| Platinum Sponsors: |
|
 |
 |
 |
 |
Home
About AusCERT
About the Conference
Conference Location
Program
Registration (closed)
Sponsors
Contact Us
AusCERT
University of Queensland
AusCERT2005
AusCERT2004
AusCERT2003
AusCERT2002Presentations:
| 2006 Australian Computer Crime and Security Survey | |
| Kevin Zuccato : Director of the Australian High Tech Crime Centre - Australian Federal Police | |
|
The survey builds on the format of the well-known annual CSI/FBI Computer Crime and Security Survey and includes new lines of enquiry designed to better understand the particular factors which contribute to computer security incidents. The survey provides the most up to date and authoritative analysis of computer network attack and computer misuse trends in Australia over the last 12 months. As before, the survey includes a number of real case studies and expert commentary from Australian law enforcement, AusCERT and other Australian experts. Above all, the survey aims to raise awareness of the complex nature of computer security issues, identify areas of concern and, where appropriate, to motivate organisations to take a more active role in protecting their systems. |
|
| All About Rootkits | |
| Paul Ducklin : Head of Technology (Asia Pacific) - Sophos | |
|
Rootkits are programs which deliberately lie about the state of your computer in an attempt to disguise breaches of system security. In the past year or two, the range and sophistication of rootkits has increased significantly, making them even harder to deal with. This paper documents a range of different rootkit techniques. It details how rootkits work, shows what effects they have on system security and reliability, and explains how you can restore security by detecting and defeating rootkits of various types. Rootkit components are dissected at a number of levels, including at application level, in userland, in kernel mode and at hardware level.
The paper aims to give you a practical working knowledge of rootkit identification and disinfection, even on a system which has already been compromised. Ironically, and possibly even more importantly, this presentation will aid you in determining that a rootkit is *not* present. This is surprisingly important, because the notion of malware "made invisible by a rootkit" often leads to conspiracy-flavoured incidents in which the apparently obvious absence of a virus is assumed to support the hypothesis that a virus must be present! |
|
| AusCERT member forum | |
| The AusCERT team would like to welcome all member organisations to attend an open Q&A forum to discuss existing and upcoming AusCERT projects and services. This will give members an opportunity to meet the AusCERT team and to ask questions and make suggestions. Refreshments will be provided. | |
| Attacks on MD5 and SHA-1: Is this the "Sword of Damocles" for Electronic Commerce? | |
| Praveen Gauravaram - QUT | |
|
Since Wang et al. announced their results regarding the susceptibility of MD5 (Crypto’04) and SHA-1 (Crypto’05) hash functions to collision attacks, there have been many papers advancing further aspects of these attacks. What has been lacking is an analysis of the legal effect of these attacks upon electronic commerce transactions. As technological advancements are made, the law will need to adjust so as to take account of these attacks so that there does not arise a total undermining of the electronic commerce environment. The legal implications of these attacks need to be understood so that the courts do not over react and thus destroy any confidence commerce currently has in operating in the electronic commerce environment. This paper explores the legal implications of these attacks where certain software applications rely, in part, upon either MD5 or SHA-1. |
|
| Administration of NSA Security Enhanced Linux system | |
| Russell Coker | |
|
NSA Security Enhanced Linux is a Mandatory Access Control system for Linux that is commercially supported in Red Hat Enterprise Linux 4 and is available in the Hardened Gentoo and Debian distributions. This tutorial covers all the basic operations of administering SE Linux including starting daemons, adding users, and writing/modifying the security policy. It is aimed at people who have some sys-admin experience on a Unix platform (Linux experience is not required). The audience will learn everything that they need to know to use SE Linux in the field and correctly identify and solve problems related to it. Topics covered shall include:
|
|
| Academia vs. Business vs. Hackers in Information Security: the Case of Identity Theft | |
| Yvo Desmedt : BT Chair of Information Security - Department of Computer Science, University College London | |
|
We have seen an enormous explosion of research in information security, as is evident of the number of publications, conferences, etc. The ease hackers can attack computers, seems to justify the investment in the research. It is natural to wonder whether and how academia influences (or does not influence) business when fighting hacking and other information security concerns. To analyze this relationship, we use the problem of identity theft as an example. We will survey the research by academics in this area for more than 30 years. We will view the problem of identity and identification (also called entity authenticity) in a broad sense. So, we will speak about login, person-to-person identification, etc. We will then discuss how this research was applied (or not) by industry. The role of the hacking community on the crisis we face with identity theft will be analyzed. In order to understand the relationships between these communities we briefly state the fundamental principles that have been the driving forces behind these entities. We wonder whether the government has any role to play or whether it lost its relevance. |
|
