Vulnerability Development mailing list archives
RE: IDS and SSL
From: "Oliver Petruzel" <opetruzel () cox rr com>
Date: Tue, 19 Mar 2002 23:30:58 -0500
But as I stated previously, a SSL terminator or any IDS with key-sharing, is just a big chokepoint/buttplug on a network... today's bandwidth nearly makes these obsolete... ./oliver -----Original Message----- From: Gabriel Lawrence [mailto:gabe () butterflysecurity com] Sent: Tuesday, March 19, 2002 11:06 PM To: zeno Cc: vuln-dev () securityfocus com; bugtraq () securityfocus com; webappsec () securityfocus com Subject: Re: IDS and SSL There are a couple of solutions to this problem that I've seen. I don't recall all the vendors and all the products so forgive me. But I'll give you a dump of what I know. First, some IDS's (and this is where I forget the vendors) allow you to specify the private key that is used to encrypt the https data. With this in hand, the IDS is able to eavesdrop on the communication flowing by. Thats why its so important to keep those private keys private :-) If other people know what they are then they can snoop in on the communication. Second, you can use an SSL terminator. There are many vendors who have products that do this, some of them are simply SSL terminators and some of them include other features such as load balancing as part of the package. If you place the IDS on the non encrypted side of the SSL terminator you are free to look at the HTTP traffic as it flows by as it is all unencrypted. -gabe On Tue, 2002-03-19 at 10:09, zeno wrote:
Hello, Currently IDS products monitor for webserver or web application
attacks over http.
Do any monitor attacks over https? If so can people name a few
products that do this?
Also if any info is availble how can they handle themselves on web
hosting companies?
(Thats tons of math to compute) Thanks - zeno () cgisecurity com
Current thread:
- Re: IDS and SSL Gabriel Lawrence (Mar 20)
- RE: IDS and SSL Oliver Petruzel (Mar 20)
- Re: IDS and SSL pgiacomi (Mar 21)
- Re: IDS and SSL Thor (Mar 21)
- <Possible follow-ups>
- RE: IDS and SSL Oliver Petruzel (Mar 20)
- RE: IDS and SSL Jason Lewis (Mar 21)
- RE: IDS and SSL Dom De Vitto (Mar 22)
- Re: IDS and SSL Jon (Mar 23)
- RE: IDS and SSL Bojan Zdrnja (Mar 24)
- RE: IDS and SSL Dom De Vitto (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 21)
- Re: IDS and SSL Florian Weimer (Mar 25)