Vulnerability Development mailing list archives
Re: SSL & IDS
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 3 Sep 2000 20:35:53 +0200
That's interesting... because I'm seeing a lot of people get excited about load balancers from a variety of vendors, and terminating the SSL at some SSL acceleration HW on the load balancer and having
IMHO, designers must carefully verify that: 1. nothing except the webserver (and possibly an IDS) recieves the unencrypted data. [place them in the same room sounds like the best idea] 2. that there is no way to fool or by misstake access the same webserver without the use of ssl. Alas, https://secured.example.com shouldn't be possible to access as http://secure.example.com. If those requirements are met, I can't name one mayor disadvantage by the setup. Come to think of it, is anyone aware of any attempts to take an hardware accelerator (the ones which works as add-on PCI cards) and use them to speed up SSL processing in an IDS? If implemented correctly, the IDS should be able to do crypto-things far beyond any software based solution... ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
- Re: SSL & IDS Inno Eroraha (Sep 01)
- Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Dragos Ruiu (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
- Re: SSL & IDS Pluto (Sep 08)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS J Edgar Hoover (Sep 01)