Vulnerability Development mailing list archives
Re: IDS and SSL
From: Thor () HammerofGod com
Date: Thu, 21 Mar 2002 06:08:47 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:06 PM 3/19/2002, Gabriel Lawrence wrote:
Second, you can use an SSL terminator. There are many vendors who have products that do this, some of them are simply SSL terminators and some of them include other features such as load balancing as part of the package. If you place the IDS on the non encrypted side of the SSL terminator you are free to look at the HTTP traffic as it flows by as it is all unencrypted.
<.02> ISA Server can do this. I'm not sure if it would still be referred to as an "SSL Terminator," but ISA can establish and publish HTTPS to an internal server over HTTP where the traffic can be examined once it is inside your own network. Someone referred to this as a "chokepoint," but ISA is doing the same job that the web server would have to do, only upstream a bit. I think the ability to monitor the traffic, plus all the other cool things ISA does is well worth the slight publishing overhead created by implementing it. </.02> AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPJnpb4hsmyD15h5gEQIp3gCeNCzWAB0sol+kLu/qP/7YJKVgyqIAoLsF qzW0pF/lq5dnbNo0BjGsuwbU =5+CR -----END PGP SIGNATURE-----
Current thread:
- Re: IDS and SSL Gabriel Lawrence (Mar 20)
- RE: IDS and SSL Oliver Petruzel (Mar 20)
- Re: IDS and SSL pgiacomi (Mar 21)
- Re: IDS and SSL Thor (Mar 21)
- <Possible follow-ups>
- RE: IDS and SSL Oliver Petruzel (Mar 20)
- RE: IDS and SSL Jason Lewis (Mar 21)
- RE: IDS and SSL Dom De Vitto (Mar 22)
- Re: IDS and SSL Jon (Mar 23)
- RE: IDS and SSL Bojan Zdrnja (Mar 24)
- RE: IDS and SSL Dom De Vitto (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 21)
- Re: IDS and SSL Florian Weimer (Mar 25)