02-25-2016 07:54 PM
We've been having some issues with websites like DropBox, Hightail etc since configuring SSL Decryption. I believe this relates to a security technique called "Certificate Pinning". I've resolved the issue by adding the "Online Storage & Backup" URL category into a no-decrypt policy but it concerns me that opening up the entire category is a risk and could result in unwanted content entering our network.
We have a large number of suppliers who send product related files to us using applications like DropBox but because they don't use a common platform these files can come from a number of different file sharing sites. This makes it tricky to use a custom URL category. Additionally there are a high number of internal users who need to access the files for download. So restricting access down to a select few isn't going to work.
I'd like to find out if others have had this issue and how they mitigated the risk. I don't think I'm going to be able to eliminate the risk but if I can reduce it then I will be much happier.
I'm still only fairly new to PA's so maybe just my inexperience is not allowing me to resolve this.
Appreciate anyone's thoughts!
Thanks!
