Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: The Outgoing Traffic Problem --
From: damnliberals () gmail com
Date: Wed, 19 Jul 2006 03:36:46 +0300

On 7/12/06, Marcus J. Ranum <mjr () ranum com> wrote:
<..>
As far as I can see, the endgame is going to be one of two
things.
- Organizations are going to try to add signature-style
controls to SSL transactions and are going to rely on "man
in the middle" style interception tricks and (call 'em what
you want) signatures to detect malicious traffic
- Organizations are going to have to positively identify
sites with which it is necessary/appropriate to do SSL
transactions

I don't see a lot of future in EITHER of those options. The first
one falls apart really fast if anyone ever fixes SSL's certificate
trust model (not highly likely) but since it's signature-based
it'll fail when the hackers add superencryption to their command
streams. The second option would have worked if it had been
<..>


One branch of the military that I'm working with across the pond, has
recently moved to option 1, specifically using bluecoat SSL proxies to
scan SSL-encrypted traffic.  They are also significantly reducing the
(already limited) sites that can be accessed.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault