NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > ISS> 2007-q1

Re: [ISSForum] Abour Ssl Scanners And ISS Proventia

From: Soldatov, Sergey V. (SVSoldatovtnk-bp.com)
Date: Thu Jan 18 2007 - 08:34:00 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, you're right. It is MITM: WebWasher (WW) generates cert for
destination site and send it to the client, so client thinks that WW is
Web-server. The trick here is that if WW's cert is issued by trusted CA,
client will not get any warnings.

---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 495 745 89 50
tel +7 495 777 77 07 (1613)

> -----Original Message-----
> From: issforum-bouncesiss.net
> [mailto:issforum-bouncesiss.net] On Behalf Of Devrim Kalmaz
> Sent: Monday, September 25, 2006 1:58 PM
> To: issforumiss.net
> Subject: [ISSForum] Abour Ssl Scanners And ISS Proventia
>
> Hi all
>
> Webwasher has an ssl scanner and claims that it find viruses
> and spys in the https traffic.
>
> I can't find any document about how scanner can do that.
>
> I think it decr. the https and scan the data and then encr.
> it again with self CA trusted cert.So a kind of MITM attack.Is it so?
>
> And also ISS proventia has capability of analyze MITM attack
> but can proventia analyze ssl traffic (the same way of
> webwasher do or ?) to find attacks ?
>
> Thanks
>
> Devrim KALMAZ
>
>
> _______________________________________________
> ISSForum mailing list
> ISSForumiss.net
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
> https://atla-mm1.iss.net/mailman/listinfo/issforum
>
> To contact the ISSForum Moderator, send email to mod-issforumiss.net
>
> The ISSForum mailing list is hosted and managed by Internet
> Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
>

_______________________________________________
ISSForum mailing list
ISSForumatla-mm1.iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]