John runs a Web server, IDS and firewall on his network. Recently his Web server has been under constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the Web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever.
John becomes suspicious and views the Firewall logs and he notices huge SSL connections constantly hitting his Web server.
Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and that was the reason the IDS did not detect the intrusions.
How would John protect his network from these types of attacks?
A.
Install a proxy server and terminate SSL at the proxy
B.
Enable the Firewall to filter encrypted HTTPS traffic
C.
Enable the IDS to filter encrypted HTTPS traffic
D.
Install a hardware SSL “accelerator” and terminate SSL at this layer
Explanation:
By terminating the SSL connection at a proxy or a SSL accelerator and then use clear text the distance between the proxy/accelerator and the server, you make it possible for the IDS to scan the traffic.
AD
could somebody give some explain here ? thanks.
D is the Ans.