Forum Discussion

pimp_94745's avatar
pimp_94745
Icon for Nimbostratus rankNimbostratus
Nov 12, 2009

SSL decryption to IDS

Hi All,     We have a need to inspect SSL encrypted traffic using an IDS. The one we have doesnt support SSL decryption.     What we are looking at doing is the following:  ...
config
design
PJG_71968's avatar
PJG_71968
Icon for Nimbostratus rankNimbostratus
Nov 25, 2009
Hi There..

 

 

Jumping in on this thread... as the above is exactly what I want to acheive. I want to be able to inspect the decrypted SSL traffic with a traditional PASSIVE IDS, prior to it bein rencrypted to the back end server.

 

 

As far as I understnd Cloning and Interface Mirroring... Interface Mirroring simply sends all Server and Client traffic which hits a certain port out of another port, fine for passive IDS, but no good as the traffic is still encrypted. Then there's cloning, which sends either client or server side to an IP address, which again is no good as the traffic is still encrypted, and the IDS doesn't have an IP address anyway.

 

 

So can this be done? Effectivly send the traffic to IDS, decrypted, prior to any traffic management decission having taken place?

 

 

Thanks

 

 

Phil