Vulnerability Development mailing list archives
Re: SSL & IDS
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Thu, 31 Aug 2000 23:37:32 +0200
Hmmm, I think it does work, but only in a very, very specific case. Some
of the SSL hardware speedup thingys ("crypto accelerators") are basicly a
box which works like this:
internet (ethernet & https)
I /I\
I I
\I/ I
crypto accelerator
I /I\
I I
\I/ I
unencrypted DMZ (ethernet & http, no https)
then this DMZ could be IDS'ed. At least that was the *impression* I got
reading a rather untechnical document about some of the accelerators a
while ago. (most of these accelerators are however add-on PCI cards which
does keygeneration, RSA mathemetics etc. That kind of accelerators
obviously doesn't make the IDS' job any easier)
But in the general case, no it's a problem. I remember reading about this,
very unsure where {guessing the cryptography ml, or maybe the ukcrypto ml,
try searching marc)... There was some talk about having an IDS knowing SSL
or VPN keys in order to improve attack & intruder detection, but the
general consensus was that the risks involved made the idea quite
dangerously, esp if it eskrowed multiple keys to perfom it's task... (one
entry point to several webservers if used by an ISP, mayhap, etc etc)
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
On Thu, 31 Aug 2000, Roelof Temmingh wrote:
All,
I am working on an article-thingy, and while writing I stumbled across
this: IDS & SSL does not work together well...wow! (this was a joke).
Even if you put an IDS on the same platform as the webserver it would not
work. How should this be addressed? Is it addressed in some way by the ppl on
the IDS mailling list? I did a -=very=- quick search for SSL and IDS and didnt
really get anything.
I have some ideas of how one can try to solve it, but I dont want to barge
into other ppl's territory.
Yeah, I know .. its prolly not the best list for the discussion.
Regards,
Roelof.
------------------------------------------------------
Roelof W Temmingh SensePost IT security
roelof () sensepost com +27 83 448 6996
http://www.sensepost.com
Current thread:
- Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
- Re: SSL & IDS Inno Eroraha (Sep 01)
- Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Dragos Ruiu (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
- Re: SSL & IDS Pluto (Sep 08)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS J Edgar Hoover (Sep 01)