«
»

Eyesight to the Blind – SSL Decryption for Network Monitoring

Here’s another post I wrote for the InfoSec Institute. This time, the article shows how to add SSL decryption to your NSM infrastructure, restoring the eyesight of sensors blinded by the use of SSL.

You can read the article here; comments welcome, as always!


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters@dataline.co.uk

About these ads

This entry was posted on 28 June, 2011 at 09:36 and is filed under Crypto, NSM . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Eyesight to the Blind – SSL Decryption for Network Monitoring”

  1. Decrypting SSL traffic with Wireshark, and ways to prevent it « wirewatcher Says:
    30 September, 2011 at 14:23

    [...] I have made some improvements to the viewssld package, which allows inline SSL decryption on your Snort/Sguil/etc boxes. You can read all about it here. [...]

    Reply
  2. glTail parsers for Snort, net-entropy and viewssld « wirewatcher Says:
    28 October, 2011 at 14:22

    [...] written some parsers for Snort, net-entropy and viewssld. A screenshot of them all in action is shown below (click for full size [...]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: