[EMAIL PROTECTED] wrote: > If the traffic is encrypted then it IDS will first have to decrypt > the traffic. The IDS will have the keys to decryopt the traffic.
Correct. > kind of design is certainly possible in HIPS where for SSL traffic > keys can be uploaded, Incorrect, in HOST intrusion prevention such artifice is not needed usually. > forward the traffic to exploit/vulnerability specific rules. However > it will be computationaly expensive. This is not really the problem. The problem is: do you really want to store all of your keys on another device. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
