At present it is an excellent layer of protection and
encryption for the
individual transaction. It is the only common well known one
we have. There
are a few companies that make products to add layers of
protection to the
SSL. The Certs are only about $150 not $2000.
[LC]
In Australia, Verisign SGC certs are about A$1750 or ~$1400US
Well a SGC is $450 here, I was not aware of the rip-off over there, how
about Thawte?
http://www.thawte.com/buy/index.html
2. IDS are network security devices that can intercept hackers that
are trying to manipulate data on a web site (sometimes at least).
Using SSL will render the IDS useless, because it will not
be able to
intercept hacking patterns against the site - as the data will be
encrypted. That will enable the hacker to do his bidding
without fear.
You might want to do a little research here, on how to use
your particular
IDS/IPS with SSL (SSL Accelerator etc.) or find one that has
that feature
available.
[LC] I'd love to see more products/packages with this capability too.
Any external SSL Accelerator will decrypt prior to the server.
Using SSL is sometimes good, but not in all cases.
Could you give us an example of when it would be bad to use
SSL instead of
no encryption at all?
[LC] Linking unsuspecting users to a HTTPS web page, via the HTTP link
deception process of your choice, that's loaded with
infecting Trojans and
bypass the Proxy/malware sweeper, IDS/IPS and some browser AV
plugins. Maybe
a bit far fetched, but possible in seconds flat.
Lyal
Once it hits the machine, it is decrypted, therefore your AV, spyware etc.
is going to detect it. Unless you are suggesting that it stores an encrypted
virus on your system, well I guess I would be safe as long as do not decrypt
it?
Of course I should be asleep right now, so if I make a delusional statement,
please forgive me.
