Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: SSL & IDS

Re: SSL & IDS

From: Crispin Cowan <crispin_at_WIREX.COM>
Date: Thu, 31 Aug 2000 11:29:01 -0700

Roelof Temmingh wrote:

> I am working on an article-thingy, and while writing I stumbled across
> this: IDS & SSL does not work together well...wow! (this was a joke).
> Even if you put an IDS on the same platform as the webserver it would not
> work. How should this be addressed? Is it addressed in some way by the ppl on
> the IDS mailling list? I did a -=very=- quick search for SSL and IDS and didnt
> really get anything.

The problem is more general than that: *network* IDS's fail in the presence of
any kind of network crypto (host-based IDS's are unaffected). This problem is
more commonly stated as IDS's vs. VPNs. VPNs (i.e. IPSec, PPTP (blech)) make
life even harder on a network IDS than SSL does.

> I have some ideas of how one can try to solve it, but I dont want to barge
> into other ppl's territory.

I'm very interested in hearing your ideas. Particularly since I don't believe
the problem is solvable :-)

> Yeah, I know .. its prolly not the best list for the discussion.

I can't think of a strictly better list to have the discussion on. These kinds
of discussions happen on security-audit, but it is OT there, too.

Crispin 

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
Received on Sep 01 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos