[EMAIL PROTECTED] wrote: > Hi All, > > I want to turn off HTTPS to prevent people on the network from shopping at > various sites at work. Anyone know of any vulnerability in doing so? Will > I kill something else that uses HTTPS that I haven't thought about?
There are a few problems with this approach that occur to me: 1) Turning off HTTPS will not necessarily stop people from online shopping, it will only prevent them from doing it securely. 2) I can think of many legitimate uses of HTTPS that have nothing to do with online shopping. Maybe these uses apply at your office, maybe not. A better solution would be a largely administrative one, namely, creating a policy that forbids online shopping on the corporate network. Then, you might start logging some outbound traffic (probably at your firewall or proxy server), maybe HTTPS and some obvious ones, like amazon.com or shopping.yahoo.com or ebay.com to see who is violating the policy. Then, have HR deal with them. A much cleaner solution, from the POV of a sysadmin. Make sure you talk this over with management, if you have not already. -- Josh Glover <[EMAIL PROTECTED]> Associate Systems Administrator INCOGEN, Inc.
