I work for a large consulting company, and I have been implementing a security tool from a security vendor, which is a cloud proxy for all user traffic. It will perform malware scanning and filtering of all web traffic. It works by enforcing a proxy autoconfiguration file to redirect HTTP/HTTPS traffic to one of the vendors global data centers. We, of course, need to deploy certificates to each workstation in order to proxy HTTPS traffic and perform the MITM for malware scanning.
My question: how is this different from Superfish installing a root cert? I've been reading about how the private key for Superfish is stored on the machine. I assume corporate MITM attacks do not have this same vulnerability, but how does the architecture work differently in a corporate environment?
Aucun commentaire:
Enregistrer un commentaire