Presentation Title Defensive Network Security - Practical Methodologies
Emerging computer and network security threats have greatly changed the landscape of the security security scene. These new, advanced and unknown threats and attack methodologies have rendered traditional perimeter security devices such as firewall and IDS/IPS useless. However, the concept of Network Security Monitoring (NSM) has not make these devices obsolete - instead IDS/IPS and firewall device have become one of the essential parts of NSM.
IDS/IPS can only understand known attacks, and totally helpless at detecting submerged attacks. However, they can provide tons of data to the analyst (because of their knowledge of known attacks). The analyst now only need to focus on the events of interest, or alerts that are generated by these devices. In the concept of NSM, IDS/IPS itself is not sufficient. Other types of data are needed for corroboration.
In this presentation, we will introduce the concept of Network Security Monitoring (NSM) which will greatly increase the value of IDS/IPS deployment. We will explain how other network centric data can be utilized to build a defensible network. We will also cover the initiative of developing network security analyst workstation - HeX System as well as its main piece - Network Security Monitoring Console.
C.S.Lee has been working in cyber security industry for the recent 3 years, he was previously CEH trainer and adapting in wireless hacking and pentesting. However he starts to adapt to the art of detecion while fascinated by the framework of Network Security Monitoring(NSM). He is NSM practitioner who believes in using Open Source Power Tool to complete his task. On and on he writes how to decode and performing packet analysis in his blog. He is currently working in Exabytes as System Engineer and involving in vulnerability assessment, network incident handling and response as well as network forensic.
** Presenting with Meling Mudin (spoonfork)