Security Basics mailing list archives
RE: Inspect encrypted traffic
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Mon, 13 Mar 2006 17:53:07 -0500
You can't inspect the encrypted traffic unless you decrypt it and thus expose it so this approach requires ultimate trust in the middleman. Further, this is possible in only a very few special cases. SSL accelerators can work in this kind of architecture but most end-to-end cannot be inspected for three reasons: 1) keys are not available to the middleman inspector 2) the decrypt/inspect/recrypt has too much latency and isn't feasible - especially for applications like VoIP 3) private or proprietary algorithms are used which are not available to the middleman KWK -----Original Message----- From: Albert Gonzalez [mailto:incodeblood () gmail com] Sent: Friday, March 10, 2006 5:08 PM To: Juan B Cc: security-basics () securityfocus com Subject: Re: Inspect encrypted traffic Yes it is possible, I know that Intrushield from McAfee can do this if provided the keys. Although it might only be ssl traffic. This will also increase the load on the actual device by a nice amount, so keep that in mind. Maybe someone else can plug in any other device they know that is currently doing this. HTH, - Albert On 3/2/06, Juan B <juanbabi () yahoo com> wrote:
HI, Is it possible to inspect encrypted traffic by network elments by providing them the encrypton keys (let say IDS's and routers). especially I want to know about ids's to check about IDS's checking encrypted traffic. Thanks, Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Inspect encrypted traffic Juan B (Mar 02)
- Re: Inspect encrypted traffic Albert Gonzalez (Mar 13)
- RE: Inspect encrypted traffic Ken Kousky (Mar 14)
- Re: Inspect encrypted traffic Albert Gonzalez (Mar 13)