Additionally, if you shut off HTTPS, you may impact those who are logging into SPAWAR and other government installations using secure OWA.
Mike > -----Original Message----- > From: Josh Glover [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 9:09 AM > To: [EMAIL PROTECTED] > Subject: Re: HTTPS Question > > [EMAIL PROTECTED] wrote: > > Hi All, > > > > I want to turn off HTTPS to prevent people on the network from shopping > at > > various sites at work. Anyone know of any vulnerability in doing so? > Will > > I kill something else that uses HTTPS that I haven't thought about? > > There are a few problems with this approach that occur to me: > > 1) Turning off HTTPS will not necessarily stop people from online > shopping, it will only prevent them from doing it securely. > 2) I can think of many legitimate uses of HTTPS that have nothing to do > with online shopping. Maybe these uses apply at your office, maybe not. > > A better solution would be a largely administrative one, namely, > creating a policy that forbids online shopping on the corporate network. > Then, you might start logging some outbound traffic (probably at your > firewall or proxy server), maybe HTTPS and some obvious ones, like > amazon.com or shopping.yahoo.com or ebay.com to see who is violating the > policy. Then, have HR deal with them. A much cleaner solution, from the > POV of a sysadmin. > > Make sure you talk this over with management, if you have not already. > > > -- > Josh Glover <[EMAIL PROTECTED]> > > Associate Systems Administrator > INCOGEN, Inc.
