April 2010 Meeting

posted in: Meetings | 0

Why Your Intrusion Prevention System is Susceptible to TCP Evasion

This talk will discuss why any Intrusion Prevention System (IPS) is susceptible to evasion by any traffic carried over the TCP protocol, the majority of traffic into and out of most networks. The talk will elaborate why this is possible, issues that exist making it possible, and demonstrate how it is possible. I hope to present eye-opening insight, based on research I’ve done, why an IPS is an imperfect solution.

Judy Novak – SANS Senior Instructor

Judy currently works at G2 as a senior security analyst. She served as a principal research engineer on the Vulnerability Research Team for  Sourcefire supporting Snort rules development, testing, research of IP  and TCP reassembly, and performing competitive analysis. Judy has over  12 years of experience in security tool development and analysis of  network traffic and has worked on a computer incident and response team. She is the author of three days of material for SEC503: Intrusion  Detection In-Depth and a new one-day course SEC567: Power Packet  Crafting with Scapy. She is the co-author of Network Intrusion Detection – An Analysts Handbook (3rd Edition) and a SANS senior instructor.