Effective IDS/IPS Auditing And Testing With Finux

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

IDS/IPS is rarely tested effectively on any Penetration Test. At best the results are based on a sacrificial host being exploited and either the detection system picked up the attack or it failed to. However very rarely does that actually show the real issue or a true reflection of the threats faced by a security device. In this one day training course we will look at what exactly a IDS/IPS does and its capabilities, how detection takes place, and what should make up an effective IDS/IPS test/audit. This training will be of use to people who manage and maintain IDS/IPS solutions, or security testers who wish to offer IDS/IPS audits and assessments to their clients. Attendees will learn why using a sacrificial host for a IDS/IPS audit has its inherent problems, and what alternative testing methods should be used. In addition, what particular issues should be looked at, and how tester can test for them.

Presenters:

• Arron Finnon / Finux - Alba13 Research Labs   as Arron Finux Finnon
  T.B.A.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#WSLOT96

Similar Presentations:

• DeepSec 2013 „Secrets, Failures, and Visions“ / Effective IDS Testing - The OSNIF's Top 5
• DEF CON 16 (2008) / Evade IDS/IPS Systems using Geospatial Threat Detection
• ToorCon San Diego 1 (1999) / IDS: What are they and how can we use them?