Re: How to monitor encrypted connections...

Hi Jean,
  The IDS/IPS typically have no visibility into encrypted traffic. This 
is because most IDS/IPS solutions are built around deep packet 
inspection(DPI)
  technology and application intelligence/identification technologies 
both of which fail when the traffic is encrypted. However, there are IPS
  solutions from vendors which can work on the encrypted traffic. These 
vendors would request the admin to enter the certificates/keys which are
  being used for encryption into the device management console/software. 
When encrypted traffic reaches these devices,these would behave like a
  proxy in the middle which will decrypt all the traffic, analyze it for 
intrusion signatures and then encrypt it again before forwarding.

Regards
Proneet.

-------------
The surest way to corrupt a youth is to instruct him to hold in higher esteem 
those who think alike than those who think differently

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------