Network IDP device testing methodology

Presented at BSides Austin 2017, May 4, 2017, 10:30 a.m. (60 minutes).

How effective is your network intrusion detection/prevention (IDP) device? How do you know? How might your defense-in-depth strategy change if your IDP device was not as effective as you thought? In this talk I'll start with an overview of network-based IDP devices, talk about the differences between protecting against exploits and vulnerabilities, and the difficulties facing signature developers. Next I'll discuss a formal test methodology for network-based IDP devices, and provides details* of our setup. Finally, time permitting, we'll examine some of the results of comparative IDP testing and see what, if any, conclusions can be drawn based on the results. * I'd like to make device configuration files, as well as automation scripts available for attendees.

Presenters:

• Garett Montgomery
  MSc InfoSec, Capitol Technology University, 2009 Security Analyst, Naval Postgraduate School, 2006-2010 Security Researcher, TippingPoint/HP, 2010-2012 Security Researcher, BreakingPoint/Ixia, 2012-present

Links:

• Con Page

Similar Presentations:

• THOTCON 0xA (2019) / MIYK - Man in your keyboard
• 44CON 2019 / Making something out of something
• Black Hat Europe 2016 / Breaking BHAD: Abusing Belkin Home Automation Devices