A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


The Little Dutch Boy - D0n Quix0te (Bill E. Ghote) (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Little Dutch Boy - D0n Quix0te (Bill E. Ghote)

Does this sound painfully familiar: After hardening your systems and implementing a firewall, application and vulnerability scanners, network intrusion detection, and comprehensive patch management - Your internal web server was still compromised.

To make matters worse it was then used as a pivot point to compromise your whole network. And you didn't even know it had happened until you got a call from an external security organization.

Like the Little Dutch Boy in that famous story, you discover the tiny hole in your network defenses that the bad guys were able to sneak through undetected. And you realize that the clues were there all along.

If you had seen those simple clues, you could have plugged the vulnerability before it was exploited and prevented the whole mess.

This was the genesis of a new continuous monitoring tool called OMENS. OMENS is a free Windows web server monitoring tool designed to monitor, detect, and block the attackers that traditional Network Monitoring tools can sometimes miss.

In this presentation the creator of OMENS will discuss the blind spots that Network Monitoring systems suffer from, and how these holes can be plugged by a distributed, host based monitoring system. He will also discuss how OMENS is being used to monitor for hostile actors, understand their activity, and to remediate the possible flaws they are probing for - Before they can be exploited.

BIO: D0n Quix0te is the author and creator of OMENS. He has more than 25 years of experience in architecting, installing, maintaining, and defending high value targets. And has been involved in the response and analysis of a number of significant security incidents.

 

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast