DeepSEC - Effective IDS/IPS Auditing
And Testing With Finux – Arron 'f1nux' Finnon
There comes a time in your life when
you have to walk the walk! As a public speaker, I’ve done my share
of talking the talk, and those that know me, know I have recently
been conducting a lot of small training courses and workshops on
effective NIDS/NIPS auditing and testing.
Truth be told, I’ve been doing this
for two reasons. The first reason, is no matter how much I talk
about this issue, nothing is going to help people more than sitting
down and working with them. The second reason I’ve been on the
road so much is getting myself in shape for DeepSEC training. Now,
if you have to ask why getting myself fighting fit for DeepSEC is so
important to me then you've either not been to the conference, or
frankly you have no idea what on earth you're talking about.
I've always had a great love and
respect for the crew of DeepSEC, and I have never hid that. I've
been to a lot of conferences and frankly a lot of conferences like to
boast about being the best in Europe, DeepSEC doesn't need to boast!
I believe DeepSEC to be the best full-stop! The lack of egotistical
babel; the beautiful city of Vienna; the amazing speakers and
trainers; the warm and friendly family feeling you get there; and
most importantly the crew that manages it, shows that bigging
yourself up doesn't count for anything, doing it does!
So that being said, time to big up our
training offering. So yes, of course ours is the best training
offering ever! Of course you should hurry right now and purchase a
ticket before they sell-out, in fact buy two or three, I mean every
geek has at least one friend! Yeah, it will be biblical and we'll
shove so much information into your brains that you'll be crying pcap
files till new years day, blar, blar, blar. Seriously though, we
have put together something special. Hand on my heart as I swear to
God himself, we have taken everything we've learned about NIDS/NIPS
testing and put together a course that will actually help. No silver
bullets to be found here (we're based in Scotland, we sold the silver
a very long time ago!), just what's needed to actually make a test of
a NIDS/NIPS worthwhile. We cover everything in the Open Source
Network Intrusion Framework (OSNIF) Top5, so NIDS/NIPS Evasion
Techniques, False-Positive Issues, Protocol Ambiguities, Detection
Rates, and Misconfiguration and Invisible Traffic Issues. We cover
why sacrificial host testing with NIDS/NIPS has some serious flaws,
and how to produce clean sample attack traffic to test attacks.
However, we do have something very special indeed planned for the
second day of training.
Now this part is where I get to be
mean, I’m not actually going to tell you the actual details of the
second day. All I’m going to say is we're going to take an issue
that faces enterprise networks everyday, and we're going to analyse
and build an effective defence against it. Now the details are
interesting, and without doubt everyone there will learn a lot.
However, more importantly we'll show attendees how easy it is to take
a threat, no matter how big the hype is, and actually defend against
it.
This training course will be of benefit
to testers as well as defenders. Whilst I’m here, I’m going to
put this out there too. This is the début of our OSNIF Top5
training in Europe, it hasn't been done here, it has never been done,
EVER, with a two day practical defence module. We will be dropping a
new open source project on the second day too. So buy your tickets
now for DeepSEC, come do the training, and come see me and Gavin's
talk whilst you’re there too.
Visit DeepSEC training pages for more
information. http://deepsec.net/speaker.html#WSLOT96