| Advanced web services hacking: Attacks & Defense | |
| Shah Shreeraj : Founder and Director - Net Square | |
| Web services attacks are on the rise with evolution of web applications which are consuming back end web services over SOAP. UDDI, SOAP and WSDL are three important blocks of this new attack vectors. Several attacks are evolving around web services like UDDI enumeration, XPATH injection, XML poisoning, WSDL scanning, SOAP bruteforcing etc. At the same time new range of defense is evolving for web services with SOAP filtering. It is critical to know methodologies, attack vectors and defense strategies before deploying web services into the corporate environment. This paper will discuss advanced web services hacking methods and defense approaches. | |
| Bridging the Gap Between Incident Responses and Secure Software Development. | |
| Kenneth R. van Wyk - KRvW Associates | |
| In this presentation, the authors draw on their collective experiences in the fields of secure software development and incident handling. In the course of delivering Software Security consulting and training services to their clients, including having trained several hundred software developers at one of the world's largest mobile phone technology developers in the past two years, the authors have observed significant barriers to success. Many of the barriers exist due to the inexperience of today's software developers in the area of information security. The authors believe that information security staff, and incident handlers in particular, can play a key role in removing these barriers, thereby enabling the developers to design and implement software that can better withstand the security risks faced in today's data processing environments. | |
| Current and Future Mobile Phone viruses | |
| Mikko Hyppönen : Director of Anti-Virus Research - F-Secure Corp | |
| First real viruses infecting mobile phones were found during late 2004. Since then, more than 200 different viruses have been found, most of them targeting phones running the Symbian Series 60 operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth.This presentation will go through the developments so far and looks in to the future of mobile viruses. | |
| Conformance Across Privacy Values, Software Requirements, Policies, and Law | |
| Dr Annie Antón : Associate Professor of Software Engineering - Purdue University | |
|
Effective solutions for privacy protection are of interest to industry, government and society at large, but the challenge is to satisfy the often-conflicting requirements of all these stakeholders. Legislation that constrains privacy and security practices within systems and organizations present additional technical challenges. I will discuss mechanisms that enterprises can use to ensure that their systems are compliant with both the policies they articulate and law. Additionally, I will address the need to understand how to specify, deploy, communicate and enforce privacy policies. Legislators and regulatory bodies need mechanisms to verify how privacy-related laws are actually enforced by enterprises in their software systems. To this end, we are developing compliance monitors to detect violation of stakeholder rights and obligations as expressed in law. Finally, end-users must be able to easily understand privacy policies and need effective, transparent and comprehensible online privacy-protection mechanisms -- I will discuss preliminary results of our most recent survey of 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers. |
|
| Cluster-based Intrusion Detection (CBID) Architecture for Mobile Ad Hoc Networks | |
| Ejaz Ahmed : Lecturer - NUST Institute of Information Technology | |
|
The ad hoc networks are vulnerable to attacks due to distributed nature and lack of infrastructure. Intrusion detection systems (IDS) provide audit and monitoring capabilities that offer the local security to a node and help to perceive the specific trust level of other nodes. The clustering protocols can be taken as an additional advantage in these processing constrained networks to collaboratively detect intrusions with less power usage and minimal overhead. Existing clustering protocols are not suitable for intrusion detection purposes, because they are linked with the routes. The route establishment and route renewal affects the clusters and as a consequence, the processing and traffic overhead increases due to instability of clusters. The ad hoc networks are battery and power constraint, and therefore a trusted monitoring node should be available to detect and respond against intrusions in time. This can be achieved only if the clusters are stable for a long period of time. If the clusters are regularly changed due to routes, the intrusion detection will not prove to be effective. Therefore, we have proposed a generalized clustering algorithm that can run on top of any protocol and can monitor the intrusions constantly irrespective of the routes. We use our simplified clustering scheme to detect intrusions resulting in high detection rates and low processing and memory overhead irrespective of the routes, connections, traffic types and mobility of nodes in the network. Clustering is also useful to detect intrusions collaboratively since an individual node can neither detect the malicious node alone nor it can take action against that node on its own. |
|
| Cyber Insurance and its Economic Viability | |
| Bosco Tan : Research Analyst - SIFT | |
|
