Background: at work I work under Windows 10, we accordingly have a domain and everything that is supposed to, including installing root certificates from the organization.

Questions:

1.Can network administrators with such an installation of certificates control not only what my browser or other software is connecting to, but also the traffic that goes after the https connection is established?
2.Will Google Chrome, for example, notify me of this? Or will everything be as transparent as possible for me, as an end user?

1 Answers 1

1.They can.You install an intermediate certificate that signs all traffic.NG firewalls - read how they work.
2.No, everything is transparent.
  • Well, if I delete these certificates, can something break in terms of my network? Well, for example, I will cease to be able to log into the domain, that is, in fact I can’t log in to the system stupidly. – Naughty Narwhal Oct 22 '19 at 15:01
  • Naughty Narwhal, if they are installed through gpo, then even if you have the right to remove them from trusted ones, they will appear there again - for that they are Group Policy :-))) – Viking63 Oct 22 '19 at 16:14
  • Viking63, it’s understandable, but you know, if I have such rights, then I’m probably able to write a script that will clean them, for example) The question is whether something will fall off or not critical in terms of working with the system. – Naughty Narwhal Oct 22 '19 at 16:36
  • Naughty Narwhal, in principle, nothing should fall off if there is no enterprise cryptographic software on this computer – Viking63 Oct 22 '19 at 16:50
  • Naughty Narwhal, If you remove them, they will appear after a little time.
    And until they appear, you will not open all sites(https) on the Internet.
    – Panicky Plover Oct 22 '19 at 16:56
  • Panicky Plover,
    In the meantime, all sites(https) on the Internet will not open for you.
    - don’t say anything stupid, everything will open, but if MITM is used, warnings will go off
    – Viking63 Oct 22 '19 at 17:24
  • Viking63, Do you think it is difficult to include a rule on the conditional Palo Alto - everything that was not encrypted with our key is blocked? And how many admins will not do it? Let's start from realities, and not from a mythical horse in a vacuum. – Panicky Plover Oct 22 '19 at 18:09