05-24-2010 03:27 AM - edited 03-10-2019 05:00 AM
dear experts, hello
i'd like to ask a question about how the IPS can inspect and prevent any atteck in the encrypted packets in some sessions
such as vpn or ssh sessions, is there a technique helping for
that in the IPS?
thanks alot for your help
labib makar
05-24-2010 04:39 AM
No, unfortunately you can't inspect encrypted traffic on IPS. Not supported.
05-24-2010 06:20 AM
so how can we protect the network from the attakes that come in the vpn tunnelling or ssh channel, for example?
thanks for your reply
labib
05-24-2010 06:26 AM
Labib;
For traffic exiting a VPN tunnel, you can place the IPS sensor behind the VPN termination point so it has access to the unencrypted traffic.
There is not an option to inspect SSL encrypted traffic; you would need to rely on a host-based system such as Cisco Security Agent to assist in providing such protection.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide