Bill provides Customer Support, Development, and Training for Active Countermeasures. In support of those roles he has authored numerous articles and tools for client use. He also serves as a content author and faculty member at the SANS Institute, teaching the Linux System Administration, Perimeter Protection, Securing Linux and Unix, and Intrusion Detection tracks. Bill’s background is in network and operating system security; he was the chief architect of one commercial and two open source firewalls and is an active contributor to multiple projects in the Linux development effort. His spare time is spent coordinating and feeding a major anti-spam blacklist. Bill’s articles and tools can be found in online journals and at http://github.com/activecm/ and http://www.stearns.org.
Identifying Compromises Through Device Profiling Using Open Source Tools
The Internet and our local networks have the ability to handle an amazing quantity of connections simultaneously. That strength leads to a problem when we’re trying to detect malicious traffic: how can we tell when one of our IIoT devices like an industrial control unit or camera or even a Windows device are sending traffic that it shouldn’t? In this session I’ll show you how to detect these malicious patterns by combining two open source software packages.