Vulnerability Development mailing list archives

Re: SSL & IDS

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 3 Sep 2000 20:35:53 +0200

That's interesting... because I'm seeing a lot of people get excited
about load balancers from a variety of vendors, and terminating the
SSL at some SSL acceleration HW on the load balancer and having


IMHO, designers must carefully verify that:
 1. nothing except the webserver (and possibly an IDS) recieves the
    unencrypted data. [place them in the same room sounds like the best
    idea]

 2. that there is no way to fool or by misstake access the same webserver
    without the use of ssl. Alas, https://secured.example.com shouldn't be
    possible to access as http://secure.example.com.

If those requirements are met, I can't name one mayor disadvantage by the
setup.

Come to think of it, is anyone aware of any attempts to take an hardware
accelerator (the ones which works as add-on PCI cards) and use them to
speed up SSL processing in an IDS? If implemented correctly, the IDS
should be able to do crypto-things far beyond any software based
solution...

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

Current thread:

Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
  - Re: SSL & IDS Inno Eroraha (Sep 01)
  - Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
  - Re: SSL & IDS Ng Pheng Siong (Sep 02)
    - Re: SSL & IDS Dragos Ruiu (Sep 02)
    - Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
    - Re: SSL & IDS Pluto (Sep 08)
    - Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS H D Moore (Sep 01)
  - Re: SSL & IDS J Edgar Hoover (Sep 01)
- Re: SSL & IDS Crispin Cowan (Sep 01)
- Re: SSL & IDS Lowry, Shaun (ISSReading) (Sep 04)