Security Basics mailing list archives
Re: Checkpoint smart defance as IPS
From: Shreyas Zare <shreyas () secfence com>
Date: Mon, 7 Jun 2010 11:24:08 +0530
Hi Craig, On Mon, Jun 7, 2010 at 3:25 AM, Craig S Wright <craig.wright () information-defense com> wrote:
An RA is an internal CA, it is trusted by chaining. Please read up on this before making arbitrary comments. Yes, there is a cost to this and I have not commented on this as this will vary, but then a Checkpoint license is also a cost.
You talking about costs involved in the interception is exactly what my point is. To do the kind of attack, attacker needs quite a lot resources. You can do whatever necessary to prove a MITM attack for the challenge. Its not my concern, as far as I am concern, I am just a victim in this experiment. On Sun, May 30, 2010 at 2:40 AM, Craig S. Wright
This is blatantly false. IDS, IPS, Wireshark even all have SSL decryption capabilities. There is no requirement for a separate proxy.
You can use wireshark, no problem!
Again, SSL is perceived by many as secure. So what? Security is not perception. This is a point that you continue to miss. Again, SSL is about privacy, not security. Privacy can be a part of a security solution, but it is not security in itself.
SSL was designed to prevent eavesdropping and it works as designed. While there are many type of attack scenario possible, its still secure for use in e-commerce. It surely cant prevent users from social engineering or vulnerabilities in their browser implementation. Whatever point you put every time, I too know those technicalities. So instead of discussing it further, I would like you to prove your point with the practical experiment I had suggested. If there is something that I really didn't know or understand then it would be great thing for me and many people on the list reading this. As far as costs are concerned, you don't ask your victim to pay up for the attack. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Checkpoint smart defance as IPS, (continued)
- Re: Checkpoint smart defance as IPS Al MailingList (Jun 03)
- Re: Checkpoint smart defance as IPS Paul Johnston (Jun 07)
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Re: Checkpoint smart defance as IPS John Morrison (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 09)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 03)
- Certificate Authority Question Craig S. Wright (Jun 03)