'RE: Firewall or IDS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ms
Subject:    RE: Firewall or IDS
From:       "Rocky Stefano" <rstefano () echelonsystems ! com>
Date:       2002-03-19 19:02:34
[Download RAW message or body]

I DOUBT IT. How can a vendor state that they can break an SSL encrypted
channel in order to detect if an attack is being propagated through it or
not. If that was the case then ecommerce would be dead right now.

Yes they can detect certain SSL exploits and weaknesses but they nor anyone
else can READ an already established and encrypted channel.

At that point you need a good host based intrusion agent on your web server
or host in question.



-----Original Message-----
From: Michael Vallejo [mailto:mvallejo@innovativemerchant.com]
Sent: Tuesday, March 19, 2002 1:39 PM
To: 'Rocky Stefano'; Tony Deacon; jonathan@stdnet.com
Cc: focus-ms@securityfocus.com
Subject: RE: Firewall or IDS


Hello

	I just had a meeting with Cisco and they say that they do read the
SSL traffic with their IDS systems Also they say that their IDS system
closes ports when the problem comes up.

Is this true

Thanks




-----Original Message-----
From: Rocky Stefano [mailto:rstefano@echelonsystems.com]
Sent: Tuesday, March 19, 2002 8:45 AM
To: Tony Deacon; jonathan@stdnet.com
Cc: focus-ms@securityfocus.com
Subject: RE: Firewall or IDS

Tony,

Most if not all IDS's cannot really look at SSL streams for attacks
propagated through them because the channel is encrypted.


-----Original Message-----
From: Tony Deacon [mailto:td@workzone.co.uk]
Sent: Tuesday, March 19, 2002 4:15 AM
To: jonathan@stdnet.com
Cc: focus-ms@securityfocus.com
Subject: Firewall or IDS


Jonathan,
Your comment:

(As part of my "day job" I've successfully hacked several networks
running
a firewall which restricted traffic to HTTP and ran IDS
software...secure
port 443 is usually more than enough to get in, and the IDS systems
rarely
flag me...all tests performed with permission of course!)

makes me nervous as I admin a firewall at a third party to protect our
servers.
Where these attacks recognised ones, special or a port 443
vulnerability?
Is there anything I need to read up on here?
--
Tony Deacon


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the person or entity to whom they are addressed
and may contain confidential and/or privileged material.
Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon this information by persons or entities
other than the intended recipient is prohibited.
If you have received this email in error please contact the sender
and delete the material from any computer.

Innovative Merchant Solutions <www.InnovativeMerchant.com>  IMSLD Tag
**********************************************************************

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic