Hi
I have a network security problem which I could use a little help with. I'm not sure this is the right place but I'll give it a try anyway.
The company I work for has installed an ISA firewall in conjunction with Websense. As I understand it ISA is basically a glorfied proxy/packet sniffer. From what limited research I've managed to do on my own it appears that an ISA firewall totally compromises security on any network on which it is installed. It appears it even defeats SSL encryption using an 'SSL bridge' intercept mode. This works by all client requests to an SSL server being trapped by ISA which then sets up one SSL connection to the client and a separate SSL connection to the server, while it sits in the middle and conducts statefull packet inspection and logging in the middle.
Is my understanding of this situation correct? Would I be right in thinking this is a classic example of a 'man in the middle' attack?
If my understanding of the situation is correct what ways if any exist to secure web traffic in such a compromised environment?
My initial thoughts are that one way around this could be some sort of cgi style proxy using an internal non-SSL encryption mechanism. Eg I make/get a cgi module which I install on my own proxy server at home. From inside the corporate network I communicate with this proxy using plain http but the actual content of each transaction is encrypted in the body of each http request/response using a symetric key. I would install decryptor proxy on my workstation at work to handle the encrypting/decrypting and configure each proxy with a periodically changing symetric key.
I'm mostly an application developer and haven't done much web stuff but that doesn't seem too difficult. Is there anything available off the shelf that can already do this?