You can write a simple custom signature to monitor the presence of https traffic, mostly port 443, but without SSL decryption monitoring packet content is (to my limited knowledge) not possible.
Certain other Network IPS can carry SSL certificates and decrypt SSL traffic on the fly and monitor content. However, whilst measures are taken to protect the certificates, getting them from web site owners outside your control probably won't happen, furthermore there is a performance hit on the sensor. Hope this helps Andy Cuff Chief Technology Officer Computer Network Defence Ltd http://www.securitywizardry.com 07010 709014 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of [EMAIL PROTECTED] > Sent: 01 November 2005 10:09 > To: [email protected] > Subject: [ISSForum] IDS monitor HTTPs traffic > > Dear all > > Does anyone have experience to create custom signature to monitor > HTTPs traffic ?? > Both server sensor 7.0 and NS 7.0 > > > > Pramote > KBANk,TH > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla- > mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
