Passive Host Characterization presented at ShmooCon 2008

by Matthew Wollenweber,

Tags: Security Testing

Summary : Passive Host Characterization is technology similar to IDS systems, but with several distinctions. The basic idea is to deploy sensors around your network to passively monitor traffic. Rather than looking for signatures, you’re going to focus on rules that collect data from the observed traffic. That data is then aggregated, reduced, and stored in databases. Via data-mining you can then see patterns in your network useful for applications such as host monitoring, content filtering, penetration testing, patch management, or detecting bots.
Matthew Wollenweber is a key member of Foundstone’s team, responsible for providing strategic and tactical security consulting to Fortune 500 and government clients. As a consultant, Matthew focuses on offensive network security and application security. Prior to joining Foundstone, Matthew worked for several consulting and professional services companies providing information security services for government and commercial customers. In those roles Matthew has been a penetration tester, exploit developer, and software engineer. Projects ranged from performing red team assessments of military command and control systems to penetration testing utility companies to developing a software system to passively monitor and characterize Department of Defense computer networks.