Basic Intrusion Detection with Expose

Comments

Comments are closed.

Rated 5

Anonymous at 12:07 on 19 Nov 2015

Good presentation, nice intro to both the concepts around intrusion detection systems and the Expose library itself. Brave to try out the live demo too.

Great introduction to both the idea of intrusion detection and at least 2 tools to aid in the practice. Would have liked to see a more integrated example to illustrate how Expose can sit in front of an app (rather than just a basic form), but the live code demo was very useful.

Decent introduction to the topic. Definitely got me thinking about the topic for my own system, and I really appreciated the effort. Live Demos are always scary, and rarely work as intended :-)

From the sound of most in the room, a diagram that showed *when* the IDS should do its work seemed to be in order...

Something like.. Without an IDS a system generally works like this:

User Submits Form > Validate Input on the Front End > Post to the backend > Validate Input on the Back End > Push Content to the Database.

*WITH* an IDS, it would look like this:

User Submits Form > Validate Input on the Front End > Post to the backend > IDS check the input >> If it passes (below a certain threat level) > Validate Input on the Back End > Push Content to the Database >> Else > Log, Email, etc. > Redirect User to "Server Error" page.

Obviously, you could build a much more effective flow chart then my scriblings above, but I think you get the picture.

Only other comment, the slide regarding the Apache log was an interesting exercise.. except.. everyones Apache logs are different. So, first I had to figure out what all the fields were that you were displaying (HTTP Code, size of return, route, etc.) and then try and think about what the site structure might be.. and then analyze the log.

Maybe update that slide to be more.. table .. like? With some headers, so we can easily see what each piece is? And then.. split them into a few different definitive examples that you want to show. It felt like.. we were guessing what the problems were.. and you were spit balling what the problems were too. It was a good exercise, just didn't feel .. instructive, I guess.

I think your public speaking skills are good, and you represented yourself and your company well; so good job overall, just a few things I picked out. :-)

This talk was very helpful, I intend to include expose in at least one of my projects. I also appreciated Greg's help and efforts in the hacking open source night!

Good talk! This is a tool that I'll definitely plan to use in my applications.