Passive Host Auditing

Presented at DEF CON 13 (2005), July 29, 2005, 4 p.m. (20 minutes)

Traditionally, IDS systems such as snort have been used to monitor attacks against or within a network. This talk will give the outline for turning those tools around and instead using them to audit networks. We will discuss how to identify OSís, tell who is patching, what services are being deployed (perhaps insecurely), and other methods for policy enforcement. This discussion is ideally suited for administrators and security professionals in open and/or decentralized environments, especially those charged with auditing the network. While several signatures and sample scripts will be discussed during this talk, this is a relatively new area of auditing and network security so questions, comments and volunteers will all be welcome.

Presenters:

• jives
  Jives has been doing computer security at a major research university for over 5 years. After initially specializing in host security he has moved into network security. In this area he has written several evidence gathering scripts. Recently he has made a hobby out of using the network to answer questions about the host.

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#jives
• https://infocon.org/cons/DEF CON/DEF CON 13/DEF CON 13 video/DEF CON 13 Hacking Conference Presentation By Jives - Passive Host Auditing - Video.mp4
• https://www.youtube.com/watch?v=eOirJfpnIU8

Similar Presentations:

• Black Hat USA 2016 / CANSPY: A Platform for Auditing CAN Devices
• HOPE 2020 Virtual Rescheduled / QubesOS for Organizational Security Auditing
• DEF CON 24 (2016) / CANSPY: A Framework for Auditing CAN Devices