| Technical
Professional Track |
Wednesday
Oct 28, 2009 |
Presentation Abstract
|
|
Registration and Breakfast
Sponsor Exhibits |
7:30-8:30 |
Conference Center Lobby & Main Conference
Center Room
Palm Court |
|
|
8:30-8:45 |
Main Conference Center Room |
Keynote - The Bad Guys Are Winning:
So Now What? - Ed Skoudis,
Senior Security Analyst with InGuardians and SANS Instructor
|
8:45-9:45 |
With the continual release of zero-day exploits, ever-larger-scale
botnets, and rampant spyware, attackers have compromised tens of millions
of machines connected to the Internet. With clever attackers mixing
social engineering, physical attacks, and phishing into their bag
of tricks, their rate of successful penetration is both astounding
and depressing. A central thesis of this talk is that a sufficiently
determined (but not necessarily well-funded) attacker can compromise
almost any organization with an Internet connection. The discussion
will first analyze why this is so. We'll then look at the implications
of such an environment for enterprises. How should information security
priorities shift in light of this evolving threatscape and attack
surface? What are the implications for system administrators, incident
response teams, and even penetration testers? We'll also briefly look
beyond the enterprise, and consider the military and national security
issues associated with emerging threats and attacks. |
|
Break
Sponsor Exhibits
|
9:45-10:00 |
Conference Center Lobby
Palm Court |
Security Consolidation and Virtualization - Maximizing Security,
ROI and Environmental Benefits -
Rick Basile,
Senior Director Technical Services, Fortinet |
10:00-11:00
|
Network security consolidation can
help companies save on cap ex expenditure, contain network sprawl,
reduce energy consumption and ease management overhead while
increasing security effectiveness. Rick Basile, Senior Director of
Technical services for Fortinet, will outline this trend, including
assessing needs and benefits, providing real-world examples of the
value of box consolidation, power consumption and cooling load
reduction. |
|
Metasploit: Intellectual Ownership - Rob
Fuller |
11:00-12:00
|
The Metasploit Framework is an amazing tool in the hands of anyone
from computer novice to supreme-ultra-hacker-overlord. Ranging from
professional penetration testing to scaring the living ____ out
of your CEO (in a demo) to get funding for the Security budget,
to learning the basics in security. Truly owning the knowledge of
how Metasploit works could mean the difference needed in those scenarios.
This talk is about the basics of Metasploit with some of the fun
advanced tricks that I enjoy sprinkled in as much as possible.
Because I'm a big fan of owning knowledge, not just regurgitation,
this talk will be interactive. What does that mean? Come to the
talk and find out.
|
|
Lunch
Sponsor Exhibits
|
12:00-1:00 |
Main Conference Center Room
Palm Court |
|
Cloud Computing: Security Implications of Infrastructure
Deployment and Application Development - Aaron
Sanders and Eugene Shustef |
1:00-2:00
|
This presentation would be divided into two parts. The first part
would cover general cloud computing security requirements, and the
specific requirements for hosting tradational server infrastructure
in a third-party cloud computing environment. We currently have
an offering hosted by one of the major cloud computing vendors,
and can discuss the process we followed to review the vendor's security
controls.
The second part would cover the security requirements for developing
new applications that leverage cloud computing architectures (Microsoft
Azure and Amazon Web Services). We are currently developing applications
specifically to leverage cloud commputing, and we can discuss the
issues that we have encountered.
|
| Windows
Configuration Management with the Windows Script Host - Erik
Heisler |
2:00-3:00
|
In the field of information assurance, Configuration Management
(CM) can be defined as the management of security features and assurances
through the control of changes throughout the life cycle of an information
system. CM across large enterprise systems can be a daunting responsibility.
This presentation focuses on leveraging built-in Windows components
and tools to perform the primary tasks associated with CM. The goal
is to provide attendees with the background and tools required to
utilize these techniques the day they return to the office. Every
tool and technique I describe is completely free and most environments
are already prepared to take advantage of them.
|
|
Break
Sponsor Exhibits |
3:00-3:30 |
Conference Center Lobby
Palm Court |
|
Protection of Critical Infrastructure Assets - Painting a RoSI
(Return on Security Investment) Picture? - Shahriar
Beigi |
3:30-4:30
|
The objective of Enterprise Asset Management (EAM) is to maximize
Return on Assets (ROA) of an organization. But to do so, you have
to look into Performance, Cost, and Risk of the asset portfolio.
Moreover, you have to do so in the context of business planning,
operations, and capital investment management of assets.
Enterprise Security Architecture Design around Critical Assets
and Processes, Return on Security Investments, Risk-based Asset
Identification, Valuation, Impact Analysis, and Probability Estimation
are among the topics of this discussion.
Attendees to this session will be provided with Risk Mosaic risk
modeling framework for an interactive discussion of the subject.
|
|
Attendee Reception, Sponsor Exhibits & Peer Networking
|
4:30-6:00 |
Palm Court |
| |
|
|
| Technical
Professional Track |
Thursday
Oct 29, 2009 |
Presentation
Abstract |
|
Registration and Continental Breakfast
Sponsor Exhibits |
8:00-8:30 |
Conference
Center Lobby
Palm Court |
|
|
8:30-8:45 |
Main Conference Center Room
|
|
Confessions of a Social Engineer
- Chris Karr |
8:45-9:45 |
Learn
from Chris's experiences in conducting contracted social engineering
attacks. The presentation will include social engineering theory,
practices and "war stories" as well as what businesses need
to do to prevent/mitigate social engineering attacks and the collateral
damage that such attacks may cause. |
|
Tools and Tips to help Systems Administrators Manage Security
- Dennis Allen |
9:45-10:45 |
We
should all know it by now, "With security comes complexity."
