[Snort-users] encrypted traffic

Marcio Guerreiro marcio.guerreiro at ...16117...
Mon Aug 10 09:59:11 EDT 2015


Hi all

 

I have a question… I hope you guys can suggest me something to read about it…

 

Considering that a great number of websites use SSL and the Snort documentation suggests that we should not enable encrypted traffic verification.. what it is going to happen ?

 

 

1 - Should Snort be deployed with powerful hardware capable to deal with the expensive computational demand generated by encrypted traffic ?

 

2 - Should I remove  noinspect_encrypted from my snort.conf and enable the encrypted verification ?

 

3 - if I enable that, will Snort verify the whole packet contents ? (data payload) 

 

 

 

Thank you

Marcio

 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150810/7946c761/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 70108 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150810/7946c761/attachment.png>


More information about the Snort-users mailing list