Have any of you guys noticed that the McAfee IPS can be bypassed by enabling encryption on the torrent client? I have tried it with qBittorrent and it seems to work when encrption is enabled, even if you block the signature using the IPS policy.
Any ideas on this guys?
that is the general downside of network-based IPS, they are not able to decrypt any traffic in general.
However the McAfee sensors are able to decrypt traffic between clients and a webserver of yours, if you import the private key. You can find more detailed information in the IPS admin guide "NSP_7_5_IPS_Administration_revA_en_us.pdf" on page 540 ff.
Yeap client server SSL is something that is under our control so we can decrpt/encrypt it as we wish.
But from what I have tested, I have noticed that checkpoint/Paloalto firewalls are able to block torrents using application Intelligence even if the torrents are using encryption.
Since McAfee NSP is supposed to be the leader in the IPS field shouldn't they too be able to do the same?