Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: SSL & IDS

Re: SSL & IDS

From: Dragos Ruiu <dr_at_KYX.NET>
Date: Sat, 2 Sep 2000 11:45:58 -0700

That's interesting... because I'm seeing a lot of people get excited
about load balancers from a variety of vendors, and terminating the
SSL at some SSL acceleration HW on the load balancer and having
the load balancers manage cookies, sessions, and other items. This
is something that is universally regarded as a positive by a lot of the
network designers and groups I do consulting for....

But it does have security implications that I think aren't being
considered much yet. Goes to show that there is more to secure
design than protecting from buffer overflows....

cheers,
--dr

On Sat, 02 Sep 2000, Ng Pheng Siong wrote:
> On Fri, Sep 01, 2000 at 09:36:34AM +0200, Mikael Olsson wrote:
> > You'll likely have to terminate the SSL connection on a reverse proxy
> > machine in front of the web server and do your IDS sniffing after that
> > reverse proxy.
>
> This seems a popular suggestion.
>
> Given the usual statistic that 80% (or 90% or whatever) of
> security compromises are internal jobs, deliberately terminating
> your SSL early and then having your app talk in the clear over
> your internal network is more dangerous than it is useful, IMHO.
>
> Cheers.
> --
> Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps 

--
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
pgp key: http://www.dursec.com/drkey.asc
Received on Sep 03 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos