Black Hat Briefings, Las Vegas 2006 [audio] Presentations From The Security Conference

"Technologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and that 100% security is not realistic. Therefore the real need when deploying a new security device is to know its limits. IPS are part of those new technologies. They are oversold by marketing speeches and promises of an absolute security. Guess what? This is not exactly the truth.... The purpose of this speech is not to discredit IPS but to help in understanding the limits of technologies that are involved. We will particularly focus on the following subjects: * conceptual weaknesses and ways to detect "transparent" inline equipments * signatures issues * hardware architecture limitations and common jokes * performance vs security necessary trade-off and consequences * behavioral, heuristics, neuronal stuff etc. reality and limitations Through examples, proofs of concept and test beds results we should provide a broad view of