Hi Jean,
The IDS/IPS typically have no visibility into encrypted
traffic. This
is because most IDS/IPS solutions are built around deep
packet
inspection(DPI)
technology and application intelligence/identification
technologies
both of which fail when the traffic is encrypted. However,
there are IPS
solutions from vendors which can work on the encrypted
traffic. These
vendors would request the admin to enter the
certificates/keys which are
being used for encryption into the device management
console/software.
When encrypted traffic reaches these devices,these would
behave like a
proxy in the middle which will decrypt all the traffic,
analyze it for
intrusion signatures and then encrypt it again before
forwarding.
Regards
Proneet.
-------------
The surest way to corrupt a youth is to instruct him to hold
in higher esteem those who think alike than those who think
differently
------------------------------------------------------------
------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecuri
ty.com/index.php5?module=Form&action=impact&campaign
=intro_sfw
to learn more.
------------------------------------------------------------
------------
|