Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Why bother with SSL?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Why bother with SSL? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Why bother with SSL? - 4.Apr.2003 1:02:00 AM   
BobW

 

Posts: 200
Joined: 27.Mar.2002
Status: offline 		I understand that SSL encrypts the data....but why bother? Isn't the only way someone could utilize this info if they somehow are able to sniff the traffic as it goes in/out?

Am I missing somethign here?

Please enlighten me,
Bob
Post #: 1
RE: Why bother with SSL? - 4.Apr.2003 1:41:00 AM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline 		G lets see, because i could find out your network ID, after that it wouldnt take me long to find out the public ip of your mail server. After that I would sniff, and capture your network traffic for an authentification cookie. Since you are using basic authentification, i could cut and paste this authentification cookie in another program (i wont mention the name) and it would reveal your username and password. You can guess the rest.

(in reply to BobW)
Post #: 2
RE: Why bother with SSL? - 4.Apr.2003 2:04:00 AM   
robertcj

 

Posts: 10
Joined: 2.Apr.2003
From: Australia
Status: offline 		What the!??? Sending clear text around is not a good idea!

(in reply to BobW)
Post #: 3
RE: Why bother with SSL? - 4.Apr.2003 2:17:00 AM   
skipster

 

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline 		Seems like a no brainer to me. Granted you would have to posses a certain amount of skill to pull this off, and the majority of the population that is on the intenet barley know how to right click, but all it takes is just one guy with the knowledge, and then you would have a very bad day. Are you really willing to take the risk?

(in reply to BobW)
Post #: 4
RE: Why bother with SSL? - 9.Apr.2003 9:55:00 AM   
Jason Jones

 

Posts: 2265
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		bob,

it's not really worth using basic when SSL isn't that hard to implement - public SSL certs are pretty cheap now and IIS/MMC/ISA are pretty easy to setup for SSL

JJ

(in reply to BobW)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Why bother with SSL? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts