Louisville Infosec 2009 Videos
Louisville Infosec 2009 Videos
Below are the videos from
Louisville Infosec 2009 conference. Enjoy.
Insider Attacks: The How's, Why's, and What
to Do's
Dr. Eugene Schultz Louisville Infosec Conference Video
An insider attack is intentional misuse by individuals who are authorized to
use computers and networks. Insider attacks result in more financial and other
loss than another other type of attack. Worse yet, detecting insider attacks is
one of the most difficult tasks facing information security professionals, but
an increasing amount of information about the nature of these attacks and
strategies that inside attackers use, and ways of both preventing these attacks
and/or limiting the damage that they can cause is becoming available. Based on
this information, this talk describes the major types of risk resulting from the
insider attacks, major types of insider attacks and motives for these attacks,
appropriate information security policy provisions relevant to insider risks,
how to better predict and detect insider attacks, and how to respond
appropriately when insider attacks occur.
About the speaker: CTO at
Emagined Security, previous manager of an information security practice and
national incident response team, and retired professor of computer science at
University of CA at Berkeley. Gene is the author/co-author of a book on Unix
security, another on Internet security, a third on Windows NT/200, a fourth on
incident response, and the latest on intrusion detection and prevention. He is
the former Editor-in-Chief of Computers and Security (2002-2007), is an
associate editor for Network Security, is a SANS instructor and member of SANS
NewsBites, has co-authored the 2005 & 2006 Certified Information Security
Manager preparation materials, and is on the technical advisory board of three
companies. He has received numerous industry and academic awards and has even
provided expert testimony before committees in the US Senate and House of
Representatives.
The Internet is Evil
John Strand Louisville Infosec Conference Video
Back by popular demand!!
SANS
professor and technical guru extraordinaire, John Strand, joined us again this
year to share more of his in-depth technical knowledge and rock-n-roll
personality. John currently teaches the SANS GCIH and CISSP classes, and is a
key player in their local mentor program. His extensive experience in computer
security and education encompasses the areas of intrusion detection, incident
response, vulnerability assessment/penetration testing, specialized multi-level
security solutions, security architectures, program certifications and
accreditation. Whew! But that's not all. He holds a Masters degree from
Denver University, where he is also a professor. Amazingly, he still finds
'spare time' to write loud rock music and make futile attempts at fly-fishing.
Paul Asadorian wrote on his
blog -
"While all of the presentations got rave reviews, one of the keynote speeches
was particularly interesting. John Strand gave a keynote speech titled "The
Internet is Evil". Most of us know that the Internet is evil, but John wants us
to do something about it. He challenges us to think differently about defense,
question how much, if any, Internet access your users should have. He also
brings up a good point about the perceptions of users. Many believe that the
average user is not knowledgeable about computers, when in reality they are
using anonymizing proxies to bypass corporate web filtering. John then went on
to identify two areas of "security" that need improvement. I put "security" in
quotes, because it's a false sense of security that the following provide:
- Anti-virus - John points out a new service that allows
you to upload your binary and have it encoded by several different programs,
then review a report of which Anti-virus engines caught it, and which ones
did not. You can find more information on the
PolyPack web site.
- SSL - SSLStrip is a tool that tricks the user into
running a connection over HTTP instead of HTTPS. You can watch
a video demonstration
of this tool in action to get a better idea how it works. John then goes
on to show how this could be combined with
attacks against
BGP to intercept traffic without having to be on the same subnet as your
victims.
John then went on to cover defensive techniques that work, such as using
firewalls not only to restrict outgoing access, but also to enable the built-in
firewall on all of your hosts (especially desktops). The other interesting idea
he presented was to treat your user desktop subnets as hostile. I know this may
sound like a radical idea, but if the users are accessing the Internet and
exposing their systems to malicious code, it's best to treat them as if they are
already infected with malware. I've used this tactic when developing security
strategies for universities and it works quite well."
The Seven Habits of a Successful Information Security Career Manager
Lee Kushner Louisville Infosec Conference Video
Due to the growth of the information security industry and the popularity of
our profession, future competition for information security leadership roles
will intensify. As the number of qualified information security professionals
grow, it will become increasingly more difficult to accomplish your long term
career goals and objectives. To succeed in the information security employment
market of the future, you can no longer be "good," you will have to be "better."
The presentation will demonstrate to the audience how to become more effective
managers of their own information security career. Topics that will be covered
include career planning, career investment strategies, personal branding, and
professional "network" development. At the conclusion of the presentation,
attendees should have the framework for building a career plan that is best
suited to their personal career goals.
Speaker: Lee Kushner is President of LJ
Kushner and Associates, LLC, an executive search firm dedicated to the
Information Security industry and its professionals. Since 1996, he has
provided career management guidance to industry professionals at all skill
levels. He is a regular presenter on topics that include career planning,
interview preparation, and employee recruitment and retention. He is the
co-founder of
www.infosecleaders.com, a career advice resource for information security
pros.
