0

Like many people I work within a company that deals with internet access of its employees by providing a proxy server.

Although i got the idea that a https session encrypts, from peer to peer, all the traffic between my browser and the server at the end, I have been told by one of our sysadmin that all my https connections are somehow « deconstructed » or « unravelled » by the corporate ssl proxy. And, by this way, consequently, my employer could easily see and read all my web access including all my https sessions.

Is it true? °_°

user2160279
  • 1
  • Also [Is it possible for corporation to intercept and decrypt SSL/TLS traffic?](http://security.stackexchange.com/questions/101721/is-it-possible-for-corporation-to-intercept-and-decrypt-ssl-tls-traffic), [Does https prevent man in the middle attacks by proxy server?](http://security.stackexchange.com/questions/8145/does-https-prevent-man-in-the-middle-attacks-by-proxy-server) and some more. – Steffen Ullrich Nov 13 '16 at 17:55

1 Answers1

0

While I can't say if it it is exactly true in your situation, it is definitely possible and probably likely given your IT guy said it is.

A guess would be all machines in your network have a trusted certificate installed that allows your corporate proxy to MitM your TLS connections. Essentially, you are connecting to the proxy securely and since you trust the proxy's certificate it doesn't alert you. The proxy then connects to the outside normally.

Reasons this is useful to the company are substantial. They can now be aware of ALL traffic passing through their network and it makes it easier to spot malicious activity. That or otherwise unauthorized activity (porn, drugs, etc.).

This question comes up a lot in regards to privacy. Just remember the company OWNS the network. Don't browse personally on it.

d1str0
  • 2,348
  • 14
  • 24