Agenda

 

CIScon General Conference Session Descriptions
The Worst Mistakes in Cloud Computing Security - Dr. Gene Schultz	“Cloud computing” means supplying dynamically scalable and frequently virtualized resources as Internet services. With potential advantages such as cost savings, improved computing and network performance, scalability of services and operations, elasticity, greater business agility, simplification of IT solutions, and more, cloud computing is being hailed as a major advance in computing. At the same time, cloud computing potentially introduces numerous security-related risks, many but not all of which exist in conventional networking environments, accompanied by a loss to at least some degree (and in some cases almost complete) of direct control over data confidentiality and integrity, availability of systems, networks, applications and data, and other critical security areas. From a security perspective, where has this “cloud ride” taken us? What mistakes are commonly being made when it comes to security risk management in the cloud? This presentation answers these questions and offers recommendations concerning where we need to go from here if organizations are going to manage cloud-related security risk to an acceptable level.
"Just Another Day At the Office…" - Tony Rucci	...Just another day at the office, except this "office" happened to be The White House, and this "day" happened to be September 11, 2001. During this talk, I'll share some unique thoughts and perspective on that historically tragic day, how it impacted our lives at the White House, and share a few interesting stories that may not have made it in the 9/11 Commission Report, or may have been overlooked. I spent the greater portion of that day with First Lady of the United States Laura Bush and learned more about her strength and resilience during those dark hours than I could have ever imagined otherwise. Like many historic moments in time, people tend to remember where they were and what they were doing during that significant, emotional event. Over time, memory fades. Nearly 10 years later, I can remember many of the details like it was yesterday. ...For those details that are beginning to fade... Rest assured, I'll make up something interesting and show great pictures of blinky-lights and guns!
Where Do I Start? The Jumping Point for a New IT Security Professional - Jason Schaller	This session is geared towards two types of people. Those who have suddenly found themselves in an IT Security position and those who want to break into IT security. It is important for both these groups to understand where to begin, as well as how to avoid the pitfalls of rookie mistakes. A down economy can add to security problems because of shrinking budgets. Small to mid-sized companies are finding themselves looking internally to fill the void for security professionals. Often times these companies grab their top (if not only) IT person and add the task of securing their enterprise. Some IT professionals see this as a perfect time to make the move into IT security but they just don't know the basics. When turning to the web for information, one can quickly find themselves overwhelmed with information about Certifications, Ethical Hacking, Administrative controls, Privacy Laws, and much more. If you have ever asked yourself "where do I start," the answer is "right here."
Cloud Computing and Privacy:  Challenges and Opportunities - Lynette Hornung-Kobes	Cloud computing offers many advantages, including being able to leverage security in a cost effective manner to a variety of entities and sizes of those entities from small to medium to large.  Public cloud computing provides a variety of security services to entities that join the cloud.  Small entities may be able to reap several benefits from cloud computing in that they will enjoy resources that without the cloud would be cost prohibitive and unattainable.  However, one of the challenges is how to provide privacy in an effective manner.  The application of SABSA to privacy in cloud computing can help provide a useful analysis to aid in understanding how privacy can be addressed in cloud computing.  Specifically, the trust model of SABSA is an effective method to identify possible approaches to providing privacy in cloud computing. This interactive session will discuss the advantages offered by cloud computing; the disadvantages of cloud computing, in terms of privacy; and methods of addressing privacy, including using a private cloud, a service level agreement and negotiated contract.  It will also use SABSA trust modeling to analyze some different approaches to providing privacy in cloud computing.
Critical Infrastructure Security - Isolationist Networking in a Connected World - Mike Guthrie	Protecting sensitive data and infrastructure can be challenging.  What if you had something that was so sensitive, so critical to your business that you had to ensure that nothing could ever harm it? This talk will go through ways attackers can get access to your sensitive data even when “isolated” and the methods an attacker can use for exfiltration. Live demonstrations will be performed with detailed explanations of how they work.  Once we have examined the attack perspective, defense against the techniques demonstrated will be discussed. An attendee will come away with effective strategies to protect their sensitive data, a view of why ‘air-gap’ isn’t always an effective strategy, and perhaps some new tools and techniques they can use to test their current infrastructure.
Inside Out - Experiences with TCP Handshaking - Ed Shirey	The normal TCP handshake is easily blocked by firewalls to prohibit connecting in to your network, but through a simple tweak to this sequence, it is possible for a complicit system behind your firewall to allow direct connections from outside. Weaknesses in the handshake are demonstrated through a C utility that works with a coordinating server to allow two peers to connect directly, even though both are protected by firewalls. This discussion demonstrates this technique, suggests possible ways to protect against it, and shows some of the fun things you can do with DNS.
You Are The Target - Lawrence Dietz	This is a table top exercise wherein participants are involved in determining what to do in the face of a cyber attack. In one scenario the attacker is unknown and participants will have to act based on this uncertainty. In the second scenario “other” intelligence sources have confirmed that the attacker is a nation state and participants will work with a military team sent to “help.” In a third scenario, the IT department seems to think that the attacker is an aggrieved ex-employee trying to seek revenge for being laid off.
Enterprise Risk Management - Defending Your Enterprise not Just Your System - Jason Kobes	We will explore the concept of Enterprise Risk Management, which seems to make sense on the surface; however, many organizations don’t know how to implement it into their environment in a way that actually encourages positive change, reduced risk to business/mission assets and a reduced cost of security. We will look at ways to design and implement Enterprise Risk Management principles.  We will develop plans to take your organization from its existing risk concept “the As Is environment” to an Enterprise Risk Management Concept “the To Be environment.”  We will do this by developing an understanding of how to secure the Enterprise, rather than just the systems within the Enterprise through the use of Security Domains, Security Governance and how the domains nest within each other.   Further, we will address trust relationships between the domains and how to measure the security of your Enterprise. Enterprise Risk Management implemented well can provide your organization with reduced business/mission risk, cost savings by eliminating redundant security practices, and an overall better understanding of the security risk in your organization.
Commercial Anti-malware Programs: Vulnerabilities & Countermeasures - Dr. Jose Morales	This session will describe and demonstrate with GUIs the following vulnerabilities in current CAmp: treatment ineffectiveness, process and service termination, man-in-the-middle attacks manipulating parameters at kernel level, redirect scan target paths and buffer ovwrites.  CAmps can be compromised elegantly in various ways allowing malware to go unnoticed. Countermeasures will also be shown: 3rd party armoring at kernel level.
The Network Swiss Army Knife Bruce Schneier Style - Justin Jones	NetCat has been deemed the “Network Swiss Army Knife” for its multipurpose uses in information security testing as well as network administration tasks.  Hackers abroad utilize Netcat for interacting with servers, for offering services to clients, to proxy traffic to other ports or hosts among many other uses.  CryptCat offers these services by encrypting NetCat with Twofish. This presentation will show how CryptCat can be used for: Banner grabbing Creating shells to connect instead of using rootkits Spoofing your source IP address Transferring Files Source-routing
Behavior Based Analysis of Malware - Dr. Jose Morales	This session shows how to use OMAS: omas.ics.utsa.edu to disinfect a system from malware when only a binary sample is available.
Threat Outlook: What's Next? - Brad Smith (discussion leader)	This session will incorporate experience and insights from the audience to discuss new and upcoming threats, emerging trends, and what you should focus on to stay ahead of the hackers.