Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Advanced » SSL decryption for Sourcefire or Snort IDS without terminating SSL?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

SSL decryption for Sourcefire or Snort IDS without terminating SSL?


Posted by gcoles on May 24, 2005 10:32:47

Does anyone know of a product that provides SSL decryption for Sourcefire or Snort IDS without terminating the SSL session?


Posted by chris on May 25, 2005 16:10:23

HI I found this on the net, the product is called Clearwatch it sounds like it will decrypt the traffic for you, but you'll need java to run it aparently, but whether it will be what you are looking for I'm not sure, have a look at their site here -
http://www.covelight.com/downloads.php
Chris

Posted by gcoles on June 08, 2005 12:01:38

Thank you for the information provided. The Covelight Clearwatch was interesting for testing, but not for an enterprise-level production application. The Breachview SSL should work.

Posted by greymore57 on August 18, 2005 06:30:56

Guys,
this may sound a little naeve but if SSL can be decrypted this easily why is anybody using it, surely my bank details will be in the ssl data for somebody to hoover up, or am I missing something?

Posted by mishka on August 22, 2005 03:56:19

"ClearWatch is a free tool that allows the operator to monitor web, mail (smtp, pop, imap), ftp, telnet or any TCP based network traffic. It can even decrypt SSL encrypted connections when provided with the key."

What you are misssing is the provided with the key part :)

Posted by sfjennifer on June 05, 2006 07:43:47

Yes, Sourcefire has recently established a partnership with Breach Security Inc. to provide exactly this functionality. Breach security has developed an effective Passive (non-termination) SSL Decryption solution for both the Sourcefire and Snort solutions. The product, BreachView SSL, is an add-on appliance that decrypts SSL network traffic prior to the IDS/IPS inspection process allowing for complete security analysis of SSL traffic.

We will be announcing this shortly. In the meantime, further information is available at www.Breach.com or http://www.sourcefire.com/partners/techpartners.html. Or contact us at snort-info@sourcefire.com
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.