Security Basics mailing list archives
Re: Checkpoint smart defance as IPS
From: Shreyas Zare <shreyas () secfence com>
Date: Mon, 7 Jun 2010 13:36:12 +0530
Hi Craig, On Mon, Jun 7, 2010 at 1:27 PM, Craig S. Wright <craig.wright () information-defense com> wrote:
Sorry, I do not understand what you mean in the second sentence. ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd
Forget that sentence, just answer the first one. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com
-----Original Message----- From: Shreyas Zare [mailto:shreyas () secfence com] Sent: Monday, 7 June 2010 5:44 PM To: craig.wright () information-defense com; security-basics () securityfocus com Subject: Re: Checkpoint smart defance as IPS Hi Craig, Can you give some rough estimations for this in USD just for the argument sake? And I would still reiterate that the costs involved for interception are part of the system designed to protect. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com On Mon, Jun 7, 2010 at 12:03 PM, Craig S. Wright <craig.wright () information-defense com> wrote:An attacker does it for economic gain. Your idea is that I pay for the benefit of demoing how foolish you are being with a dogmatic belief in a falsity. You made the challenge, you bear the costs. ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd -----Original Message----- From: Shreyas Zare [mailto:shreyas () secfence com] Sent: Monday, 7 June 2010 3:54 PM To: craig.wright () information-defense com Cc: security-basics () securityfocus com Subject: Re: Checkpoint smart defance as IPS Hi Craig, On Mon, Jun 7, 2010 at 3:25 AM, Craig S Wright <craig.wright () information-defense com> wrote:An RA is an internal CA, it is trusted by chaining. Please read up onthisbefore making arbitrary comments. Yes, there is a cost to this and I have not commented on this as this will vary, but then a Checkpoint license is also a cost.You talking about costs involved in the interception is exactly what my point is. To do the kind of attack, attacker needs quite a lot resources. You can do whatever necessary to prove a MITM attack for the challenge. Its not my concern, as far as I am concern, I am just a victim in this experiment. On Sun, May 30, 2010 at 2:40 AM, Craig S. WrightThis is blatantly false. IDS, IPS, Wireshark even all have SSL decryption capabilities. There is no requirement for a separate proxy.You can use wireshark, no problem!Again, SSL is perceived by many as secure. So what? Security is not perception. This is a point that you continue to miss. Again, SSL is about privacy, not security. Privacy can be a part of a security solution, but it is not security in itself.SSL was designed to prevent eavesdropping and it works as designed. While there are many type of attack scenario possible, its still secure for use in e-commerce. It surely cant prevent users from social engineering or vulnerabilities in their browser implementation. Whatever point you put every time, I too know those technicalities. So instead of discussing it further, I would like you to prove your point with the practical experiment I had suggested. If there is something that I really didn't know or understand then it would be great thing for me and many people on the list reading this. As far as costs are concerned, you don't ask your victim to pay up for the attack. Regards, Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Checkpoint smart defance as IPS, (continued)
- Re: Checkpoint smart defance as IPS John Morrison (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- Message not available
- Re: Checkpoint smart defance as IPS Shreyas Zare (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 07)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 09)
- RE: Checkpoint smart defance as IPS Craig S. Wright (Jun 03)
- Certificate Authority Question Craig S. Wright (Jun 03)
- Message not available
- Re: Certificate Authority Question Shreyas Zare (Jun 07)