Untrusted connection warning on work pc

iviv

iviv

iviv

Soldato
Joined
2 Jun 2007
Posts
6,839
Location
Mornington Crescent
Just a little background first. At work we are allowed to use our computers as we like within reason. Everyone has windows 7 and accounts which let them install any software they like. Equally we are allowed to browse the net over lunch, and so on.

Today, Firefox has suddenly started reporting every https page I try to visit as being an untrusted connection. This even includes places like Google. Viewing the certificate that the site is apparently providing shows a certificate from Cyberoam SSL.

Doing a little search, this seems to be something which lists my company (or specifically their outsourced IT department to intercept all my traffic? This doesn't affect me too much, though I had been using my computer to check my bank account and emails which I think I will be stopping now.

Does anyone else know more about this service? Just curious as to how it works and what exactly it can allow.
 
Does sound like you're connection is going through a proxy with SSL decryption/inspection capabilites.. mainly for user accounting purposes & preventing proxy avoidance via SSL portals

We used to run a similar proxy server at work, but eventually removed that capability as the management decided they weren't happy with the potential to observe private browsing (e.g. banking etc...)

Potentially it can allow the IT department (or whoever controls the proxy server) to see any SSL based web traffic, I personally would query this
 
Yup it's an SSL proxy, performs a 'legit' (legit as in your company intend it to happen) man in the middle attack so that it can view the SSL traffic to do it's job.

What your company should have done is install the Cyberoam cert in your browsers so it doesn't do this all the time.
 
Funny thing is, it's been installed in chrome, IE and Firefox, but Firefox was the only one that has gone 'Woah, what's going on here'. Checking the certs for Google in IE and chrome it shows Cyberoam.

Thanks for your help guys. Back to my phone for anything requiring a secure connection.
 
iviv said:
Funny thing is, it's been installed in chrome, IE and Firefox, but Firefox was the only one that has gone 'Woah, what's going on here'. Checking the certs for Google in IE and chrome it shows Cyberoam
Click to expand...

Why is it giving the untrusted warning, whats the reason it gives?

Is it that it doesn't trust the cyberoam cert (in which case they haven't installed it in the client browsers), or that the name on the cert doesn't match the domain visited?
 
Ev0 said:
Why is it giving the untrusted warning, whats the reason it gives?

Is it that it doesn't trust the cyberoam cert (in which case they haven't installed it in the client browsers), or that the name on the cert doesn't match the domain visited?
Click to expand...

The certificate is not trusted because the issuer certificate is not trusted.
Error code : sec_error_untrusted_issuer

Yes, as mentioned above I could speak with IT and they will fix whatever it is that it's causing the error (and indeed I will) , I'm just curious about what exactly it is they are trying to do and what they will be able to do/see with it.
 
That means they haven't installed the cert within everyone's browser, not very clever of them!

And it means the devices can see the content of the traffic going through them even if it's an SSL connection.
 
When you say content, do you mean just the website I visit, or if I check my email for example would they be able to see the emails I'm reading? Ditto if I'm checking my bank statement?
 
Huh, just had a couple of people in the office come to me complaining they couldn't access the Internet properly on their tablets. Had a look, they are getting the untrusted certificate error as well, so looks like it's a blanket thing across the network.

Out of interest, since I'm the guy who knows about IT in the office, what should I tell them? If they allow the certificate then the company will be able to see everything they do in plaintext, which will include all their passwords and everything else that they do while on the work network?
 
iviv said:
When you say content, do you mean just the website I visit, or if I check my email for example would they be able to see the emails I'm reading? Ditto if I'm checking my bank statement?
Click to expand...

I mean the content of all all the traffic/requests.

iviv said:
Huh, just had a couple of people in the office come to me complaining they couldn't access the Internet properly on their tablets. Had a look, they are getting the untrusted certificate error as well, so looks like it's a blanket thing across the network.

Out of interest, since I'm the guy who knows about IT in the office, what should I tell them? If they allow the certificate then the company will be able to see everything they do in plaintext, which will include all their passwords and everything else that they do while on the work network?
Click to expand...

As has been said, raise it with your IT dept, they should be informing the users as to what's happening.

Now I've not used the Cyberoam devices before so couldn't comment, but just because the device can see the unencrypted traffic doesn't necessarily mean all your IT guys can go looking at it (although am guessing it's there in a log or something).

Also if passwords are hashed etc then whilst in plain text they won't directly see the password, just it's hash which will then have to be cracked to get an actual password.
 
Apparently it's just an anti virus measure since one of the machines in the office got infected, started sending out spam emails and got our domain blacklisted :o
Seems a little extreme, but there you go.
 
Well that's the reason I'd be deploying SSL inspection on a network if I wanted to, not for accounting/proxy avoidance purposes, but for spotting nefarious traffic outbound from the network ;)

Although if they are at least monitoring network flow then they should be able to see where things are connecting too even when over SSL, using IP reputation data for known botnets etc would go some way to helping but you still wouldn't see the actual traffic as that would be encrypted.
 
You must log in or register to reply here.
Back
Top Bottom