Re: SSL Inspection

["Kumarswamy H N (kumhn)" <kumhn () cisco com>]

Snort with ssl preproc can "detect" when ssl traffic finishes handshake and goes encrypted; i.e any anomalies during  
SSL handshake.   But once it encrypted, snort doesn’t do any inspection of encrypted traffic. It doesn’t have a 
built-in SSL decryptor.

However you may want to try out commercialized Cisco firepower/NGFW which provides best of snort functionality coupled 
with SSL inspection.

Regards,
Kumar

From: Shy It [mailto:itshyc () gmail com]
Sent: Monday, May 02, 2016 6:40 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] SSL Inspection

Hello,

I am in the process of looking at commercial solutions that will do IPS/IDS.  After looking at these solutions and how 
they sniff traffic I am concerned that they will not capture everything unless I do some type of SSL inspection.  
Before diving in with a commercial solution I figure I'll give snort a try.  How is the SNORT community getting full 
functionality if they are not implementing with SSL inspection?

Lastly, has SNORT reduced incidents of crypto in your environment?

Thank You

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!