If you want to see all of the traffic before it hits your web server, you can use
an external SSL acellerator like one from Ingrian. You put your SSL certs on
this highly protected black box, and you can then watch traffic coming out
the other end before it hits your server. Also simplifies your server build
because you don't have to manage certs on each box you build. One of those
black boxes can decrypt data to a few servers and are pretty scalable from what
I've seen of them. We don't use them yet but have checked them out.

Mike

On Thu, Mar 29, 2001 at 11:58:03AM +0200, Guy Fighel wrote:
> Hello Folks,
>
> I am dealing with this issue and I wish to hear your opinion:
> I have this situation which I have a large network with all kind of servers
> that have to be monitored with some kind of IDS. First I thought
> implementing Network based system but then a new parameter came up. The
> whole network traffic is being encrypted (end to end) using SSL 128bit.
> My question is: what is the best solution to use in this case and how can I
> monitor encrypted traffic?
> Keep in mind that I don't need to monitor any file access etc. so Host based
> systems wont fit here... I need a solution that can monitor network traffic.
>
> Please answer as soon as possible,
>
> Thanks,
> Guy.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]