-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 08:06 PM 3/19/2002, Gabriel Lawrence wrote: >Second, you can use an SSL terminator. There are many vendors who have >products that do this, some of them are simply SSL terminators and some >of them include other features such as load balancing as part of the >package. If you place the IDS on the non encrypted side of the SSL >terminator you are free to look at the HTTP traffic as it flows by as it >is all unencrypted. <.02> ISA Server can do this. I'm not sure if it would still be referred to as an "SSL Terminator," but ISA can establish and publish HTTPS to an internal server over HTTP where the traffic can be examined once it is inside your own network. Someone referred to this as a "chokepoint," but ISA is doing the same job that the web server would have to do, only upstream a bit. I think the ability to monitor the traffic, plus all the other cool things ISA does is well worth the slight publishing overhead created by implementing it. </.02> AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPJnpb4hsmyD15h5gEQIp3gCeNCzWAB0sol+kLu/qP/7YJKVgyqIAoLsF qzW0pF/lq5dnbNo0BjGsuwbU =5+CR -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 10:53:34 PST