Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Oliver Petruzel (opetruzelcox.rr.com)
Date: Tue Mar 19 2002 - 22:30:58 CST
But as I stated previously, a SSL terminator or any IDS with
key-sharing, is just a big chokepoint/buttplug on a network... today's
bandwidth nearly makes these obsolete...
From: Gabriel Lawrence [mailto:gabebutterflysecurity.com]
Sent: Tuesday, March 19, 2002 11:06 PM
Cc: vuln-devsecurityfocus.com; bugtraqsecurityfocus.com;
Subject: Re: IDS and SSL
There are a couple of solutions to this problem that I've seen. I don't
recall all the vendors and all the products so forgive me. But I'll give
you a dump of what I know.
First, some IDS's (and this is where I forget the vendors) allow you to
specify the private key that is used to encrypt the https data. With
this in hand, the IDS is able to eavesdrop on the communication flowing
by. Thats why its so important to keep those private keys private :-) If
other people know what they are then they can snoop in on the
Second, you can use an SSL terminator. There are many vendors who have
products that do this, some of them are simply SSL terminators and some
of them include other features such as load balancing as part of the
package. If you place the IDS on the non encrypted side of the SSL
terminator you are free to look at the HTTP traffic as it flows by as it
is all unencrypted.
On Tue, 2002-03-19 at 10:09, zeno wrote:
> Currently IDS products monitor for webserver or web application
attacks over http.
> Do any monitor attacks over https? If so can people name a few
products that do this?
> Also if any info is availble how can they handle themselves on web
> (Thats tons of math to compute)
> - zenocgisecurity.com