[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISSForum] IDS monitor HTTPs traffic
Edit your Sensor's current policy, click on the "Connection Events" Tab.
Click on the "Add" button and enter a name (like "HTTPS", or something you
could recognize later). Expand the Tree at left pane and search for the
event you just created (it would be at the end) and click on it.
Configure: Protocol = tcp; Destination -> Service (click on the "..."
button) = choose https and click on OK. Also, you could enter some
description and/or change the priority of the event.
Close the Policy Editor and choose Yes to save and apply the policy.
This new connection event you created will inform you when packets using
HTTPS (TCP 443) as destination were seen. If you want you could create a
similar rule to fire when packets using HTTPS as 'source' port are
discovered (that means the response from the Web Server). You can't use
the same event connection rule created before to catch both, you need two
of them, one for destination and one for source port, but the name of this
new event rule could be the same as the previous one.
Off course, this connection events you created can't decrypt the
information exchanged between the browser and the web server and are
useless to find vulnerabilities been exploited. In order to do that you
could try BreachView SSL (Breach Security, Inc.) this software claims for
decrypt SSL traffic for RealSecure Network Sensor 7.0 and make this
traffic visible for Sensor's engine.
I haven't tested yet and I don't know if is officially supported by ISS,
but you could try it.
Italo Tapia Sch., CISSP, ISS-Certified Specialist (ISS-CS)
Research & Development Engineer
Orión 2000 S.A.
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.