how can the IPS inspect the encrypted packets?

Unanswered Question
May 24th, 2010
User Badges:

dear experts, hello


i'd like to ask a question about how the IPS can inspect and prevent any atteck in the encrypted packets in some sessions

such as vpn or ssh sessions, is there a technique helping for

that in the IPS?


thanks alot for your help

labib makar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Mon, 05/24/2010 - 04:39
User Badges:
  • Cisco Employee,

No, unfortunately you can't inspect encrypted traffic on IPS. Not supported.

labibmakar Mon, 05/24/2010 - 06:20
User Badges:

so how can we protect the network from the attakes that come in the vpn tunnelling or ssh channel, for example?


thanks for your reply


labib

Scott Fringer Mon, 05/24/2010 - 06:26
User Badges:
  • Cisco Employee,

Labib;


  For traffic exiting a VPN tunnel, you can place the IPS sensor behind the VPN termination point so it has access to the unencrypted traffic.


  There is not an option to inspect SSL encrypted traffic; you would need to rely on a host-based system such as Cisco Security Agent to assist in providing such protection.


Scott

Actions

This Discussion