Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: encrypted data honeypots and IDS

from [dissolved] Network Security [Permanent Link]
Subject: RE: encrypted data honeypots and IDS
Date: Thu, 24 Feb 2005 19:43:33 -0500 
Unless 75% of your traffic is encrypted, I wouldn't worry about it. We wont
see full time encrypted networks for a while due to obvious reasons.
When/if IPv6 ever comes out, that could be a different story

-----Original Message-----
From: John Galt [mailto:everbeeninlove@gmail.com] 
Sent: Monday, February 21, 2005 7:34 AM
To: honeypots@securityfocus.com; focus-ids@securityfocus.com;
security-basics@securityfocus.com
Subject: encrypted data honeypots and IDS

Hello! I have been working with IDS's and honeypots for a while, and
have constantly been intruiged by one thing: As long as you control
networks, its good to have all traffic encrypted (whether its over
http over ssl or ssh instead of telnet etc), but to sniff and analyse
data as in an IDS, you need it to be unencrypted. With encryption
being used increasingly in so many communications, will that result in
the demise of IDSs in the long run, unless they change their
architecture in some manner.

As an example, snort flags logs whenever there is a return id for
root, since it assumes thats an automated script. But something like
that over ssh would never get caught.

Would be glad if anyone can give any inputs regarding work done to
deal with this "problem"

regards

John Galt
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: What could this icmp mean?, Andrew Shore
Next by Date:  Good Book for Win XP /NT Administration, RightroundB
Previous by Thread:  encrypted data honeypots and IDS, John Galt
Next by Thread:  What could this icmp mean?, Tomas
Indexes:  [Date] [Thread] [Top] [All Lists]