ah, as I suspected, marketing spin....
if these products really could decrypt SSL, then it would mean SSL is
broken and e-commerce would crash.
It's only really useful for detecting attacks against your own website
(which I guess is the point), but all other SSL traffic in or out that
you don't have the cert for is still fair game.
thanks for answering the question of how these products decrypt SSL.
-h
Hari Sekhon
Fredrik Nordgren wrote:
Well, since that product requires the private SSL key, it's unlikely
it can provide any help with decrypting unauthorized SSL traffic.
/F
On 10 mar 2007, at 02.20, Kevin Overcash wrote:
Breach Security has a product called BreachView SSL that passively
decrypts SSL traffic for an IDS without terminating the SSL session.
The product comes as either a software plug-in or an appliance.
http://www.breach.com/products_breachviewssl.asp
ko
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing itwith real-world attacks from
CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfwto
learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
