Powered by Max Banner Ads 

Intrusion Prevention and SSL Inspection

There was a good article recently on PaulDotCom related to bypassing an IDS using SSL. This is a common problem with any IPS/IDS.

Lets first understand how an Intrusion Detection System can inspect SSL traffic. There are two primary ways vendors have implemented SSL decryption.

The first way is through the use of a dedicated appliance; such as a Netronome device. In this scenario the traffic is redirected to the offload appliance and decrypted. The decrypted traffic is then sent to the IPS/IDS for inspection.

The second method is where the traffic is decrypted on the intrusion prevention appliance.

Both of these scenarios have their benefits and drawbacks but they both require access to the private key of the certificate for the site being access. The certificate is loaded on the device and then traffic can be decrypted. This presents a problem when you do not have access to the private and is why the example from PaulDotCom works so well. This is also why attackers will encrypt their outbound traffic and easily evade IPS/IDS devices.

To counter this threat companies can you other solutions such as web gateways to redirect all SSL traffic to a web gateway where a certificate is installed on system to allow decryption of outbound traffic, think “man-in-the-middle” attack but performed by your company.

We will release some videos in the future showing how to do this.

 

 

 

 

I have added the Nitro Security Visio Stencils. You can find them here.

Presentation on IPS

This report from imperva on the effectiveness of anti-virus software has unleashed a lot of backlash from the anti-virus community. They say it was flawed and not scientific. That is was biased. (That is called Marketing)

That may be true but I would argue that it was a real world example of how customers deal with malware infections. Customers are overwhelmed and inundated with the flood of malware. If they submit the file to a site like Virus Total and it is not detected then your product failed! Right or wrong, it failed! Perception=Reality.

What we need to do is change the perception of many companies that anti-virus software is all they need.

Here is a link to the report.

http://www.imperva.com/download.asp?id=324

Added Enterasys Intrusion Prevention Visio Stencils

We have added the Visio stencils for the Enterasys Intrusion Prevention devices. You can find them on the downloads page. Enjoy!

Update to downloads

We had to change the software used to manage the Visio downloads due to some end of support of the other package. Everything has been migrated but if you experience any problems please let us know.

We also implemented a requirement to provide a valid email address in order to receive the download.

We take privacy very serious. Your email will not be sold or abused. We promise!

 Page 2 of 9 « 1  2  3  4  5 » ...  Last »