DeepSec 2013 Workshop: Effective IDS/IPS Auditing And Testing With Finux
A major part of information security is to deal with intrusions. It doesn’t matter if you have to anticipate them, detect them, or desperately wish to avoid them. They are a part of your infosec life. This is why gentle software developers, security researchers, and vendors have created intrusion detection/preventi0n systems. It’s all there for your benefit. The trouble is that once you buy and deploy and IDS/IPS system, its dashboard looks a lot like the one from the space shuttle or a fighter jet. You can do a lot, you can combine a lot more, and you see all kinds of blinking lights when you turn everything on. That’s probably not what you want. But there is help.
Arron ‘Finux’ Finnon of Alba13 Research Labs will conduct a training on effective IDS/IPS auditing and testing. We strongly recommend attending his workshop, because you will have to deal with intrusions sooner or later, and you will have to think about IDS/IPS systems. They are the basic radar you need to keep yourself in the business and your data out of the hands of adversaries. Arron summarises what you can expect:
So that being said, time to big up our training offering. So yes, of course ours is the best training offering ever! Of course you should hurry right now and purchase a ticket before they sell-out, in fact buy two or three, I mean every geek has at least one friend! Yeah, it will be biblical and we’ll shove so much information into your brains that you’ll be crying pcap files till new years day, blar, blar, blar. Seriously though, we have put together something special. Hand on my heart as I swear to God himself, we have taken everything we’ve learned about NIDS/NIPS testing and put together a course that will actually help. No silver bullets to be found here (we’re based in Scotland, we sold the silver a very long time ago!), just what’s needed to actually make a test of a NIDS/NIPS worthwhile. We cover everything in the Open Source Network Intrusion Framework (OSNIF) Top5, so NIDS/NIPS Evasion Techniques, False-Positive Issues, Protocol Ambiguities, Detection Rates, and Misconfiguration and Invisible Traffic Issues. We cover why sacrificial host testing with NIDS/NIPS has some serious flaws, and how to produce clean sample attack traffic to test attacks. However, we do have something very special indeed planned for the second day of training.
Now this part is where I get to be mean, I’m not actually going to tell you the actual details of the second day. All I’m going to say is we’re going to take an issue that faces enterprise networks everyday, and we’re going to analyse and build an effective defence against it. Now the details are interesting, and without doubt everyone there will learn a lot. However, more importantly we’ll show attendees how easy it is to take a threat, no matter how big the hype is, and actually defend against it.
This training course will be of benefit to testers as well as defenders. Whilst I’m here, I’m going to put this out there too. This is the début of our OSNIF Top5 training in Europe, it hasn’t been done here, it has never been done, EVER, with a two day practical defence module. We will be dropping a new open source project on the second day too. So buy your tickets now for DeepSEC, come do the training, and come see me and Gavin’s talk whilst you’re there too.
We are especially proud to point out that this is the debut of a very professional training containing in-depth experience of IDS/IPS systems. In addition we know about the details of the second day, and we strongly recommend not to miss it. Everyone committed to defending networks and network-accessible data should attend Arron’s training.