05-24-2010 03:27 AM - edited 03-10-2019 05:00 AM
dear experts, hello
i'd like to ask a question about how the IPS can inspect and prevent any atteck in the encrypted packets in some sessions
such as vpn or ssh sessions, is there a technique helping for
that in the IPS?
thanks alot for your help
labib makar
05-24-2010 04:39 AM
No, unfortunately you can't inspect encrypted traffic on IPS. Not supported.
05-24-2010 06:20 AM
so how can we protect the network from the attakes that come in the vpn tunnelling or ssh channel, for example?
thanks for your reply
labib
05-24-2010 06:26 AM
Labib;
For traffic exiting a VPN tunnel, you can place the IPS sensor behind the VPN termination point so it has access to the unencrypted traffic.
There is not an option to inspect SSL encrypted traffic; you would need to rely on a host-based system such as Cisco Security Agent to assist in providing such protection.
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: