If the traffic is encrypted then it IDS will first have to decrypt the traffic. The IDS will have the keys to decryopt the traffic. This kind of design is certainly possible in HIPS where for SSL traffic keys can be uploaded, IPS will first decrypt the trafic and then forward the traffic to exploit/vulnerability specific rules. However it will be computationaly expensive.
>Still working on my IDS/IPS project... >When browsing some IDS/IPS vendors' datasheets, >I noticed that some of them >claimed being able to monitor encrypted traffic. >Could someone provide me with some insight on >what is currently >possible (and already >implemented) and what are the eventual limita... ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
