encrypted data honeypots and IDS
From: John Galt (everbeeninlove_at_gmail.com)
Date: 02/21/05
- Previous message: Micheal Espinola Jr: "Re: Free Webmail w/ SSL?"
- Next in thread: dissolved: "RE: encrypted data honeypots and IDS"
- Reply: dissolved: "RE: encrypted data honeypots and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Feb 2005 18:04:24 +0530 To: honeypots@securityfocus.com, focus-ids@securityfocus.com, security-basics@securityfocus.com
Hello! I have been working with IDS's and honeypots for a while, and
have constantly been intruiged by one thing: As long as you control
networks, its good to have all traffic encrypted (whether its over
http over ssl or ssh instead of telnet etc), but to sniff and analyse
data as in an IDS, you need it to be unencrypted. With encryption
being used increasingly in so many communications, will that result in
the demise of IDSs in the long run, unless they change their
architecture in some manner.
As an example, snort flags logs whenever there is a return id for
root, since it assumes thats an automated script. But something like
that over ssh would never get caught.
Would be glad if anyone can give any inputs regarding work done to
deal with this "problem"
regards
John Galt
- Previous message: Micheal Espinola Jr: "Re: Free Webmail w/ SSL?"
- Next in thread: dissolved: "RE: encrypted data honeypots and IDS"
- Reply: dissolved: "RE: encrypted data honeypots and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
