On Thu, Feb 16, 2017 at 12:35 PM, Adrien de Croy <adrien@qbik.com> wrote: > > Hi Tom > > the predominant use-cases are as follows. > > 1. A corporation, with many employees with computers and internet access. > The employer doesn't want the employees spending all day on facebook, > youtube, or other sites, unless it's the customer-support / social media > department. > > 2. A school which doesn't want students surfing porn > > In all these cases, you have the issue of many computers, and a single > policy. To block in the browser requires several things, a centralised > management of the policy, disseminated to the browserm some way of securing > this so the users don't disable it etc. > Many browsers provide enterprise management functionality for exactly this sort of use case. > If on the other hand you intercept outbound connections, and force them > through a proxy, or require use of a proxy for internet access, you can > enforce the policy in a place that's removed from the users. > > Other features like a shared cache, AV scanning etc are also commonly used. > > Also, there are products that provide categorization of sites. If you > wanted to allow all sites except porn sites, and to block that in a > browser, you would need to know what all the porn sites are. > > There are products that track this, but they are expensive, have a large > resource footprint etc. You can't be running this on every endpoint. > > So central control is required, and this is a proxy. > Many enterprises go this route of using a proxy that mints certificates and MITMs the connection to enforce policy.
Received on Thursday, 16 February 2017 21:53:06 UTC