So after we've implemented all of the things we need for better security
and regulatory compliance, how the heck do we manage it all? If you
don't have the time to review every Windows login, check your server's
disk space every hour, find out if there's a new computer on your
network, block those hackers from China, change a toner cartridge,
and check your Fantasy Football score, then you need to hire someone
else, outsource your monitoring, or better yet figure out how to automate
as much as possible. We won't cover how to enable your fantasy alerts
on CBS Sportsline, but we will introduce some useful tools (many of
them free), and some basic scripting skills that will provide information
you can actually use and help manage the ever growing demand on your
time. |
|
Break
Sponsor Exhibits |
10:45-11:00 |
Conference Center Lobby
Palm Court |
|
OSSEC in the Enterprise - Open Source
Log Management, Analysis and Intrusion Detection - Michael
Starks |
11:00-12:00
|
It's 2AM and you're sleeping soundly. Meanwhile,
an attacker has fingerprinted your systems, exploited your web server
and is now moving on to other systems. He's leaving footprints along
the way. Your logs are trying to warn you. Are you listening?
Join Michael Starks in a lively discussion about how OSSEC, an
open-source HIDs (host-based intrusion detection) can help you to:
- Identify policy violations, such as the installation of unauthorized
software
- Identify weak system settings that could leave you open to attack
- Detect unix-based rootkits, both known and unknown
- Detect Windows alternate data streams
- Know when your firewall config changes and what changed
- Assist in forensics investigations by providing secured MD5/SHA1
checksums of system files
- Block attackers in near real-time across the enterprise
- Meet compliance needs across a broad spectrum, including PCI,
HIPAA, SoX and ISO 27001
All of this and more can be accomplished with the free OSSEC HIDs.
Whether your a one-person small business or an international organization
with offices aross the world, OSSEC is designed to scale to meet
your needs. In this informative presentation, Michael will discuss
some of the fundamentals of log management, then move right into
the technical details of how OSSEC can be implemented in your company--even
in under an hour. Finally, you'll be able to see OSSEC detect and
block attackers in real-time. Isn't it about time you started listening
to your logs?
|
|
Lunch
Sponsor Exhibits |
12:00-1:00 |
Main Conference Center
Palm Court |
|
Secure Enterprise Mobile Messaging
- Richard Luckett |
1:00-2:00
|
Mobile devices extend the workplace and increase our ability to be productive. Simultaneously these devices increase an organizations exposure and risk. Mobile messaging options like Microsoft Active Sync, Blackberry Enterprise Server, and Good for Enterprise give an organization more control over these devices to reduce the inherent security risks. In this presentation we'll look what you can leverage to secure your Mobile workforce. Attendees of this presentation will learn the messaging security topologies for mobile access. They will also learn configurations that adhere to security best practices for the enterprise. Administrators will learn what criteria they should look for when defining accepted mobile devise policies. As Richard Luckett has a strong expertise in Microsoft Exchange server, this presentation will conclude by taking a close look at how to implement and enforce an accepted mobile device policy using the latest Microsoft Exchange Server features.
|
|
Malware Analysis For The Enterprise - Jason
Ross |
2:00-3:00
|
You've got Anti-Virus deployed and logging to a central location.
Your IDS is watching the perimeter, and you have your systems on
a regular patch cycle. Malware doesn't affect you, right?
Wrong.
This presentation shows where these technologies are falling
short, and why malware analysis is quickly becoming a need for
companies other than the Anti Virus vendors. We'll discuss
how to set up a sandnet, or "virtual internet", comprised
of a
victim host and a server so that you can :
* Observe Operating System changes made by malware
* Capture network traffic being sent by the compromised host
* Intercept DNS calls and redirect them to services you control
* Set up netcat to interact with unknown protocols
Using these methods a business can determine exactly what has
been compromised and form an effective response to the incident.
|
|
Break
Sponsor Exhibits |
3:00-3:30 |
Conference Center Lobby
Palm Court |
|
Keynote - Zen & The Art Of An
Internal Penetration Testing Program - Larry
Pesce CCNA, GCFA Silver, GAWN Gold, Information Systems
Security, Disaster Recovery and Identity Management at a mid-sized
healthcare organization in New England and co-host for Pauldotcom |
3:30-4:30 |
Larry will discuss why internal penetration testing is so important
and
then identify key components that must exist to create a successful
program:
• Getting Management Buy-In
• Identify The Types Of Testing You Will Perform
• Create A Workflow For Reporting
The presentation also provides several steps and tips for defining
and
developing your internal penetration testing, including:
• Target identification
• Detect OS & Services
• Identify Vulnerabilities
• Exploitation
• Post-Exploitation
• Reporting
The intent is to provide the starting point with a myriad of tips
to guide
your organization to create your own internal penetration testing
program.
|
|
Raffle, Sponsor Exhibits &
Attendee Reception
|
4:30-6:00 |
Palm Court |
| |
|
|
|
(All
schedules are subject to change)
|
