Re: Encrypted sessions

[Jason Haar <Jason.Haar () trimble co nz>]

On Tue, Nov 27, 2001 at 01:13:57PM -0800, Erek Adams wrote:
> On Tue, 27 Nov 2001, Ronneil Camara wrote:
>
> > How does snort deal with encrypted communication. Let say, I would to
> > monitor https connection to my web server or we've got an encrypted
> > connection to other mail server. Would snort know about those attacks?
>
> Anyone else got a better way to play with encryption?  I'm looking for new
> ideas!

Yup - don't encrypt it :-)

Seriously, encryption is too hard to do on the fly - so MOVE THE PROBLEM.
Terminate your SSL sessions on a reverse proxy (either commercial or
Squid-2.5 for instance), and then it'll talk HTTP to the backend Web servers.

Not only can your IDS detect attacks again, but you've moved an expensive
task off your Web servers onto something specifically installed to do SSL...


-- 
Cheers

Jason Haar

Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users