DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5
Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be nice if your IDS can do the job. How do you find out? Well, in theory you could use the specifications of the IDS systems as published by the vendors/developers. In practice this information lacks the most important figure: How many intrusions can you detect in a given time frame? True, you have to deal with specific signatures of attacks, so comparing isn’t easy provided you take different sets of rules. Then again some IDS engines have their own features and rule sets, so a comparison gets difficult.
At DeepSec 2013 Arron ‘Finux’ Finnon of Alba13 Labs gave some advice on how to conduct IDS testing efficiently. Listen to his presentation if you have to deal with intrusion detection!
And while we’re at it, why not do away with the pentest altogether and save even more cash? Makes just as much sense.
RT @deepsec: #DeepSec 2013 Video: Effective #IDS Testing – The #OSNIF’s Top 5 … http://t.co/3U8BIO2vrt
Yes, lets test the effectiveness of the IPS rules and not the underlying app. 1 minute in, and I already disagree with this guy.
Turning the IDS/IPS off for a pentest actually saves the business money.
RT @deepsec: #DeepSec 2013 Video: Effective #IDS Testing – The #OSNIF’s Top 5 … http://t.co/3U8BIO2vrt
#DeepSec 2013 Video: Effective #IDS Testing – The #OSNIF’s Top 5 … http://t.co/3U8BIO2vrt