Snort mailing list archives
Re: Encrypted sessions
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 28 Nov 2001 10:55:41 +1300
On Tue, Nov 27, 2001 at 01:13:57PM -0800, Erek Adams wrote:
On Tue, 27 Nov 2001, Ronneil Camara wrote:How does snort deal with encrypted communication. Let say, I would to monitor https connection to my web server or we've got an encrypted connection to other mail server. Would snort know about those attacks?Anyone else got a better way to play with encryption? I'm looking for new ideas!
Yup - don't encrypt it :-) Seriously, encryption is too hard to do on the fly - so MOVE THE PROBLEM. Terminate your SSL sessions on a reverse proxy (either commercial or Squid-2.5 for instance), and then it'll talk HTTP to the backend Web servers. Not only can your IDS detect attacks again, but you've moved an expensive task off your Web servers onto something specifically installed to do SSL... -- Cheers Jason Haar Information Security Manager Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Encrypted sessions Ronneil Camara (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Jason Haar (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 27)
- RE: Encrypted sessions Erek Adams (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 28)
- RE: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 28)
- <Possible follow-ups>
- Re: Encrypted sessions Mike Shaw (Nov 27)
- RE: Encrypted sessions Michael Aylor (Nov 27)
- Re: Encrypted sessions Fyodor (Nov 27)
- Encrypted sessions Michael Scheidell (Nov 27)
- RE: Encrypted sessions Ronneil Camara (Nov 27)
(Thread continues...)
- Re: Encrypted sessions Erek Adams (Nov 27)