Vulnerability Development mailing list archives
Re: SSL & IDS
From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Fri, 1 Sep 2000 18:09:54 -0700
Ed Padin wrote:
I don't know of any IDS systems that can decode SSL traffic on the fly. An IDS just a smarter network sniffer. SSL and other encrypted protocols are used to prevent network sniffers from gleaning any information from network traffic. If there was an IDS that could read SSL traffic then SSL would be a joke.
I don't know of any that do this, but you could certainly build an IDS that could decode SSL. You just have to share the web server's private key with the IDS system. (The original poster wanted to monitor his own web server.) This shouldn't pose significantly more risk than having the private key sitting on the web server itself or on an outboard SSL accelerator, which you'll have to do if you want to serve SSL. BB
Current thread:
- Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
- Re: SSL & IDS Inno Eroraha (Sep 01)
- Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Dragos Ruiu (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
- Re: SSL & IDS Pluto (Sep 08)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS J Edgar Hoover (Sep 01)