Vulnerability Development mailing list archives
Re: IDS&SSL - some thoughs perhaps
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Tue, 5 Sep 2000 10:41:36 +0800
I think that it's not worth all that trouble to try to use network based IDS when stuff is encrypted. Focus on running stuff that is secure in the first place - I know that's not always easy, but to me that is an easier and better solution then trying to get your IDS to see encrypted traffic. If you use protocols/architectures that let your IDS see the traffic it arguably creates a worse security situation. It'll be more and more difficult to use conventional network based IDS for many reasons: 1) switches - high speed point to point traffic. 2) higher and higher speeds. 3) encryption becoming more widespread, and being used at the very places people want to attack. Writing CGI scripts that are difficult to exploit isn't that hard if you start off on the right foot, and keep in mind the usual rules - filter everything that comes in to your program, filter everything that leaves your program to suit the stuff that will receive it (database, browser, user, etc), always assume that your input can and will be tampered with and so take the necessary precautions (javascript checks are just for user convenience (and to let the web artist show off ;) ) ). Get the architecture and design right first. And use tools/languages which you know you yourself can and will code safely in. Cheerio, Link. At 11:53 AM 04-09-2000 +0200, Roelof Temmingh wrote:
All, Some days ago i wrote to ask your opinion on SSL and IDS. I do understand
that
encryption and IDS does not fit together well - i was looking at
understanding
just to solve the web problem - exploiting CGI scripts and the likes.
Current thread:
- IDS&SSL - some thoughs perhaps Roelof Temmingh (Sep 04)
- <Possible follow-ups>
- Re: IDS&SSL - some thoughs perhaps Lincoln Yeoh (Sep 04)