Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSL & IDS

From: Dragos Ruiu <dr () KYX NET>
Date: Sat, 2 Sep 2000 11:45:58 -0700
That's interesting... because I'm seeing a lot of people get excited
about load balancers from a variety of vendors, and terminating the
SSL at some SSL acceleration HW on the load balancer and having
the load balancers manage cookies, sessions, and other items. This
is something that is universally regarded as a positive by a lot of the
network designers and groups I do consulting for....

But it does have security implications that I think aren't being
considered much yet.  Goes to show that there is more to secure
design than protecting from buffer overflows....

cheers,
--dr

On Sat, 02 Sep 2000, Ng Pheng Siong wrote:

On Fri, Sep 01, 2000 at 09:36:34AM +0200, Mikael Olsson wrote:

You'll likely have to terminate the SSL connection on a reverse proxy
machine in front of the web server and do your IDS sniffing after that
reverse proxy.


This seems a popular suggestion.

Given the usual statistic that 80% (or 90% or whatever) of
security compromises are internal jobs, deliberately terminating
your SSL early and then having your app talk in the clear over
your internal network is more dangerous than it is useful, IMHO.

Cheers.
--
Ng Pheng Siong <ngps () post1 com> * http://www.post1.com/home/ngps

--
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
pgp key: http://www.dursec.com/drkey.asc
Previous By Date Next
Previous By Thread Next

Current thread: