Re: [ISSForum] Inspect web mail

Sergey,

SSL was specifically designed to prevent Man in the Middle attacks.

In order to perform a "man in the middle" operation against SSL, it is
necessary to know the server's private key. In this case, you are not
really in the middle, just decrypting the traffic on the fly. Even then,
it may be impossible if you cannot control the protocol negotiations
that occur at the beginning of the connection as the protocol allows for
ephemeral keys on both ends.

If you try to proxy the connection, decrypt it by providing your own
private key to the client and then re-encrypt it to its final
destination you will not go undetected. At the very least, the clients
will complain on each and every connection. Some SSL clients will refuse
to operate over the proxied connection at all.

Paul

-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Soldatov, Sergey V.
Sent: Friday, January 13, 2006 9:18 AM
To: Massimo; Claudia Patricia Prada Guzman
Cc: issforum@atla-mm1.iss.net
Subject: Re: [ISSForum] Inspect web mail



> -----Original Message-----
> From: issforum-bounces@iss.net
> [mailto:issforum-bounces@iss.net] On Behalf Of Massimo
> Sent: Monday, January 09, 2006 1:33 PM
> To: Claudia Patricia Prada Guzman
> Cc: issforum@iss.net
> Subject: Re: [ISSForum] Inspect web mail
>
> Claudia Patricia Prada Guzman wrote:
> > Some body knows how to inspect web mail (GMAIL, telcomails
> ) using Porventia G.?
> > These equipment has two signatures that inspect attached
> files, but if I want to create a new signature using GMAIL,
> what do should I do ?
>
> You should ask gmail not to use SSL for their web mail.
>
> You can't analize/block https connection (you can do it with
> hotmail, yahoo because they are clear text http).

You can analyze/block https connection if your Proventia G can perform
Man-In-The-Middle attack against SSL. I know some products that can do
this (for example WebWasher CSM's SSL scanner). Of course advanced users
will see this, but this can be solved administratively. Can Proventia G
scan SSL-traffic performing MITM-attack?


> Best Regards,
>                       Massimo
>
> _______________________________________________
> ISSForum mailing list
> ISSForum@iss.net
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
> https://atla-mm1.iss.net/mailman/listinfo/issforum
>
> To contact the ISSForum Moderator, send email to mod-issforum@iss.net
>
> The ISSForum mailing list is hosted and managed by Internet
> Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 495 745 89 50 
tel +7 495 777 77 07 (1613) 


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.