Vulnerability Development mailing list archives
Re: IDS and SSL
From: Gabriel Lawrence <gabe () butterflysecurity com>
Date: 20 Mar 2002 09:29:43 -0800
Well, I've only used the SSL terminators myself. I think the one we used was an Intel one. But there appear to be lots of companies in the market. Here's an old review from network computing that might be a good place to start: <http://www.networkcomputing.com/1212/1212f4.html> As far as IDS's specifically, well... I may have been mis-informed (or operating on non-public info.) When we were talking to VC's about what Butterfly does the technically savvy VC's seemed to always bring up the idea of putting the SSL cert into the NIDS. I heard it so often I figured it was true. But from looking around to answer your question for specific vendors, I'm seeing most folks have taken the HIDS route. I wonder if the VC's are seeing some products that are yet to hit the market? Thinking a little about it, I imagine dealing with keeping all the certificates in sync and ready to go may be a lot more trouble then it's worth. Especially when HIDS solutions are so simple... ISS has an agent you can install on a machine to deal with SSL. I haven't used their products so all I really know is what I gleaned from their web site. I imagine most other IDS do to. I'm not really and IDS guy so... ssldump allows you to descrypt ssl sessions in lne. I know this isn't an IDS, but if you are just looking for some information on how to do it this could be a good place to start. <http://www.rtfm.com/ssldump/> I would be surprised if there isn't an open source project to merge ssldump and snort out there somewhere. I did try and look for a couple of minutes but didn't find one. Sounds like it would be a fun project, if nobody else is already doing it I might have to take a look. -gabe On Wed, 2002-03-20 at 07:02, zeno wrote:
Can you name some brands? - zeno
Current thread:
- Re: IDS and SSL, (continued)
- Re: IDS and SSL pgiacomi (Mar 21)
- Re: IDS and SSL Thor (Mar 21)
- RE: IDS and SSL Oliver Petruzel (Mar 20)
- RE: IDS and SSL Jason Lewis (Mar 21)
- RE: IDS and SSL Dom De Vitto (Mar 22)
- Re: IDS and SSL Jon (Mar 23)
- RE: IDS and SSL Bojan Zdrnja (Mar 24)
- RE: IDS and SSL Dom De Vitto (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 24)
- RE: IDS and SSL Jason Lewis (Mar 21)
- Re: IDS and SSL Florian Weimer (Mar 25)