11-22-2006 06:03 AM - edited 03-10-2019 03:20 AM
Does Cisco IPS 4200 series support SSL encrypted threat protection ?
Regards
Mohamed
11-22-2006 06:15 AM
If you mean can the Cisco IPS store SSL private keys and decrypt sessions (for example, SSL sessions to your own web servers)....then no.
11-22-2006 01:16 PM
I mean inspect the SSL traffic on the network
Regards
Mohamed
11-22-2006 02:32 PM
For any IPS to decrypt and inspect HTTPS traffic (I assume that's what you are really after) it would have to either:
1) have the necessary private keys ahead of time (like BreachView). For example, this would allow you to inspect traffic to your OWN web servers.
2) operate as a MITM, offering up fake SSL certs to the client. This is how many of the Content Filtering solutions are able to inspect user traffic that is encrypted. This would allow you to inspect user traffic.
Neither of these can be done with the Cisco IPS.
11-23-2006 01:38 AM
What is the BreachView & MITM ?
Coudl you please send me any document explain this issue ?
I need the Cisco IPS 4255 to decrypt and inspect the SSL traffic
Regards
Mohamed Abdallah
11-24-2006 10:25 AM
Sorry if this sounds blunt or callous, but perhaps a bit more career development in the information security field is in order. If time is short, I suggest engaging a consultant or consulting firm which specializes in the infosec field to assist you in managing your expectations of a network security system.
MITM is an acronym for Man in the middle. I highly recommend a bit of GBT (Google Based Trainig). Here's a freebie.
http://en.wikipedia.org/wiki/Man_in_the_middle
You can read about Breach Security Inc. products here.
http://www.breach.com/products_breachviewssl.asp
Another free tip, be mindful of the privacy issues if you go down this path.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: