I am aware of such devices but have no experience with them. Included within the issues you have raised may be serious privacy issues depending on where you are and what your corporate policies state. If nothing else, consider the added potential risk to your company -- for example, perhaps you are deciphering someone's online banking, what if you are compromised and thieves are able to get your staff's banking details along with everything else. Can they suggest that through SSL they had a reasonable expectation of privacy? As should always be the case with potential privacy issues: clear it with legal and clear it with HR first. Obviously, some enterprises will have a strict usage policy that will make this a non-issue and this could be a good fit for them. Otherwise, I would encourage people to tread carefully here.
I have heard of some less intrusive monitoring options that may include monitoring SSL connection duration. You may want to look for SSL connections longer than a couple of minutes (i.e. most banking is done quickly), filter out IP addresses that you expect to see longer SSL connections with. If you are seeing much longer than usual SSL connections you may want to look more closely at traffic to/from that host. Carl ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
