Hi Jean, The IDS/IPS typically have no visibility into encrypted traffic. This
is because most IDS/IPS solutions are built around deep packet inspection(DPI) technology and application intelligence/identification technologies both of which fail when the traffic is encrypted. However, there are IPS solutions from vendors which can work on the encrypted traffic. These vendors would request the admin to enter the certificates/keys which are being used for encryption into the device management console/software. When encrypted traffic reaches these devices,these would behave like a proxy in the middle which will decrypt all the traffic, analyze it for intrusion signatures and then encrypt it again before forwarding. Regards Proneet. ------------- The surest way to corrupt a youth is to instruct him to hold in higher esteem those who think alike than those who think differently ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