Attacking SSL PKI
Mike Zusman Louisville Infosec Conference Video
The last year has been a rough one for SSL PKI. Fraudulently provisioned
certificates, MD5 collisions, SSL spoofing attacks, and most recently, attacks
against EV SSL. The variety of these attacks shows us how big the attack surface
of SSL really is. From crypto attacks to browser design flaws, attackers have
choices when it comes to man-in-the-middling SSL protected web sites. This
presentation covers one of these vectors: real attacks against CA web sites.
While some folks look to CAs for guidance when it comes to conducting secure
business on the Internet, the CAs themselves can fall victim to the same attacks
consumers look to them for protection against. EV SSL is a step in the right
direction, but with a heavy reliance on low-assurance domain validated SSL
certificates, can we ever get SSL right?
Speaker: Mike Zusman is a Principal
Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike
has held the positions of Escalation Engineer at Whale Communications (a
Microsoft subsidiary), Security Program Manager at Automatic Data Processing,
and lead architect & developer at a number of smaller firms. In addition to his
corporate experience, Mike is an independent security researcher, and has
responsibly disclosed a number of critical vulnerabilities to commercial
software vendors and other third parties. He has spoken at a number of top
industry events including Black Hat, CanSecWest, DEFCON, regional OWASP
conferences, and also teaches Information Security & Penetration Testing at
NYU/Polytechnic University. Mike brings 10 years of security, technology, and
business experience to Intrepidus Group. He is a CISSP and an active member of
the OWASP foundation.
Blocking the Covert Channels Used for Malicious Data Theft
Alex Lanstein Louisville Infosec Conference Video
Browser-based computing, mobility and social networking are giving rise to a
new breed of threat: stealthy Web-borne malware. Cyber criminals are using the
Web as their prime infection vector to take over enterprise and consumer PCs,
and embedding malicious code within user-generated content websites, third party
ads, and high-traffic web applications.
The fact is today's threats exploit the inability of "traditional" network
protection to provide a unified defense against a cyber criminal who attacks on
multiple fronts, from OS exploits, browser attacks, and increasingly,
plug-in/widget vulnerabilities.
Companies need "modern" tools that offer both accuracy and advanced detection
techniques to prevent the calculated, surgical access and theft of their
critical information. Tool Talk attendees will learn:
- The extent of today's sophisticated Web malware and how it works.
- Key differentiators between data leakage and malicious data theft
- Why traditional solutions are powerless to stop today's insidious threats
- How a new network security tool can foil break-ins and detect future
infections
- Real-world results from an organization that is using this new solution.
Speaker: Alex Lanstein, Senior Researcher, FireEye - At
FireEye, Alex handles a broad set of responsibilities including product
engineering, sales engineering, and security research. Most recently, his
security research was published by The Washington Post, PC World, The Register,
and Cisco Systems, where he uncovered botnet and Web malware sites associated
with McColo Corp. His work was key in taking McColo off the Internet as well as
significantly reducing worldwide spam. Prior to FireEye, Alex was founder,
owner, and network administrator of an Internet hosting company. His areas of
expertise include botnets, malware, network security, and functional binary
analysis. Alex has a B.S. in Computer Science from Connecticut College.
Darknets: Fun and games with anonymizing private networks
Adrian Crenshaw Louisville Infosec Conference
Video
This talk will cover the basics of semi-anonymous networks, their use
(political dissidence, file sharing, gaming and pr0n), how they were developed
and what they mean to organizations. The main focus will be on the Tor, Freenet
and anoNet Darknets, their uses and weaknesses.
Speaker: Adrian Crenshaw - Adrian Crenshaw has worked in the
IT industry for the last twelve years. He runs the information security website
Irongeek.com, which specializes in videos and articles that illustrate how to
use various pen-testing and security tools.
Compliance Strategy and Planning
- Building an
Effective Application Security Program
John Pavone Louisville Infosec Conference Video
Compliance doesn't make you secure, but a good
application security program can ensure your applications are compliant with all
major regulations, including PCI, FISMA, SOX, and HIPAA. Application security is
no longer a choice. Between increasing number of attacks and regulatory
pressures, organizations must demonstrate their capability to secure their
applications. Given the staggering number of applications and lines of code
already in production, many organizations are struggling to identify a
cost-effective and compliant approach to gaining this assurance.
Through a series of case studies and scenarios, John will provide awareness of
application security vulnerabilities and verification techniques, compare
pros/cons of remediation approaches taken, and provide a practical and tried
method in establishing a positive application security program. A program based
on four simple balanced focus areas that leverage people, process, and
technology to build the capability to reliably produce secure applications.
Together, these areas with established practices will enable your organization
to successfully manage, improve and sustain an application security initiative
in a cost effective and regulatory compliant manner.
Speaker: John Pavone is Aspect Security's Acceleration
Services Practice Lead, specializing in the enablement of application security
within organizations. John has been an IT professional for over 20 years. In
the last 12 years, John has concentrated solely on Information and IT
Infrastructure Security.
