Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4096 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Inspection of SSL traffic

Greg G

After looking through the UTM 9 features it looks like Web Filtering and Web Application Firewall offer a SSL inspection.  It's my (potentially flawed) understanding that WAF and Web Filtering do not equal IPS.  

Is IPS blind to SSL traffic or is there a way to do SSL inspection in such a way that IPS has a chance to work?

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Greg, and welcome to the UTM Community!

    Intrusion Prevention includes Snort, Anti-DoS Flooding and Anti-Portscan.  Before either Proxy gets to see a packet, it must have passed through the Intrusion Prevention checks.  Snort compares traffic to certain patterns and blocks any that it knows is "bad."

    So, in fact, SSL makes no difference to Intrusion Prevention as it comes into play after the IPS.  It's with the Antivirus in the Proxies where packets are disassembled and scanned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Greg, and welcome to the UTM Community!

    Intrusion Prevention includes Snort, Anti-DoS Flooding and Anti-Portscan.  Before either Proxy gets to see a packet, it must have passed through the Intrusion Prevention checks.  Snort compares traffic to certain patterns and blocks any that it knows is "bad."

    So, in fact, SSL makes no difference to Intrusion Prevention as it comes into play after the IPS.  It's with the Antivirus in the Proxies where packets are disassembled and scanned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML