Re: The Ultimate Upgrade
A poor workman, blaming his tools once 1985.
1506 posts • joined 1 Mar 2013
Can't rely on users to use common sense so my shoppe uses Microsoft ATP Safelinks to rewrite URLs in emails so they are checked in real time when the luser clicks on them. If Safelinks doesn't catch it, all Internet traffic is passed via ZScaler cloud proxy with filtering of d/l content. If that fails Bitlocker on Windows should block unknown .exe from running, and users login with an unprivileged account of course.
My company uses Zscaler cloud proxy and we dropped a cert onto every PC so the SSL break/inspect doesn't cause a problem. But when you look at the info on every HTTPS session its the Zscaler cert which is shown, confirming the man in the middle is operating.
I assume end points could be compromised so that plausible certs can be inserted for any protocol using SSL/TLS, allowing transparent bresk/inspect, topped off with PAC file/DNS jiggery pockery to direct all traffic to GCHQ.
Any centrally negotiated contracts will flounder for the same reasons at the Police ICT Company as for its ill-fated predecessors of NPIA and PITO.
The 43 county forces will simply wait to the supplier's quarter end/year end and then negotiate a price which uses the central contract as the starting point for price. Commission driven salespeeps will always be happy to do a deal based on guaranteed units with approved funding.
NB the HO wheeze which sold off Airwave was dodgy af. Don't ask me how I know!
Maybe this is a task for the new head of the GDS to tackle?
"Victim of crime - report it online!"
"Abused because of race - added to our NoSQL database!"
"Loved one in a shroud - our systems are in the cloud!"
"Sexually harassed - we're agile to fail fast!"
"Hope the police will hasten - our devs are using JSON!"
Biting the hand that feeds IT © 1998–2019