IDS mailing list archives
Re: Re: How to monitor encrypted connections...
From: abhicc285 () gmail com
Date: 29 Sep 2007 11:55:03 -0000
Hi Stefano,
kind of design is certainly possible in HIPS where for SSL traffic keys can be uploaded,
Incorrect, in HOST intrusion prevention such artifice is not needed usually. Abhi: --- Please correct me, as per my understanding the HIPS will be executing rules at IP layer and the decryption will be at application layer. So unless HIPS at IP layer does not have the keys how will it decrypt the SSL traffic ?
forward the traffic to exploit/vulnerability specific rules. However it will be computationaly expensive.
This is not really the problem. The problem is: do you really want to store all of your keys on another device. Abhi: HIPS will be executing on the same host as the application. So i think for HIPS there is no concept of storing keys in other device. For NIPS concept of other device come in. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Re: How to monitor encrypted connections... abhicc285 (Oct 01)
- Re: How to monitor encrypted connections... Stefano Zanero (Oct 03)
- <Possible follow-ups>
- Re: How to monitor encrypted connections... crazy frog crazy frog (Oct 01)