[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: Re: ids detect malicious encrypted data?
From: Ivan Hernandez <ivan.hernandez () globalsis ! com ! ar>
Date: 2003-02-28 17:54:45
[Download RAW message or body]
There is an old dirty solution for SSL webservers. You put your
unencrypted webserver behind a reverse HTTPS proxy. Then you have
encrypted traffic between clients and your server and unencrypted
traffic behind you reverse proxy, so you can analyze with a NIDS (Snort
is a good choice).
HTTPS Client HTTP Server + NIDS
============== =====================
|_____________|
Reverse Proxy
HTTPS<=> HTTP
Ivan Hernandez
Lau Ker Chea wrote:
> i just start doing some research in ids field. may i
>know whether majority of the today's nids can detect
>malicious encypted data since from the article that i
>had read, early nids still face this problem.
>
>all opinion will be appreciated by me
>sincerely..thanks!
>
>chea
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, more
>http://taxes.yahoo.com/
>
>-----------------------------------------------------------
>Does your IDS have Intelligent Attack Profiling?
>If not, see what you're missing.
>Download a free 15-day trial of StillSecure Border Guard.
>http://www.securityfocus.com/stillsecure
>
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic