Re: IDS and SSL

[Gabriel Lawrence <gabe () butterflysecurity com>]

There are a couple of solutions to this problem that I've seen. I don't
recall all the vendors and all the products so forgive me. But I'll give
you a dump of what I know.

First, some IDS's (and this is where I forget the vendors) allow you to
specify the private key that is used to encrypt the https data. With
this in hand, the IDS is able to eavesdrop on the communication flowing
by. Thats why its so important to keep those private keys private :-) If
other people know what they are then they can snoop in on the
communication.

Second, you can use an SSL terminator. There are many vendors who have
products that do this, some of them are simply SSL terminators and some
of them include other features such as load balancing as part of the
package. If you place the IDS on the non encrypted side of the SSL
terminator you are free to look at the HTTP traffic as it flows by as it
is all unencrypted.

-gabe


On Tue, 2002-03-19 at 10:09, zeno wrote:
> Hello,
>
> Currently IDS products monitor for webserver or web application attacks over http.
> Do any monitor attacks over https? If so can people name a few products that do this?
> Also if any info is availble how can they handle themselves on web hosting companies?
> (Thats tons of math to compute)
>
>
> Thanks
>
> - zeno () cgisecurity com
>