IDS mailing list archives

Re: IDS, IPS and encrypted traffic

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Tue, 07 Dec 2004 09:58:36 +0000



--On 03 December 2004 04:50 +0800 neil () slampt net wrote:

Have you looked at the Mcafee Intrushield product?
The latest version of the sensor software has the ability to load SSL
keys and  then decrypt/inspect the traffic in realtime.

To clarify; the idea behind this is that you load the NIDS with the privatekeys for any SSL servers that *you* administer, then the NIDS is able todecrypt and examine the content of sessions established with those servers(i.e. looking for SQL injection attacks and the like).

This is useful in its own right, but it is not a general-purpose technologyfor inspecting /all/ encrypted sessions, or even all HTTPS/SSL sessions.

Regards
Neil Archibald


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing it with real-world attacks fromCORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

--------------------------------------------------------------------------

Current thread:

IDS, IPS and encrypted traffic Daniel Hamburg (Dec 02)
- Re: IDS, IPS and encrypted traffic neil (Dec 02)
  - Re: IDS, IPS and encrypted traffic Alex Butcher, ISC/ISYS (Dec 07)
- Re: IDS, IPS and encrypted traffic Jet (Dec 03)
- Re: IDS, IPS and encrypted traffic Brad Boeckmann (Dec 03)
- Re: IDS, IPS and encrypted traffic Alexander Klimov (Dec 06)
- Re: IDS, IPS and encrypted traffic Jose Maria Lopez (Dec 07)
- <Possible follow-ups>
- RE: IDS, IPS and encrypted traffic Eric McCarty (Dec 02)