A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Improving security by avoiding traffic and still get what you want in data transfers - Art Conklin (BSides Las Vegas 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Improving security by avoiding traffic and still get what you want in data transfers
Art Conklin

Critical infrastructure systems are frequently constructed with components never designed for use in today's networked environment. While security conscious enterprises have extensive security mechanisms, these do not immediately transfer to many of our critical infrastructure networks. And yet we still need to move data in and out of them safely. This talk examines how to use the computer science concept of state to provide the equivalent of system isolation from hostile traffic on the network. Forget firewalls, air-gaps, and VPNs, and learn to embrace state transfers. This talk will explore the use of state transfer as a safer alternative to network data transfers. As more and more of our critical infrastructure is using TCP/IP networking and being connected via the Internet, methods to isolate the systems from a traffic signal point of view offer the best current technology to protect our networks, both operational technology (OT) and IT. This talk will give real world examples showing how to maintain all desired functionality, and yet sever the connection to unwanted signals carried in network traffic.

Bio: Wm. Arthur Conklin is an Associate Professor and Director of the Center for Information Security Research and Education in the College of Technology at the University of Houston. He holds two terminal degrees, a Ph.D. in Business Administration (specializing in Information Security), from The University of Texas at San Antonio (UTSA) and the degree Electrical Engineer (specializing in Space Systems Engineering) from the Naval Postgraduate School in Monterey, CA. He holds Security+, CISSP, CSSLP, CRISC, DFCP, GICSP, IAM and IEM certifications. He is a fellow of ISSA, a senior member of ASQ and a member of IEEE, and ACM. His research interests include the use of systems theory to explore information security, specifically in Cyber Physical Systems. He has co-authored six security books and numerous academic articles associated with information security. He is active in the DHS sponsored Industrial Control Systems Joint Working Group (ICSJWG) efforts associated with workforce development and cybersecurity aspects of industrial control systems. He has an extensive background in secure coding and is a co-chair of the DHS/DoD Software Assurance Forum working group for workforce education, training and development.

Back to BSides Las Vegas 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast