cancel
Showing results for 
Search instead for 
Did you mean: 
itsec
Level 7
Report Inappropriate Content
Message 1 of 3

Privacy Laws & SSL Scanning

Hi,

I'm currently working on a global implementation of v7.3 and would like to find out more about how SSL Scanning satisfies various countries privacy laws.

Does anyone have any whitepapers/ recommended settings etc?  Or am I better off speaking to our commercial ISR?

I found an older article which describes webwasher SSL so I'm presuming that there's not much difference with the newer version however it doesn't give much depth.

There are some other posts on the subject such as whitelisting banking/ finance etc

See these links:

https://community.mcafee.com/message/151408#151408

http://jonsnetwork.com/2007/04/how-to-solve-the-ssl-security-problem-using-webwasher-jons-network-po...

But other than that I've not found much.

Thanks

2 Replies
btlyric
Level 12
Report Inappropriate Content
Message 2 of 3

Re: Privacy Laws & SSL Scanning

Caveat: I am not a lawyer.

SSL Scanning in and of itself doesn't satisfy any privacy laws.

How you configure it + your corporate policies may or may not satisfy your local/global privacy laws.

If you are going to implement SSL interception, I recommend having a very explicit corporate Acceptable Use Policy that states that all transactions on the network are monitored and logged and ensure that all employees have accepted that AUP as well as a plan and/or policies as to how the decrypted data will be handled/used and have approval/buy-in from your Legal department/corporate counsel.

Web Gateway itself can be configured to bypass SSL interception for specific categories, specific destinations, specific sources, etc.

You could do a Google search for the legal ramifications or implications of SSL interception to get a better feel for what you're looking at, but ultimately if this is a global deployment, the legal aspects need to be examined for each location and that's where the Legal department/corporate counsel/other legal resources come into play

itsec
Level 7
Report Inappropriate Content
Message 3 of 3

Re: Privacy Laws & SSL Scanning

thanks, will pass the buck then to the legal eagles!

Cound't really find much legal info on ssl interception on the net.

Cheers

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community