Re: IDS&SSL - some thoughs perhaps

[Lincoln Yeoh <lyeoh () POP JARING MY>]

I think that it's not worth all that trouble to try to use network based
IDS when stuff is encrypted.

Focus on running stuff that is secure in the first place - I know that's
not always easy, but to me that is an easier and better solution then
trying to get your IDS to see encrypted traffic. If you use
protocols/architectures that let your IDS see the traffic it arguably
creates a worse security situation.

It'll be more and more difficult to use conventional network based IDS for
many reasons:
1) switches - high speed point to point traffic.
2) higher and higher speeds.
3) encryption becoming more widespread, and being used at the very places
people want to attack.

Writing CGI scripts that are difficult to exploit isn't that hard if you
start off on the right foot, and keep in mind the usual rules - filter
everything that comes in to your program, filter everything that leaves
your program to suit the stuff that will receive it (database, browser,
user, etc), always assume that your input can and will be tampered with and
so take the necessary precautions (javascript checks are just for user
convenience (and to let the web artist show off ;) ) ). Get the
architecture and design right first. And use tools/languages which you know
you yourself can and will code safely in.

Cheerio,

Link.

At 11:53 AM 04-09-2000 +0200, Roelof Temmingh wrote:
> All,
>
> Some days ago i wrote to ask your opinion on SSL and IDS. I do understand
that
> encryption and IDS does not fit together well - i was looking at
understanding
> just to solve the web problem - exploiting CGI scripts and the likes.