Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: How to monitor encrypted connections...

from [abhicc285] Network Security [Permanent Link]
Subject: Re: Re: How to monitor encrypted connections...
Date: 29 Sep 2007 11:55:03 -0000 
Hi Stefano,

 


kind of design is certainly possible in HIPS where for SSL traffic
keys can be uploaded,


Incorrect, in HOST intrusion prevention such artifice is not needed usually.

Abhi: ---  Please correct me, as per my understanding the HIPS will be 
executing rules at IP layer and the decryption will be at application layer. So 
unless HIPS at IP layer does not have the keys how will it decrypt the SSL 
traffic ?


forward the traffic to exploit/vulnerability specific rules. However
it will be computationaly expensive.


This is not really the problem. The problem is: do you really want to
store all of your keys on another device.

Abhi: HIPS will be executing on the same host as the application. So i think 
for  HIPS there is no concept of storing keys in other device. For NIPS concept 
of other device come in.


Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using Snort to find creditcard data?, Mike Lococo
Next by Date:  Re: Worm samples /exploits, crazy frog crazy frog
Previous by Thread:  Re: Using Snort to find creditcard data?, Mike Lococo
Next by Thread:  Re: How to monitor encrypted connections..., Stefano Zanero
Indexes:  [Date] [Thread] [Top] [All Lists]