SSL decryption on Cisco Ironport & Firefox CA management

If you decide to terminate SSL on your proxy (such as Cisco Ironport, for instance) to check your traffic for viruses and/or DLP puposes (which I highly recommend otherwise you do leave a huge hole in your security perimeter) you will face a need to distribute Ironport’s self signed certificate within your organization. It is not a problem for IE and Chrome where you can simply roll the certificate out using AD Group Policy but if you’re using Firefox you have a problem.

These guys do not bother to include any management tools to maintain their lovely browser (no sarcasm – it’s realy good :)) in enterprise. Moreover they decided to be clever and implemented they own CA management. Long story short you need to use their own certutil.exe from NSS package to automate certificate rollout. Bad news is that they do not provide binaries and suggest you to compile your own ones! Clever move… why?!..

Alternatively, if you want to make your life simpler and do not care about certificates your users might have already installed in their Firefoxes you may simply import the certificate on one machine and then distribute  resulting cert8.db (overwriting those already installed).

REGEX for credit cards

Pretty useful stuff for DLP & PCI DSS purposes:

• VISA cards: ^4[0-9]{12}(?:[0-9]{3})?$
• Mastercard: ^5[1-5][0-9]{14}$
• American Express: ^3[47][0-9]{13}$
• Diners Club: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$
• Discover: ^6(?:011|5[0-9]{2})[0-9]{12}$
• JCB: ^(?:2131|1800|35\d{3})\d{11}$

Read more…