Vulnerability Development mailing list archives
Re: SSL & IDS
From: Ed Padin <epadin () WAGWEB COM>
Date: Fri, 1 Sep 2000 11:34:10 -0400
I don't know of any IDS systems that can decode SSL traffic on the fly. An IDS just a smarter network sniffer. SSL and other encrypted protocols are used to prevent network sniffers from gleaning any information from network traffic. If there was an IDS that could read SSL traffic then SSL would be a joke. Then only way I could think of using an IDS to monitor SSL connections is to use a dedicated SSL wrapper that would establish the SSL session and then forward the plain text protocol to another server. The IDS can then monitor the traffic as it leaves the SSL wrapper. This can all take place inside a physically and logically secured DMZ (well, as secure as you can make it, anyway.)
-----Original Message----- From: Roelof Temmingh [mailto:roelof () SENSEPOST COM] Sent: Thursday, August 31, 2000 12:24 PM To: VULN-DEV () SECURITYFOCUS COM Subject: SSL & IDS All, I am working on an article-thingy, and while writing I stumbled across this: IDS & SSL does not work together well...wow! (this was a joke). Even if you put an IDS on the same platform as the webserver it would not work. How should this be addressed? Is it addressed in some way by the ppl on the IDS mailling list? I did a -=very=- quick search for SSL and IDS and didnt really get anything. I have some ideas of how one can try to solve it, but I dont want to barge into other ppl's territory. Yeah, I know .. its prolly not the best list for the discussion. Regards, Roelof. ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof () sensepost com +27 83 448 6996 http://www.sensepost.com
Current thread:
- Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
- Re: SSL & IDS Inno Eroraha (Sep 01)
- Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Dragos Ruiu (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
- Re: SSL & IDS Pluto (Sep 08)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Benjamin P. Grubin (Sep 05)