Re: ids detect malicious encrypted data?

[Ivan Hernandez <ivan.hernandez () globalsis com ar>]

There is an old dirty solution for SSL webservers. You put your 
unencrypted webserver behind a reverse HTTPS proxy. Then you have 
encrypted traffic between clients and your server and unencrypted 
traffic behind you reverse proxy, so you can analyze with a NIDS (Snort 
is a good choice).

HTTPS Client              HTTP Server + NIDS
==============           =====================
           |_____________|
            Reverse Proxy
            HTTPS<=> HTTP

Ivan Hernandez

Lau Ker Chea wrote:

>         i just start doing some research in ids field. may i
> know whether majority of the today's nids can detect
> malicious encypted data since from the article that i
> had read, early nids still face this problem. 
>
> all opinion will be appreciated by me
> sincerely..thanks!
>
> chea 
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
>
> -----------------------------------------------------------
> Does your IDS have Intelligent Attack Profiling?
> If not, see what you're missing.
> Download a free 15-day trial of StillSecure Border Guard.
> http://www.securityfocus.com/stillsecure




-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>