> -----Original Message----- > From: Palmer, Paul (ISSAtlanta) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 11:09 PM > To: Soldatov, Sergey V.; Massimo; Claudia Patricia Prada Guzman > Cc: [EMAIL PROTECTED] > Subject: RE: [ISSForum] Inspect web mail > > Sergey, > > SSL was specifically designed to prevent Man in the Middle attacks. > > In order to perform a "man in the middle" operation against > SSL, it is necessary to know the server's private key. In
Paul, It's not nessesaty, because there is no ability for client to check if server's private key right or wrong (the only way - if client has server's certificate, but it's not right for Internet, because for every HTTPS session client receive certificate from Internet, so client does not sure if this certificate from server or from man-in-the-middle). To solve this problem there are CAs. About CAs see below. > this case, you are not really in the middle, just decrypting > the traffic on the fly. Even then, it may be impossible if > you cannot control the protocol negotiations that occur at > the beginning of the connection as the protocol allows for > ephemeral keys on both ends. > > If you try to proxy the connection, decrypt it by providing > your own private key to the client and then re-encrypt it to > its final destination you will not go undetected. At the very > least, the clients will complain on each and every > connection. Some SSL clients will refuse to operate over the > proxied connection at all. In my situation SSL clients have no ability to get to know that their connections are proxied by man-in-the-middle. My SSL proxy for each SSL server issues server's certificate signed with proxy's certificate. I have full control over all workstations in my LAN, because of this it's no problem for me to import proxy's certificate into trusted CAs in each SSL client. In this case SSL client will not generate any warnings. > > Paul > > -----Original Message----- > From: [EMAIL PROTECTED] On Behalf Of > Soldatov, Sergey V. > Sent: Friday, January 13, 2006 9:18 AM > To: Massimo; Claudia Patricia Prada Guzman > Cc: [EMAIL PROTECTED] > Subject: Re: [ISSForum] Inspect web mail > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Massimo > > Sent: Monday, January 09, 2006 1:33 PM > > To: Claudia Patricia Prada Guzman > > Cc: [email protected] > > Subject: Re: [ISSForum] Inspect web mail > > > > Claudia Patricia Prada Guzman wrote: > > > Some body knows how to inspect web mail (GMAIL, telcomails > > ) using Porventia G.? > > > These equipment has two signatures that inspect attached > > files, but if I want to create a new signature using GMAIL, what do > > should I do ? > > > > You should ask gmail not to use SSL for their web mail. > > > > You can't analize/block https connection (you can do it > with hotmail, > > yahoo because they are clear text http). > > You can analyze/block https connection if your Proventia G > can perform Man-In-The-Middle attack against SSL. I know some > products that can do this (for example WebWasher CSM's SSL > scanner). Of course advanced users will see this, but this > can be solved administratively. Can Proventia G scan > SSL-traffic performing MITM-attack? > > > > > > Best Regards, > > Massimo > > > > _______________________________________________ > > ISSForum mailing list > > [email protected] > > > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > > https://atla-mm1.iss.net/mailman/listinfo/issforum > > > > To contact the ISSForum Moderator, send email to > [EMAIL PROTECTED] > > > > The ISSForum mailing list is hosted and managed by Internet > Security > > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > > > > > --- > Best regards, Sergey V. Soldatov. > Information security department. > tel/fax +7 495 745 89 50 > tel +7 495 777 77 07 (1613) > > > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
