IDS mailing list archives
Re: IDS, IPS and encrypted traffic
From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Tue, 07 Dec 2004 09:58:36 +0000
--On 03 December 2004 04:50 +0800 neil () slampt net wrote:
Have you looked at the Mcafee Intrushield product? The latest version of the sensor software has the ability to load SSL keys and then decrypt/inspect the traffic in realtime.
To clarify; the idea behind this is that you load the NIDS with the private keys for any SSL servers that *you* administer, then the NIDS is able to decrypt and examine the content of sessions established with those servers (i.e. looking for SQL injection attacks and the like).
This is useful in its own right, but it is not a general-purpose technology for inspecting /all/ encrypted sessions, or even all HTTPS/SSL sessions.
Regards Neil Archibald
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- IDS, IPS and encrypted traffic Daniel Hamburg (Dec 02)
- Re: IDS, IPS and encrypted traffic neil (Dec 02)
- Re: IDS, IPS and encrypted traffic Alex Butcher, ISC/ISYS (Dec 07)
- Re: IDS, IPS and encrypted traffic Jet (Dec 03)
- Re: IDS, IPS and encrypted traffic Brad Boeckmann (Dec 03)
- Re: IDS, IPS and encrypted traffic Alexander Klimov (Dec 06)
- Re: IDS, IPS and encrypted traffic Jose Maria Lopez (Dec 07)
- <Possible follow-ups>
- RE: IDS, IPS and encrypted traffic Eric McCarty (Dec 02)
- Re: IDS, IPS and encrypted traffic neil (Dec 02)