IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to monitor encrypted connections...

From: proneetb () redback com
Date: 20 Sep 2007 17:21:29 -0000
Hi Jean,
  The IDS/IPS typically have no visibility into encrypted traffic. This 
is because most IDS/IPS solutions are built around deep packet 
inspection(DPI)
  technology and application intelligence/identification technologies 
both of which fail when the traffic is encrypted. However, there are IPS
  solutions from vendors which can work on the encrypted traffic. These 
vendors would request the admin to enter the certificates/keys which are
  being used for encryption into the device management console/software. 
When encrypted traffic reaches these devices,these would behave like a
  proxy in the middle which will decrypt all the traffic, analyze it for 
intrusion signatures and then encrypt it again before forwarding.

Regards
Proneet.

-------------
The surest way to corrupt a youth is to instruct him to hold in higher esteem those who think alike than those who 
think differently

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: