|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: SSL & IDS
From: Blue Boar (BlueBoar
THIEVCO.COM)Date: Fri Sep 01 2000 - 20:09:54 CDT
- Next message: Juliano Rizzo: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Previous message: J Edgar Hoover: "Re: SSL & IDS"
- In reply to: Ed Padin: "Re: SSL & IDS"
- Next in thread: Bluefish (P.Magnusson): "Re: SSL & IDS"
- Reply: Blue Boar: "Re: SSL & IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ed Padin wrote:
>
> I don't know of any IDS systems that can decode SSL traffic on the fly. An
> IDS just a smarter network sniffer. SSL and other encrypted protocols are
> used to prevent network sniffers from gleaning any information from network
> traffic. If there was an IDS that could read SSL traffic then SSL would be a
> joke.
>
I don't know of any that do this, but you could certainly build an IDS
that
could decode SSL. You just have to share the web server's private key with
the IDS system. (The original poster wanted to monitor his own web
server.)
This shouldn't pose significantly more risk than having the private key
sitting on the web server itself or on an outboard SSL accelerator, which
you'll have to do if you want to serve SSL.
BB
- Next message: Juliano Rizzo: "Re: Neotrace v2.12a Buffer Overflow [?]"
- Previous message: J Edgar Hoover: "Re: SSL & IDS"
- In reply to: Ed Padin: "Re: SSL & IDS"
- Next in thread: Bluefish (P.Magnusson): "Re: SSL & IDS"
- Reply: Blue Boar: "Re: SSL & IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]