SAS 70 Compliance Auditing
Rick Taylor Louisville Infosec Conference Video
Speaker: Rick Taylor, CISA, Director of
Information technology and Internal Audit, Hawkins Company CPAs - Rick Taylor is
the Director of the Information Technology and Internal Audit Services at
Hawkins Company CPA's and has been with the company since 2002. He has more
than 24 years' IT experience with regional accounting firms, national
corporations (including AEGON USA and YUM! Brands, Inc.), and over 12 years'
experience at financial institutions, including PNC Bank, Great Financial Bank,
and Star Bank. He has performed system security and compliance audits based on
federal regulatory standards, and his vast knowledge and work with network
architecture, disaster recovery, product development, and situational analysis
have led to innovative and cost-saving solutions for many clients.
Virtualizing the Security Architecture: Defending Virtual Servers and
Applications Jason Wessel
Louisville Infosec Conference Video
Will discuss the push of virtualization in the enterprise and how to use
virtualization in a manner that does not compromise the security of the
enterprise architecture. The presentation will cover the following areas:
Drivers that are pushing enterprises to accept virtualization
The impacts and challenges that virtualization has on designing security into
enterprise architectures
The new threat vectors virtualization introduces in an enterprises
Defense-in-Depth based strategies for security virtualization in the enterprise
Speaker: Jason Wessel has over 12 years of enterprise
security architecture experience as a sec consultant for both large and small to
medium sized enterprises. His strength is developing integrated security
solutions for complex network environments with numerous custom applications.
Bob's Great Adventure: Attacking & Defending Web Applications
Paul Asadoorian Louisville Infosec Conference Video
We will explore the age old debate between Alice and Bob, learn about the
latest web application attacks and tools, and learn about the latest defense.
Speaker: Paul Asadoorian - Paul is the product evangelist
for Tenable Network Security, where we writes and produces content to support
the Nessus vulnerability scanner in addition to several enterprise products.
Paul is also the host of PaulDotCom Security Weekly (http://pauldotcom.com), a
weekly podcast discussing IT security news, vulnerabilities, hacking, and
research, including interviews with some of the top security professionals. He
is also the co-author of Ultimate WRT54G Hacking, a book dedicated to embedded
device hacking and wireless security. Paul's other efforts include a monthly
webcast discussing the latest hacking techniques and news, penetration testing,
and coaching capture the flag hacking events.
Advanced Data Recovery Forensic
Scott Moulton Louisville Infosec Conference Video
Every hard drive will die a quick and sudden death sooner rather than later.
What happens after that death can be very important to your data and become the
deciding factor in its survival. Forensics relies on the data, because without
it there is no case. I will display the inner workings of a hard drive in a
beautiful animation and discuss the successes and failures in rebuilding a hard
drive and recovering the data. I will teach you what to look for and how to
accomplish this task on your own so you might be able to recover your own data
without sending it to an expensive recovery house. We will delve into the
platters and heads to show you when there is a good probability of success. The
animated presentations will make it clear how a hard drive works and educates
you on the interworking most forensic experts don't know!
Speaker: Scott Moulton is president of Forensic Strategy
Services, LLC and the lead recovery expert for a data recovery company called My
Hard Drive Died.com. Mr. Moulton began his forensic career with a specialty in
rebuilding and repairing hard drives for legal cases. Many times while working
on a case, Mr. Moulton will be given hard drives that had already failed in an
effort to *blame* the opposition or to impede performance and increase the cost
to the opposition.
Scott Moulton has successfully rebuilt and performed recoveries for many
investigations and has given depositions and testified in many complex cases
involving homicide, embezzlement, theft, divorce, child pornography and
corporate fraud, among others. Mr. Moulton has also been involved in a
precedence setting case about port scanning. In addition Mr. Moulton currently
holds a private investigator license in the state of Georgia.
Blending business and technical benefits together to achieve an
effective and streamlined compliance assessment.
Jim Czerwonka and Jimmy Noll Louisville Infosec Conference Video
The business considerations of determining where an organization stands with
its IT enterprise wide compliance posture from a senior management perspective
to the technical professional's perspective. We will address creating a cost
effective and efficient compliance program through the use of technical
resources and automated tactical tools to meet senior management's compliance
strategy.
Speakers: Jim Czerwonka and Jimmy Noll
Mr. Noll, CISSP is the Director of Security Solutions with Systems Design Group.
Mr. Noll manages the daily operations of the security practice. He also served
as SDG's senior technology consultant where he spent the last six years focused
on information security and network infrastructure design and protection for
clients.
Mr. Czerwonka, CISA, CISM, CGEIT is a Compliance Specialist with Systems Design
Group. He has significant tactical and management experience as a compliance and
audit, information technology, and business process professional. His industry
experience includes healthcare, manufacturing, "Big 4" IT audit and management
consulting, and financial services