Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to monitor encrypted connections...

from [Ofer Shezaf] Network Security [Permanent Link]
Subject: RE: How to monitor encrypted connections...
Date: Sun, 23 Sep 2007 09:50:41 -0400 

There are basically three ways to monitor SSL traffic:

+ Terminate at the edge of the network and connect your IDS to the
cleartext segment. While trivial, this is the most common solution. The
disadvantages are of course:
        (a) Decrypting early, requiring your data to flow through part
of your network unencrypted.
        (b) Need for an additional device to decrypt SSL at the edge.

+ SSL Bridge - terminate and then re-encrypt. Works only for an in-line
device and might validate non-repudiation.

+ Passively decrypt - decrypt a copy of the traffic, without actually
being part of the conversation. This one is the best add on for existing
IDS systems (*SAMELESS PLUG* we sell such an add on)

~ Ofer


Ofer Shezaf
ofers@breach.com, Phone:+972-9-9560036 #212, Cell: +972-54-4431119

CTO, Breach Security; 
Chair, OWASP Israel; 
Leader, ModSecurity Core Rule Set Project


-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Jean-Pierre

FORCIOLI

Sent: Wednesday, September 19, 2007 7:23 PM
To: focus-ids@securityfocus.com
Subject: How to monitor encrypted connections...

Hi,

Still working on my IDS/IPS project...
When browsing some IDS/IPS vendors' datasheets, I noticed that some of
them
claimed being able to monitor encrypted traffic.
Could someone provide me with some insight on what is currently
possible (and already
implemented) and what are the eventual limitations?

Best regards.



-----------------------------------------------------------------------

-
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to


http://www.coresecurity.com/index.php5?module=Form&action=impact&campai

gn=intro_sfw
to learn more.


-----------------------------------------------------------------------

-



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Need advices regarding signature tunning..., abhicc285
Next by Date:  Re: Need advices regarding signature tunning..., Jeremy Bennett
Previous by Thread:  How to monitor encrypted connections..., Jean-Pierre FORCIOLI
Next by Thread:  RE: How to monitor encrypted connections..., Leonardo Cavallari Militelli
Indexes:  [Date] [Thread] [Top] [All Lists]