IDS mailing list archives

Re: How to monitor encrypted connections...

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Wed, 03 Oct 2007 11:07:39 +0200

abhicc285 () gmail com wrote:

Abhi: ---  Please correct me, as per my understanding the HIPS will be executing rules at IP layer


An HOST intrusion prevention system is, by definition, something which
works on the host, looking at the operating system, applications, and
their interactions.

An IPS which works on IP packets on a single host is at most a personal
firewall.

Abhi: HIPS will be executing on the same host as the application. So i think for  HIPS there is no concept of storing 
keys in other device.


Nor it will have any problem of decryption.

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Re: Re: How to monitor encrypted connections... abhicc285 (Oct 01)
- Re: How to monitor encrypted connections... Stefano Zanero (Oct 03)
- <Possible follow-ups>
- Re: How to monitor encrypted connections... crazy frog crazy frog (Oct 01)