Re: [Fed-Talk] Fed use of SSL Man-in-the-middle?
Re: [Fed-Talk] Fed use of SSL Man-in-the-middle?
- Subject: Re: [Fed-Talk] Fed use of SSL Man-in-the-middle?
- From: David Mueller <email@hidden>
- Date: Thu, 05 May 2011 11:18:18 -0700
- Thread-topic: [Fed-Talk] Fed use of SSL Man-in-the-middle?
On 5/5/11 11:02 AM, "Niels Olson" <email@hidden> wrote:
> What's the motivation to monitor personal email?
I can think of three reasons off the top of my head. All basically have to
do with bypassing the corporate email infrastructure and the services and
protections it provides.
1. Personal email bypasses company spam/antimalware services, so something
hostile that comes in via your personal email can infect your company system
and spread into your network.
2. Personal email bypasses the outgoing mail services which could
potentially be used to monitor outgoing mail for exfiltration of proprietary
data that shouldn't be released outside the organization.
3. Personal email bypasses incoming and outgoing mail servers which could be
archiving data due to legal or regulatory requirements to do so.
A great example of the third one is some talk this week about issues the
iPad is presenting with respect to the Presidential Records Act mandating
that official communications be archived. It seems to me that the iPad angle
is a red herring trying to get attention by pegging the issue to a popular
product; I see the issue as more general in that any use of personal email
accounts, regardless of the device, bypasses the automatic archiving
provided by the White House's email system.
http://thehill.com/blogs/hillicon-valley/technology/158965-ipad-presents-pro
blems-for-presidential-records-act
- David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden