|
|
encrypted data honeypots and IDS: msg#00026security.ids
Hello! I have been working with IDS's and honeypots for a while, and have constantly been intruiged by one thing: As long as you control networks, its good to have all traffic encrypted (whether its over http over ssl or ssh instead of telnet etc), but to sniff and analyse data as in an IDS, you need it to be unencrypted. With encryption being used increasingly in so many communications, will that result in the demise of IDSs in the long run, unless they change their architecture in some manner. As an example, snort flags logs whenever there is a return id for root, since it assumes thats an automated script. But something like that over ssh would never get caught. Would be glad if anyone can give any inputs regarding work done to deal with this "problem" regards John Galt |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: High availability design of NIDS: 00026, Gary Halleen |
|---|---|
| Next by Date: | RE: Tripwire for Solaris 8: 00026, Dominic Clermont |
| Previous by Thread: | High availability design of NIDSi: 00026, Vincent IP |
| Next by Thread: | Need some information on HIDS!: 00026, peng xuena |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |