Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: The Outgoing Traffic Problem --
From: damnliberals () gmail com
Date: Wed, 19 Jul 2006 03:36:46 +0300

On 7/12/06, Marcus J. Ranum <mjr () ranum com> wrote:
As far as I can see, the endgame is going to be one of two
- Organizations are going to try to add signature-style
controls to SSL transactions and are going to rely on "man
in the middle" style interception tricks and (call 'em what
you want) signatures to detect malicious traffic
- Organizations are going to have to positively identify
sites with which it is necessary/appropriate to do SSL

I don't see a lot of future in EITHER of those options. The first
one falls apart really fast if anyone ever fixes SSL's certificate
trust model (not highly likely) but since it's signature-based
it'll fail when the hackers add superencryption to their command
streams. The second option would have worked if it had been

One branch of the military that I'm working with across the pond, has
recently moved to option 1, specifically using bluecoat SSL proxies to
scan SSL-encrypted traffic.  They are also significantly reducing the
(already limited) sites that can be accessed.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]