RE: Inspect encrypted traffic

["Ken Kousky" <kkousky () ip3inc com>]

You can't inspect the encrypted traffic unless you decrypt it and thus
expose it so this approach requires ultimate trust in the middleman.

Further, this is possible in only a very few special cases. 

SSL accelerators can work in this kind of architecture but most end-to-end
cannot be inspected for three reasons:
1) keys are not available to the middleman inspector
2) the decrypt/inspect/recrypt has too much latency and isn't feasible -
especially for applications like VoIP
3) private or proprietary algorithms are used which are not available to the
middleman

KWK
-----Original Message-----
From: Albert Gonzalez [mailto:incodeblood () gmail com] 
Sent: Friday, March 10, 2006 5:08 PM
To: Juan B
Cc: security-basics () securityfocus com
Subject: Re: Inspect encrypted traffic

Yes it is possible, I know that Intrushield from McAfee can do this if
provided the keys. Although it might only be ssl traffic. This will
also increase the load on the actual device by a nice amount, so keep
that in mind. Maybe someone else can plug in any other device they
know that is currently doing this.

HTH,

- Albert

On 3/2/06, Juan B <juanbabi () yahoo com> wrote:
> HI,
>
> Is it possible to inspect encrypted traffic by network
> elments by providing them the encrypton keys (let say
> IDS's and routers).
>
> especially I want to know about ids's to check about
> IDS's checking encrypted traffic.
>
> Thanks,
>
> Juan
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
>

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------