BROADCASTS.com

b'Technologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and that 100% security is not realistic. Therefore the real need when deploying a new security device is to know its limits. IPS are part of those new technologies. They are oversold by marketing speeches and promises of an absolute security. Guess what? This is not exactly the truth....\\n\\t\\n\\tThe purpose of this speech is not to discredit IPS but to help in understanding the limits of technologies that are involved. We will particularly focus on the following subjects:\\n\\t\\n\\t * conceptual weaknesses and ways to detect "transparent" inline equipments\\n\\t * signatures issues\\n\\t * hardware architecture limitations and common jokes\\n\\t * performance vs security necessary trade-off and consequences\\n\\t * behavioral, heuristics, neuronal stuff etc. reality and limitations \\n\\t\\n\\tThrough examples, proofs of concept and test beds results we should provide a broad view of IPS reality, what you can expect from them now and what they will never do for you.\\n\\t\\n\\tRenaud Bidou has been working in the field of IT security for about 10 years. He first performed consulting missions for telcos, pen-tests and post-mortem audits, and designed several security architectures. In 2000 he built the first operational Security Operation Center in France which quickly became the 4th French CERT and member of the FIRST. He then joined Radware as the security expert for Europe, handling high severity security cases.\\n\\t\\n\\tIn the mean time Renaud is an active member of the rstack team and the French Honeynet Project which studies on honeynet containment, honeypot farms and network traffic analysis. He regularly publishes research articles in the French security magazine MISC and teaches in several universities in France."'