This presentation takes a critical look at various aspects that should be considered when introducing an intrusion detection or intrusion prevention system.
Pufferüberläufe gehören zu den häufigsten Sicherheitslücken in aktuellen IT-Systemen. Es wird versucht zu beschreiben, wie sie entstehen, wie man die direkten Folgen unterdrücken kann und mit welchen Maßnahmen man das Gesamtsystem schützen kann. Dies ist die schriftliche Zusammenfassung dieses Vortrages.
Buffer overflows are among the most common security vulnerabilities in current IT systems. An attempt is made to describe how they occur, how to suppress the direct consequences and what measures can be taken to protect the overall system. A short written elaboration can be found here.
It sounds too tempting: You buy the best intrusion detection system on the market, have it installed and configured and then your network is protected. In this talk I explain why this is a fairy tale, what additional effort is required and why it can be worthwhile.
There is a variety of tools to filter packets from a network. One of the most popular ones is the Berkeley Packet Filter (BPF). All such filters are based on static descriptions, e.g., fixed source ports or fixed subnets of IP addresses. These methods work well for most types of network traffic, but there are cases in which a wider variety of applications may be appropriate. In this paper we will introduce a new analysis tool which will allow us to do a time-dependent analysis.
“The whole is greater than the sum of its parts” - SOA and Services
Can we assume that a SOA based system is secure if all services are tested for security? We think the answer is NO. So we will present in this talk additional security aspects which should be tested:
This presentation aims to show administrators, system administrators, operators and network technicians how to perform simple penetration tests themselves.
The libpcap is the foundation of many different tools for monitoring, diagnosing and protecting networks. A bug in the implementation of the analysis of VLANs (802.1q) leads to these programs not receiving important network traffic. This is the written summary of this lecture lecture.
The libpcap is the basis of many different tools for monitoring, diagnosing and protecting networks. A bug in the implementation of the analysis of VLANs (802.1q) leads to these programs not receiving important network traffic. A short written elaboration can be found here.
Information leakage happens whenever an application passes unauthorised information to the attacker. Developers, architects and designers of systems often forget this point when planning secure systems. The lecture describes different variants, explains how to find them and recommends possible countermeasures.