Presentation Title Defensive Network Security - Practical Methodologies
Emerging computer and network security threats have greatly changed the landscape of the security security scene. These new, advanced and unknown threats and attack methodologies have rendered traditional perimeter security devices such as firewall and IDS/IPS useless. However, the concept of Network Security Monitoring (NSM) has not make these devices obsolete - instead IDS/IPS and firewall device have become one of the essential parts of NSM.
IDS/IPS can only understand known attacks, and totally helpless at detecting submerged attacks. However, they can provide tons of data to the analyst (because of their knowledge of known attacks). The analyst now only need to focus on the events of interest, or alerts that are generated by these devices. In the concept of NSM, IDS/IPS itself is not sufficient. Other types of data are needed for corroboration.
In this presentation, we will introduce the concept of Network Security Monitoring (NSM) which will greatly increase the value of IDS/IPS deployment. We will explain how other network centric data can be utilized to build a defensible network. We will also cover the initiative of developing network security analyst workstation - HeX System as well as its main piece - Network Security Monitoring Console.
Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian governmentâ€™s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.
** Presenting with Lee Chin Sheng (geek00l)