topic Re: ISEE and HTTPS 'CONNECT' method in Insight Remote Security

ISEE and HTTPS 'CONNECT' method

Domenico Viggiani — Tue, 11 Jan 2005 08:25:16 GMT

I'm currently using ISEE through a Squid proxy but I recently discovered that it uses HTTPS 'CONNECT' method to encapsulate its data.
This method is known to have security issue: setting up a tunnel with an external server, an internal user could use virtually any type of programs (IM, P2P, etc). In fact, many http-tunnelling-through-CONNECT programs exist (for instance, hopster).

Any suggestion?

Re: ISEE and HTTPS 'CONNECT' method

LisaW — Fri, 14 Jan 2005 12:26:24 GMT

Domenico,

Not positive what your question is but you are correct, the transport is secure http for the advanced configuration which sets up an authenticated/encrypted tunnel between the client system and HP's ISEE system.
There are security white papers as well as other useful information that may answer many of your questions at www.hp.com/go/instantsupport.

Lisa Williams,
HP ISEE