IDS mailing list archives
RE: IDS & encryption
From: "Brito, Nelson (ISS Brazil)" <nbrito () iss net>
Date: Wed, 29 Oct 2003 21:05:30 -0200
Warning: My ideas represents only my own opinions, neither my Employer's opinions nor the company's opinions.
AFAIK, so far some common approaches have been: * Using HIDS to complement NIDS in encrypted traffic situations.
This is the most used in the market.
* Placing the encryption keys in the IDS (any known products that do that??).
I don't know if any IDS company do that thing, especially because it'll consume average resources that could be used by analysis instead of decrypt process. The HIDS solution works, almost all time, with the data that was already decrypted by the OS (layer 3) or the application (layer 5).
* Using a "clear-text DMZ" between 2 VPN firewalls for VPN traffic.
That's used for a no-critical cases. It's an 1:1 case.
Any other approaches that I must know of? Can any of you point to interesting references in this direction?
Yes. The use of an all-in-one solution, where you have FW, VPN Concentrator and IPM (Intrusion Prevention Module) in one box. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- RE: IDS & encryption Brito, Nelson (ISS Brazil) (Nov 03)