|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IDS, IPS and encrypted traffic
From: Alex Butcher, ISC/ISYS (Alex.Butcher
bristol.ac.uk)
Date: Tue Dec 07 2004 - 03:58:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On 03 December 2004 04:50 +0800 neilslampt.net wrote:
> Have you looked at the Mcafee Intrushield product?
> The latest version of the sensor software has the ability to load SSL
> keys and then decrypt/inspect the traffic in realtime.
To clarify; the idea behind this is that you load the NIDS with the private
keys for any SSL servers that *you* administer, then the NIDS is able to
decrypt and examine the content of sessions established with those servers
(i.e. looking for SQL injection attacks and the like).
This is useful in its own right, but it is not a general-purpose technology
for inspecting /all/ encrypted sessions, or even all HTTPS/SSL sessions.
> Regards
> Neil Archibald
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]