IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: How to monitor encrypted connections...

From: abhicc285 () gmail com
Date: 29 Sep 2007 11:55:03 -0000
Hi Stefano,

 


kind of design is certainly possible in HIPS where for SSL traffic
keys can be uploaded,


Incorrect, in HOST intrusion prevention such artifice is not needed usually.

Abhi: ---  Please correct me, as per my understanding the HIPS will be executing rules at IP layer and the decryption 
will be at application layer. So unless HIPS at IP layer does not have the keys how will it decrypt the SSL traffic ?


forward the traffic to exploit/vulnerability specific rules. However
it will be computationaly expensive.


This is not really the problem. The problem is: do you really want to
store all of your keys on another device.

Abhi: HIPS will be executing on the same host as the application. So i think for  HIPS there is no concept of storing 
keys in other device. For NIPS concept of other device come in.


Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: