Why Your Intrusion Prevention System is Susceptible to TCP Evasion
This talk will discuss why any Intrusion Prevention System (IPS) is susceptible to evasion by any traffic carried over the TCP protocol, the majority of traffic into and out of most networks. The talk will elaborate why this is possible, issues that exist making it possible, and demonstrate how it is possible. I hope to present eye-opening insight, based on research I’ve done, why an IPS is an imperfect solution.
Judy Novak – SANS Senior Instructor
Judy currently works at G2 as a senior security analyst. She served as a principal research engineer on the Vulnerability Research Team for Sourcefire supporting Snort rules development, testing, research of IP and TCP reassembly, and performing competitive analysis. Judy has over 12 years of experience in security tool development and analysis of network traffic and has worked on a computer incident and response team. She is the author of three days of material for SEC503: Intrusion Detection In-Depth and a new one-day course SEC567: Power Packet Crafting with Scapy. She is the co-author of Network Intrusion Detection – An Analysts Handbook (3rd Edition) and a SANS senior instructor.