Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

encrypted data honeypots and IDS

from [John Galt] Network Security [Permanent Link]
Subject: encrypted data honeypots and IDS
Date: Mon, 21 Feb 2005 18:04:24 +0530 
Hello! I have been working with IDS's and honeypots for a while, and
have constantly been intruiged by one thing: As long as you control
networks, its good to have all traffic encrypted (whether its over
http over ssl or ssh instead of telnet etc), but to sniff and analyse
data as in an IDS, you need it to be unencrypted. With encryption
being used increasingly in so many communications, will that result in
the demise of IDSs in the long run, unless they change their
architecture in some manner.

As an example, snort flags logs whenever there is a return id for
root, since it assumes thats an automated script. But something like
that over ssh would never get caught.

Would be glad if anyone can give any inputs regarding work done to
deal with this "problem"

regards

John Galt
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Disaster Recovery Tool, Andreas Putzo
Next by Date:  Re: Suggestion for work in Cryptographic Protocol Analysis, exon
Previous by Thread:  Help me, Tran Nguyen Vu
Next by Thread:  RE: encrypted data honeypots and IDS, dissolved
Indexes:  [Date] [Thread] [Top] [All Lists]