https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321392#M53343 <HTML><HEAD></HEAD><BODY><P>we had a similar problem - we solved it by using a F5 as reverse proxi and terminate the HTTPS/SSL session on the F5 and run un-encrypted from there - and pass the traffic through their ASM module which is similar to the IPS module - and in fact afterwards we also pass the traffic through a ASA and IPS module - but now un-encrypted...</P></BODY></HTML> Thu, 03 Oct 2013 13:27:57 GMT tiwang 2013-10-03T13:27:57Z https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321391#M53338 <P>Hi,</P><P></P><P>Have a question regarding HTTPS traffic going through IPS (AIP-SSM). I understand that Cisco IPS cannot monitor encrypted traffic except monitoring the headers and trailers. So,</P><P></P><P>- Does it mean there's no use of sending HTTPS traffic to AIP-SSM (unless the purpose is to monitor HTTPS headers and trailers)?</P><P>- What kind of protection can be expected by just looking at headers and trailers?</P><P></P><P>Is there any recommendation whether HTTPS traffic should be sent to AIP-SSM or not?</P> Sun, 10 Mar 2019 13:03:58 GMT https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321391#M53338 Hemant Sajwan 2019-03-10T13:03:58Z https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321392#M53343 <HTML><HEAD></HEAD><BODY><P>we had a similar problem - we solved it by using a F5 as reverse proxi and terminate the HTTPS/SSL session on the F5 and run un-encrypted from there - and pass the traffic through their ASM module which is similar to the IPS module - and in fact afterwards we also pass the traffic through a ASA and IPS module - but now un-encrypted...</P></BODY></HTML> Thu, 03 Oct 2013 13:27:57 GMT https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321392#M53343 tiwang 2013-10-03T13:27:57Z https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321393#M53349 <HTML><HEAD></HEAD><BODY><P>Thank you tiwang but it's not a problem for me to not send HTTPS traffic through AIP-SSM. I am fine with not sending HTTPS traffic to AIP-SSM if there's no real use of it as it will be encrypted. So, as I had asked earlier, I just want to know:</P><P></P><P>- Does it mean there's no use of sending HTTPS traffic to AIP-SSM (unless the purpose is to monitor HTTPS headers and trailers)?</P><P>- What kind of protection can be expected by just looking at headers and trailers of HTTPS?</P><P></P><P>Is there any recommendation whether HTTPS traffic should be sent to AIP-SSM or not?</P></BODY></HTML> Fri, 04 Oct 2013 11:25:34 GMT https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321393#M53349 Hemant Sajwan 2013-10-04T11:25:34Z https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321394#M53351 <HTML><HEAD></HEAD><BODY><P>To evaluate what you get by inspecting the encrypted traffic, you can look at the signatures. These Signatures have "HTTPS" in the name. Of course there are even more signatures that work in general on TCP and so on:</P><P></P><P><A href="http://tools.cisco.com/security/center/ipshome.x?i=62&amp;shortna=CiscoIPSSignatures"><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/8/7/0/160078-Safari.jpg" class="jive-image" /></A></P><P></P><P>But at least the "Malformed Handshake" Signature caused lots of false positives in my environment.</P><P></P><P>I don't really have any general recommendations for that. With limited time to work on the sensor I wouldn't care about HTTPS, but if you have some time to implement it, it won't hurt and will give you a little bit better protection.</P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Fri, 04 Oct 2013 12:22:26 GMT https://community.cisco.com/t5/network-security/https-through-ips/m-p/2321394#M53351 Karsten Iwen 2013-10-04T12:22:26Z