Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
536 Views 2 Replies Latest reply: Dec 12, 2012 9:40 PM by btlyric RSS
btlyric Apprentice 184 posts since
Aug 1, 2012
Currently Being Moderated

Dec 9, 2012 10:33 PM

Certificate Issues, Coaching and PD Storage

Does anyone have any sample rule sets and/or know if the following is possible?

 

- User hits a new site that presents a certificate with an error (self-signed, expired, untrusted/unknown CA)

- User is presented with a coaching page that explains what's wrong with the certificate and is given the option to continue

- Certificate hash is stored in PD Storage User for X period of time

- If user returns to a page that presents the same certificate within the permitted period of time, they are not re-prompted

- If user goes to another page that has the same certificate issue (another self-signed certificate, for example), they are re-prompted as to whether they want to continue and that certificate hash is also stored

 

What I'm trying to do is return the decision of whether or not to proceed to the client.

 

I know that I can do coaching for specific certificate issues, but if I set a coaching period of time for a specific certificate issue, that will mean that any sites that exhibit the same issue will be permitted during the coaching activation period.

 

It seems to me that there ought to be a way to store info about specific certificates that have been "okayed" by the client and use that information to determine if the certificate has been previously "okayed" or if a new Continue page should be presented.

 

Message was edited by: btlyric on 12/9/12 10:33:28 PM CST
  • Jon Scholten McAfee SME 857 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Dec 11, 2012 5:48 PM (in response to btlyric)
    Re: Certificate Issues, Coaching and PD Storage

    Yo btlyric,

     

    I think this sounds possible, although I'm not sure of the performance issues that could be incurred as a result of PDstorage (it strongly depending on how it is evaluated could be intensive in the IO department).

     

    If you were to implement this you would probably maintain two PDstorage containers (to keep PDstorage usage to a minimum), one to indicate that the user has information in data-storage (this would reduce a lot of IO potentially) and another with the actual data-storage.

     

    The data-storage would contain information about the sites that the user has acknowledged for overriding (such as the certificate serial #). Then when certificate verification takes place you would have a rule to A) check if the user has data in the storage, and B) check what information is in storage, then allow based on the certificate serial number.

     

    Unfortunatley I'm a bit time crunched to mock this up.

     

    Best,

    Jon

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points