netcontinuum .. for ssl off-loading

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
We have a 'text book' 3-tier ebusiness infrastructure ...

pix -- web server -- netscreen -- app server -- ip tables -- database server

and am considering retiring the ip-tables, moving the pix to that space,and
using netcontinuum at the perimeter mainly for their ability to provide a
complete proxy service for the web front-end especially for their ability to
terminate ssl ... allowing the first line of ids's to see what's going on.

Comments / experiences would be appreciated.


Re: netcontinuum .. for ssl off-loading

BernieM wrote:
Quoted text here. Click to load it
I always thought that The IDS's needed a sensor located before and after
each tier including tripwire on the actual server. The db server needs
to use sequenced wrappers between the web server and the db
communication with sequence ID/ encryption key set dynamically by the DB
server (not web server).

Both sides of the PIX need an IDS sensor.  Otherwise it is difficult to
detect protocol tunneling and other potentially harmful activity.

You do not go into detail of the granularity you are using with IP
tables.  They can be your friend, though redundant in conjunction with
PIX (redundant can be good!).

With Breechview you can intercept and interpret all SSL communications
with most IDS systems.

An alternative option in high load environs is to process the SSL in
either a separate instance or via hardware similar to a rainbow card,
then sensor between the SSL server and web server.  This is not as good
using the Breechview approach, but it works.  Breechview is more
important when IDS is monitoring overall network activity versus just
web server communications.


Site Timeline