SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

make Sophos Endpoint updates by WebCID possible over HTTPS

Please make it possible to use HTTPS for WebCID updates of the product Sophos Endpoint Protection. Now only HTTP is possible, this is undesirable because authentication details (credentials) are being sent over the internet in plain text.

31 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    William de VosWilliam de Vos shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Austin BrashearAustin Brashear commented  ·   ·  Flag as inappropriate

        Please allow us to update over HTTPS. A security product pulling definitions and binaries over the Internet via HTTP is laughable.

      • MalcolmMalcolm commented  ·   ·  Flag as inappropriate

        This has been unresolved since at least 2009. Needs implementing, at least as an option. That way those that want it, get it. Those that don't can just ignore it.

      • Brian WeirichBrian Weirich commented  ·   ·  Flag as inappropriate

        How is lacking this feature even remotely acceptable to Sophos staff? In the event of having a traveling employee (and these types often need access to sensitive data) we have to create another security hole, whose credentials are easily captured, ensure that account is sufficiently restricted, manage password changes of that account, and monitor the network for intrusions from that account all because Sophos--a security company--hasn't caught up with what should be BASIC to even remotely sensitive data going over the web. Besides being an inconvenience to organizations that take their security seriously, it is just plain foolish. Please implement this.

      • Paul MattiasPaul Mattias commented  ·   ·  Flag as inappropriate

        Please allow HTTPS updates for access from computers outside the Enterprise. In order to be compliant with our Sophos agreement regarding one home use installation client we needed to install a SUM in our DMZ. We use the client's AD account to determine if they can access the SUM. That way if a client's account it terminated, they can no longer receive updates. However, we are concerned with the transmission of the client plain text credentials over HTTP as anyone monitoring the line can capture that information. Please allow this feature soon!

        Thank you

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.