"Powercat" <powercat@verizon.net> (07-04-01 07:15:58):

> Hello I hope someone will take the time to answer my question. I'm
> with a contractor inside someone else's facility. The facility allows
> us to use their computers for internet access to our headquarters. We
> communicate with HQ via browser-based sessions ("webmail") and this is
> via SSL (https) connections. Sometimes we transmit documents (Word,
> PDF, etc) attachments using webmail during these SSL sessions.

Depends on the endpoints of the SSL connection. If the endpoint is the
proxy server, then be aware that they can read everything. SSL protects
the connection, not the data. It makes sure that nobody is listening,
and it makes sure that you are really talking to the person you've been
intended to talk to.

Protecting the data itself would mean encrypting and authenticating it,
which should be done independently of SSL.


> All of this flows through the facility's proxy servers. They have
> several "detective" programs running.

If your endpoint is your HQ server, then there is still the possibility
that they can read everything. This happens, if the SSL connection is
not authenticated. The HQ server should have either a validated
certificate (i.e. signed by a trustcenter) or a known certificate
(i.e. self-signed, but the other party has a copy of the certificate).


> We don't have anything to hide but I'm wondering how much of this they
> can see???
>
> I do get "intrusion detected" messages but we think that's because the
> IP address of the computer I use is different than the IP address of
> the proxy machine -- if I enable local cookies for authentication this
> goes away.

No. This is really an intrusion. The proxy server tries to break the
SSL connections with an MITM attack. Otherwise you wouldn't get a
warning at all.


Regards,
Ertugrul Söylemez.


--
From the fact that this CGI program has been written in Haskell, it
follows naturally that this CGI program is perfectly secure.