Intrusions detection systems can often cause administrators to find themselves buried in alert logs. Effective and efficient analysis of alert data will provide administrators the means to tune their systems to help reduce the amount of false positives, false negatives and overall volume of logs.
This presentation will provide a high level overview of IDS basics through a static and hands-on system environment. During the session we will introduce tools and techniques such as data mining and visualization that are available to security professionals to help them dig deeper through the IDS alert logs. Other techniques will be presented to show how data from other network systems and utilities, such as, firewalls, sniffers, and applications can be used to further the understanding of the network traffic. In addition wireless implementation and IDS issues will be discussed.
This presentation will include a collection of “real life” observations on portable network, which will demonstrate IDS tuning methodology. These observations will make evident the need for including or increasing IDS tuning processes in your security program. The various tools and techniques used to detect, analyze and recover from these observations will be presented. Lessons learned and recommendations to address the various issues will be presented.
This perspective on network activity has invaluable information to all professionals involved in the technical or policy aspects of managing security and privacy in electronic communications.
Presenters:
Adam Meyers
Information Security Professional
Information Assurance Program
SRA International, Inc.
Adam Meyers, CCE : As an information security professional and consultant, Adam Meyers, provides clients with complete security expertise, ranging from assessments, forensics, incident response, and security architecture. Additionally he provides physical security assessments, and threat analysis. Mr. Meyers is a Certified Computer Examiner (CCE). Prior to joining SRA, he worked with the George Washington University Security Team, as the Network Manager for the 2000 National Democratic Convention, and as a private security consultant, while pursuing a degree in political science, with specific attention to inter-state information warfare. Adam intends on pursuing a CISSP, as well as a Masters Degree in Information Security.
Recent Publications
CSI 30th Annual Conference Tuning Intrusion Detection Systems
Ronald E. Plesco, Jr., Esq.
Information Assurance and Privacy Counsel
Homeland Security Program
SRA International, Inc.
An Information Security Attorney with 13 years experience in Identity Management/Privacy, Privacy Compliance, Information Assurance and Computer Crime Law, Ronald E. Plesco, Jr. is the Director of the Information Assurance and Privacy Practice for SRA Inc and is currently the Program Manager working on the development of the National Cyber Security Division for the Department of Homeland Security and the privacy counsel for the US-VISIT SBA program. For seven years, Ron served at the pleasure of Governor Tom Ridge as the Director of Policy for the Pennsylvania State Police, Chair Cyber Attacks Committee for the PA Homeland Security Council .
Residing in Harrisburg, PA Ron is also the President of the Industry, DOJ and DoD funded, National Cyber Forensic Training Alliance Foundation and is currently managing an operation to investigate the hacking methodologies associated with SPAM, spyware and phising.
Ron’s unique experience and non-traditional speaking style have made him an internationally recognized conference presenter. Recent presentation topics have included: “High Technology Law”, “Information Security in the Transportation Industry”, “Information Security”, “Corporate Information Warfare”, “Information Terrorism”, “Prosecution of Computer Crimes”, Information Terrorism in the Financial & Retail Sectors”, “Offensive Operations and Ethical Hacking”. “E-Commerce Crimes”, “Financial Fraud”, “Live Identity Theft” “Hacking Live”, and “Vulnerability Assessment and Security Policy,” for diverse groups including the US Army War College, DOJ, DON CIO, NW3C, HTCIA, IAFCI, NAIC and the Energy Association.
Daniel Vanbelleghem
Tech Director
Information Assurance Program
SRA International, Inc
Daniel VanBelleghem is the Technical Director for the Information Assurance Division at SRA International. In this role, he conducts security assessments, incident response and forensics activities. He performs security-related research and consulting activities including providing strategic guidance to customers, analyzing network traffic for security-related incidents, and designing security solutions to maintain integrity and prevent loss of intellectual capital. Before joining SRA, Dan was the Director of Security at Network Forensics and in the security consulting business with Deloitte & Touche and Booz Allen & Hamilton.
Dan is also a faculty member at The George Washington University, where he is an instructor in the Computer Security and Information Assurance certificate program. He holds a Master of Science degree in Systems Engineering from Virginia Tech, a Bachelor of Science degree in Electrical Engineering from Northeastern University and is a Certified Information Systems Security Professional (CISSP). Dan’s professional affiliations include the International Information Systems Security Certification Consortium (ISC2) and the High Technology Crime Investigations Association (HTCIA).
