[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    Re: ids detect malicious encrypted data?
From:       Ivan Hernandez <ivan.hernandez () globalsis ! com ! ar>
Date:       2003-02-28 17:54:45
[Download RAW message or body]

There is an old dirty solution for SSL webservers. You put your 
unencrypted webserver behind a reverse HTTPS proxy. Then you have 
encrypted traffic between clients and your server and unencrypted 
traffic behind you reverse proxy, so you can analyze with a NIDS (Snort 
is a good choice).

 HTTPS Client              HTTP Server + NIDS
==============           =====================
            |_____________|
             Reverse Proxy
             HTTPS<=> HTTP

Ivan Hernandez

Lau Ker Chea wrote:

>	i just start doing some research in ids field. may i
>know whether majority of the today's nids can detect
>malicious encypted data since from the article that i
>had read, early nids still face this problem. 
>
>all opinion will be appreciated by me
>sincerely..thanks!
>
>chea 
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Tax Center - forms, calculators, tips, more
>http://taxes.yahoo.com/
>
>-----------------------------------------------------------
>Does your IDS have Intelligent Attack Profiling?
>If not, see what you're missing.
>Download a free 15-day trial of StillSecure Border Guard.
>http://www.securityfocus.com/stillsecure
>




-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

[prev in list] [next in list] [prev in thread] [next in thread]