Quote from: athurdent on October 30, 2024, 09:17:25 amQuote from: pradip.marathon on October 30, 2024, 08:02:41 amQuote from: athurdent on October 29, 2024, 08:10:11 amQuote from: pradip.marathon on October 29, 2024, 07:46:44 amIn a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.You should probably read up on how SSL Inspection works. I have already implemented and test the SSL inspection in my org, Installation of Zenarmor SSL certificate is mandetory in order work TLS inspection and filter the content. Do you have any other aspect on this?Every SSL Inspection implementation requires you to trust a signing certificate, i.e. install a custom cert. So unsure how one would expect Zenarmor to act differently when familiar with the requirements for SSL Inspection.It's surprising to see such comments without a proper understanding of the context. I have clearly outlined the expected solution, fully aware of how SSL inspection works. While I understand that implementing SSL inspection typically requires trusting a signing certificate, I believe that solutions like those offered by Palo Alto already provide agent-less options to achieve the desired results.
Quote from: pradip.marathon on October 30, 2024, 08:02:41 amQuote from: athurdent on October 29, 2024, 08:10:11 amQuote from: pradip.marathon on October 29, 2024, 07:46:44 amIn a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.You should probably read up on how SSL Inspection works. I have already implemented and test the SSL inspection in my org, Installation of Zenarmor SSL certificate is mandetory in order work TLS inspection and filter the content. Do you have any other aspect on this?Every SSL Inspection implementation requires you to trust a signing certificate, i.e. install a custom cert. So unsure how one would expect Zenarmor to act differently when familiar with the requirements for SSL Inspection.
Quote from: athurdent on October 29, 2024, 08:10:11 amQuote from: pradip.marathon on October 29, 2024, 07:46:44 amIn a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.You should probably read up on how SSL Inspection works. I have already implemented and test the SSL inspection in my org, Installation of Zenarmor SSL certificate is mandetory in order work TLS inspection and filter the content. Do you have any other aspect on this?
Quote from: pradip.marathon on October 29, 2024, 07:46:44 amIn a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.You should probably read up on how SSL Inspection works.
In a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.
Quote from: pradip.marathon on November 04, 2024, 11:17:33 amQuote from: athurdent on October 30, 2024, 09:17:25 amQuote from: pradip.marathon on October 30, 2024, 08:02:41 amQuote from: athurdent on October 29, 2024, 08:10:11 amQuote from: pradip.marathon on October 29, 2024, 07:46:44 amIn a BYOD scenario, why would someone want to install a certificate on their personal device?There should be a solution to implement TLS inspection without requiring any tools or certificates to be installed on the endpoints.You should probably read up on how SSL Inspection works. I have already implemented and test the SSL inspection in my org, Installation of Zenarmor SSL certificate is mandetory in order work TLS inspection and filter the content. Do you have any other aspect on this?Every SSL Inspection implementation requires you to trust a signing certificate, i.e. install a custom cert. So unsure how one would expect Zenarmor to act differently when familiar with the requirements for SSL Inspection.It's surprising to see such comments without a proper understanding of the context. I have clearly outlined the expected solution, fully aware of how SSL inspection works. While I understand that implementing SSL inspection typically requires trusting a signing certificate, I believe that solutions like those offered by Palo Alto already provide agent-less options to achieve the desired results.Zenarmor is agent-less though? You should perhaps elaborate on your ask, and lay out what others like Palo Alto are doing differently.I.e. explain how you'd like full SSL Inspection be done by Zenarmor (or any other SSL Inspection engine) without trusting a certificate used to decrypt traffic in the middle.
There should be a solution to implement content filtering/TLS inspection without requiring any tools or certificates to be installed on the endpoints.
Palo Alto can filter the content from website, example 1- I would like to give access of youtube except specific video category in youtube like Shorts, Movies, Non-Educational, Games etc. example 2 - I would like to give access of facebook but not the games inside facebook.
Quote from: pradip.marathon on November 04, 2024, 12:11:17 pmThere should be a solution to implement content filtering/TLS inspection without requiring any tools or certificates to be installed on the endpoints.This is technically impossible. The entire point of TLS is prohibiting "inspection".
You CAN do filtering on a domain name basis via SNI without decryption, but that's it.
Quote from: Patrick M. Hausen on November 04, 2024, 12:13:23 pmQuote from: pradip.marathon on November 04, 2024, 12:11:17 pmThere should be a solution to implement content filtering/TLS inspection without requiring any tools or certificates to be installed on the endpoints.This is technically impossible. The entire point of TLS is prohibiting "inspection".I believe you will need to explore some available solutions. It is very much possible to achieve this. For YouTube, the YouTube V3 API is already available, which can be used with open-source proxies like Squid. There are multiple bundled packages with Squid that already include such integrations. Please refer to WebSafety from Diladele and SafeSquid's integration for "https://docs.safesquid.com/wiki/Youtube_API_Integration_With_Safesquid_To_Allow_Specific_YouTube_Videos" for more information.
I believe you will need to explore some available solutions. It is very much possible to achieve this. For YouTube, the YouTube V3 API is already available, which can be used with open-source proxies like Squid. There are multiple bundled packages with Squid that already include such integrations. Please refer to WebSafety from Diladele and SafeSquid's integration for "https://docs.safesquid.com/wiki/Youtube_API_Integration_With_Safesquid_To_Allow_Specific_YouTube_Videos" for more information.
HTTPS Inspection should be enabled in SafeSquid. If not enabled, you can check our document ...
Importing SafeSquid SSL certificate into your browserWhen SafeSquid is installed in your network with HTTPS inspection enabled and SSL certificate not installed into the browser, then you will get an error while accessing the HTTPS websites. You have to install SafeSquid SSL certificate into the browsers.
Yuk (And I say that in a very positive way, Franco )