If you're hosting a website or other services in-house, it's trivial to watch your network for attack attempts and mitigate as needed. However, for those who use shared hosting, intrusion detection is limited.
Is it possible to build an IDS, through which public traffic can pass for analysis?
I'm proposing some ideas and will be showing a demonstration for a cloud IDS using open source tools to watch over your low-cost ethereal servers. With this, you can hopefully see all the things attackers are attempting, much like you would if you had full control of your publicly accessible server.
Josh is a security analyst with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. When not playing with computer security, Josh rides motorcycles, goes camping and makes dark minimal electronic music. Josh presented at Defcon 18 on the topic of building your own security operations center using open source tools.