[Snort-users] Encrypted sessions
Jason.Haar at ...294...
Tue Nov 27 13:56:05 EST 2001
On Tue, Nov 27, 2001 at 01:13:57PM -0800, Erek Adams wrote:
> On Tue, 27 Nov 2001, Ronneil Camara wrote:
> > How does snort deal with encrypted communication. Let say, I would to
> > monitor https connection to my web server or we've got an encrypted
> > connection to other mail server. Would snort know about those attacks?
> Anyone else got a better way to play with encryption? I'm looking for new
Yup - don't encrypt it :-)
Seriously, encryption is too hard to do on the fly - so MOVE THE PROBLEM.
Terminate your SSL sessions on a reverse proxy (either commercial or
Squid-2.5 for instance), and then it'll talk HTTP to the backend Web servers.
Not only can your IDS detect attacks again, but you've moved an expensive
task off your Web servers onto something specifically installed to do SSL...
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
More information about the Snort-users