DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5

René Pfeiffer/ January 30, 2014/ Conference, Security

Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be nice if your IDS can do the job. How do you find out? Well, in theory you could use the specifications of the IDS systems as published by the vendors/developers. In practice this information lacks the most important figure: How many intrusions can you detect in a given time frame? True, you have to deal with specific signatures of attacks, so comparing isn’t easy provided you take different sets of rules. Then again some IDS engines have their own features and rule sets, so a comparison gets difficult.

At DeepSec 2013 Arron ‘Finux’ Finnon of Alba13 Labs gave some advice on how to conduct IDS testing efficiently. Listen to his presentation if you have to deal with intrusion detection!

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.


  1. And while we’re at it, why not do away with the pentest altogether and save even more cash? Makes just as much sense.

  2. Yes, lets test the effectiveness of the IPS rules and not the underlying app. 1 minute in, and I already disagree with this guy.

    Turning the IDS/IPS off for a pentest actually saves the business money.

Comments are closed.