadudley2562-Sep-21 4:45 
Essentially they are logging/inspecting all traffic in the middle.

BROWSER -> Proxy/Firewall -> Internat Website

At the Proxy/Firewall side (it could be a IDS, IPS whatever) they are getting the data from the Internet Website, decrypting it, looking at it/storing it/ who knows, then passing the data on.

Now, part of SSL (TLS these days) is not just encryption/decryption, but WHO you are/which websites.

It is 'impossible', for your customer/Proxy to 'be' Lowes.com, so instead they re-encrypt the data with their own Certificate 'customerCA.com' for example, and say it's for the website 'Lowes.com'.

So, the browser knows this, and says, but you went to Lowes.com, but the SSL cert is Signed by CustomerCA.com ... I'm not showing you this website, it's been hacked/broken etc.

What everyone here means about 'installing the customer CA' is, that it's possible, to install 'CustomerCA.com' in a way, that makes it all ok for any website, so then when the proxy Generates new SSL Certificates on the fly/as you browse, for each website, your computer goes... yep, I trust CustomerCA.com, its all OK.... just like it does when it goes I trust LetsEncrypt CA, or VerisignCA etc.

HOWEVER, that being said, I wouldn't install that thing, don't do anything on that connection.

You want to setup your ROUTES on your system, so that only data for the customer's network goes via the VPN, and the rest goes via your 'standard' internet connection.

This way, you get to browse Lowes.com all day long, but still be connected to the vpn, and secure. It tells the PC to go to the VPN for some traffic, and to your standard 'internet' for other traffic.

The simplest way, it to tell the VPN adapter not to be your default gateway, but there are many ways to do this if you cant change it.

<a href="https://pasteboard.co/KiKBxAZ.png">https://pasteboard.co/KiKBxAZ.png</a>[<a href="https://pasteboard.co/KiKBxAZ.png" target="_blank" title="New Window">^</a>]
RantDear Micro$oft, Pin
Dan Neely1-Sep-21 4:26
MemberDan Neely1-Sep-21 4:26 
GeneralRe: Dear Micro$oft, Pin
charlieg1-Sep-21 4:42
Membercharlieg1-Sep-21 4:42 
GeneralRe: Dear Micro$oft, Pin
Super Lloyd1-Sep-21 12:04
MemberSuper Lloyd1-Sep-21 12:04 
GeneralRe: Dear Micro$oft, Pin
Kornfeld Eliyahu Peter1-Sep-21 19:45
professionalKornfeld Eliyahu Peter1-Sep-21 19:45 
QuestionRe: Dear Micro$oft, Pin
Super Lloyd1-Sep-21 22:11
MemberSuper Lloyd1-Sep-21 22:11 
AnswerRe: Dear Micro$oft, Pin
Kornfeld Eliyahu Peter1-Sep-21 22:51
professionalKornfeld Eliyahu Peter1-Sep-21 22:51 
GeneralRe: Dear Micro$oft, Pin
Super Lloyd1-Sep-21 23:32
MemberSuper Lloyd1-Sep-21 23:32 
GeneralRe: Dear Micro$oft, Pin
Dan Neely2-Sep-21 6:10
MemberDan Neely2-Sep-21 6:10 
GeneralPossibly off-topic, but ... Pin
OriginalGriff1-Sep-21 3:17
mveOriginalGriff1-Sep-21 3:17 
GeneralRe: Possibly off-topic, but ... Pin
Slacker0071-Sep-21 3:59
professionalSlacker0071-Sep-21 3:59 
GeneralRe: Possibly off-topic, but ... Pin
Rick York1-Sep-21 5:38
mveRick York1-Sep-21 5:38 
GeneralRe: Possibly off-topic, but ... Pin
OriginalGriff1-Sep-21 5:44
mveOriginalGriff1-Sep-21 5:44 
GeneralRe: Possibly off-topic, but ... Pin
Kelly Herald1-Sep-21 7:29
MemberKelly Herald1-Sep-21 7:29 
GeneralCCC 01-09-2021 Pin
pkfox31-Aug-21 22:32
professionalpkfox31-Aug-21 22:32 
GeneralRe: CCC 01-09-2021 Pin
Vikram A Punathambekar1-Sep-21 1:38
MemberVikram A Punathambekar1-Sep-21 1:38 
GeneralRe: CCC 01-09-2021 Pin
pkfox1-Sep-21 1:45
professionalpkfox1-Sep-21 1:45 
GeneralRe: CCC 01-09-2021 Pin
Vikram A Punathambekar1-Sep-21 21:21
MemberVikram A Punathambekar1-Sep-21 21:21 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.


Straw Poll

You discover a sentient AI in your org's system. What do you do?
Well you never know what sort of orphaned projects previous employees have left behind...
  Results   587 votes