IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to monitor encrypted connections...

From: abhicc285 () gmail com
Date: 21 Sep 2007 11:05:05 -0000

If the traffic is encrypted then it IDS will first have to decrypt the traffic. The IDS will have the keys to decryopt 
the traffic. This kind of design is certainly possible in HIPS where for SSL traffic keys can be uploaded, IPS will 
first decrypt the trafic and then forward  the traffic to exploit/vulnerability specific rules. However it will be 
computationaly expensive. 



Still working on my IDS/IPS project...
When browsing some IDS/IPS vendors' datasheets, >I noticed that some of them
claimed being able to monitor encrypted traffic.
Could someone provide me with some insight on >what is currently
possible (and already
implemented) and what are the eventual limita...



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: