IDS mailing list archives
Re: How to monitor encrypted connections...
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Mon, 24 Sep 2007 20:16:00 +0200
abhicc285 () gmail com wrote:
If the traffic is encrypted then it IDS will first have to decrypt the traffic. The IDS will have the keys to decryopt the traffic.
Correct.
kind of design is certainly possible in HIPS where for SSL traffic keys can be uploaded,
Incorrect, in HOST intrusion prevention such artifice is not needed usually.
forward the traffic to exploit/vulnerability specific rules. However it will be computationaly expensive.
This is not really the problem. The problem is: do you really want to store all of your keys on another device. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- How to monitor encrypted connections... Jean-Pierre FORCIOLI (Sep 20)
- RE: How to monitor encrypted connections... Ofer Shezaf (Sep 24)
- RE: How to monitor encrypted connections... Leonardo Cavallari Militelli (Sep 25)
- RE: How to monitor encrypted connections... Ofer Shezaf (Sep 27)
- RE: How to monitor encrypted connections... Leonardo Cavallari Militelli (Sep 27)
- RE: How to monitor encrypted connections... Leonardo Cavallari Militelli (Sep 25)
- RE: How to monitor encrypted connections... Ofer Shezaf (Sep 24)
- RE: How to monitor encrypted connections... Srinivasa Addepalli (Sep 25)
- <Possible follow-ups>
- Re: How to monitor encrypted connections... proneetb (Sep 24)
- Re: How to monitor encrypted connections... abhicc285 (Sep 24)
- Re: How to monitor encrypted connections... Stefano Zanero (Sep 25)
- RE: How to monitor encrypted connections... Kevin Overcash (Sep 25)