Hi Stefano,
> kind of design is certainly possible in HIPS where for SSL traffic > keys can be uploaded, Incorrect, in HOST intrusion prevention such artifice is not needed usually. Abhi: --- Please correct me, as per my understanding the HIPS will be executing rules at IP layer and the decryption will be at application layer. So unless HIPS at IP layer does not have the keys how will it decrypt the SSL traffic ? > forward the traffic to exploit/vulnerability specific rules. However > it will be computationaly expensive. This is not really the problem. The problem is: do you really want to store all of your keys on another device. Abhi: HIPS will be executing on the same host as the application. So i think for HIPS there is no concept of storing keys in other device. For NIPS concept of other device come in. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
