Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to monitor encrypted connections...

from [Kevin Overcash] Network Security [Permanent Link]
Subject: RE: How to monitor encrypted connections...
Date: Mon, 24 Sep 2007 17:18:57 -0400 
Breach Security (www.breach.com) offers a product called BreachView SSL,
whose sole purpose is to passively decrypt SSL traffic for an IDS/IPS to
inspect.  The product works as a preprocessor, sending the IDS both the
encrypted traffic as well as a corresponding packet containing the
decrypted content.  An IDS is then able to analyze the traffic and
report on threats within encrypted traffic.

The product is available as either an appliance or a software plug-in
for Windows or Linux environments.  Please see
http://www.breach.com/products/breachview-ssl.html for more details or a
free evaluation.

Kevin Overcash


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of abhicc285@gmail.com
Sent: Friday, September 21, 2007 4:05 AM
To: focus-ids@securityfocus.com
Subject: Re: How to monitor encrypted connections...


If the traffic is encrypted then it IDS will first have to decrypt the
traffic. The IDS will have the keys to decryopt the traffic. This kind
of design is certainly possible in HIPS where for SSL traffic keys can
be uploaded, IPS will first decrypt the trafic and then forward  the
traffic to exploit/vulnerability specific rules. However it will be
computationaly expensive. 




Still working on my IDS/IPS project...



When browsing some IDS/IPS vendors' datasheets, >I noticed that some of

them


claimed being able to monitor encrypted traffic.



Could someone provide me with some insight on >what is currently



possible (and already



implemented) and what are the eventual limita...




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to monitor encrypted connections..., Stefano Zanero
Next by Date:  RE: How to monitor encrypted connections..., Leonardo Cavallari Militelli
Previous by Thread:  Re: How to monitor encrypted connections..., Stefano Zanero
Indexes:  [Date] [Thread] [Top] [All Lists]