Cyber Insurance describes insurance products which can be purchased by organisations in an effort to transfer the financial consequences of exposure to cyber risks. These products are currently only available to Australian organisations though international providers, as there are no local offerings. With a history of approximately five years, the growth of cyber insurance adoption has been stagnated by a number of impediments.These include the lack of understanding and awareness of insurance products available and how they can effectively reduce the financial consequences of cyber risk and the insurability of risks. However, cyber insurance provides an effective solution to the economic problem underpinning cyber insecurity. Where at current, the cost of insecurity is not assumed by any player in the marketplace. Cyber insurance provides a vehicle for external costs of insecurity to be internally assumed by insecure nodes at a level that is proportional to their risk. It also provides financial protection against the contagion effect of insecurity which persists. At a functional level, insurance delivers benefits for those with responsibilities in governance, management, security management, research and development and end product consumption. Given these benefits, there is a role for the IT Security industry, the insurance and reinsurance industry as well as government to encourage the development of a robust cyber insurance market in order to deliver social welfare gains. This presentation is intended to raise the awareness of cyber insurance and explain how it may be utilised in the management of cyber risks. It is intended for all members of the information security industry particularly business and government leaders. The presentation will include a brief overview of current cyber insurance products and suggest ways in which steps can be taken to accelerate the development of a mature market. |
|
| The convergence of IAM & SIM - Enabling the power of Security | |
| Chris Thomas : Principal Consultant - Enterprise Security - CA Australia | |
|
Identity and Access Management and Security Information Management are two of the fastest growing areas of the Information Security industry. While many vendors provide products in each of these areas, CA provides an integrated solution that solves your Identity Management needs while also meeting your compliance and governance requirements.
Learn how combining the strengths of these solutions areas will allow you to reduce your security risk, gain a comprehensive view of your security posture – and most importantly enable productivity gains and increase efficiency between your clients, suppliers and employees. |
|
| Blue Room: Challenges of IT Security in the higher education and research sectors | |
| A panel session including participation from Prof Eugene Spafford (Purdue), Prof Annie Anton (Purdue), Russell Fulton (ISO - University of Auckland - NZ) & Nick Tate (IT Director - University of Queensland). | |
| Data Cube Indexing of Large Infosec Repositories | |
| Alfonso Valdes - SRI International | |
|
Analysts examining large-scale infosec repositories for propagating network events are interested in quickly identifying temporal and spatial (IP address and/or port) regions containing interesting phenomena, or correlating events from different time periods. The size of these datasets strains current query capabilities provided by, for example, relational databases. We introduce a scalable, animated data cube representation and viewer, suitable for a broad range of observables, to permit coarse-grain detection and correlation in such data sets. We scale from the LAN to the Internet through flexible, locality-preserving hash algorithms mapping traffic source and destination (IP addresses or IP and port considered simultaneously). Data streams considered include inherently suspicious traffic such as packets rejected at a firewall, IDS alerts, or traffic to unused address space, as well as Netflow data. We display observables as intensity plots, where X and Y coordinates are the hashed source and target address and the intensity is proportional to traffic volume. Source and target address space may or may not be the same and may or may not be mapped the same way. Propagating events have distinct visual signatures that can be enhanced through matched filtering techniques. Future work will correlate cubes efficiently through cell-by-cell multiplication. An analyst will be able to, for example, examine whether plots representing two time periods (hours or days) exhibit similar patterns. Multiplication of a cube with its transpose permits identification of nodes that respond to potentially malicious probes. These data cubes permit coarse-grained detection and correlation without expensive data base queries. |
|
| Data Encryption - The Ultimate Line of Defense | |
| Bernhard van der Feen : Product Manager - SafeNet Inc. | |
| Protecting data at the asset level via data encryption is the ultimate line of defense against unauthorized disclosure of confidential electronic information. Mobile devices containing confidential data can easily be lost or stolen, and data transmitted through a corporate network, or via the internet, can be intercepted. This imposes considerable risk to sensitive data. A data thief hacker, or malicious employee/ex-employee, who is savvy enough to penetrate through all the perimeter security measures employed in a competent network, must still break through the most difficult and final frontier of fortification; data encryption. | |
| Defence in depth – a model for tackling cybercrime | |
| Alastair MacGibbon : Director, Trust & Safety - eBay Australia & New Zealand | |
|
The Internet is an easy platform to disseminate all manner of information; a fact not lost on criminals, who along with their traditional offline channels use the Internet to target people all over the world. Phishing, spoof and spam are some of the techniques used to commit frauds and just like other criminal activity the perpetrators are coming up with new methods in an attempt to stay ahead of the authorities. Most cyber crime is in fact a reflection of traditional criminal activity, just committed across a new medium. Educating the Australian public and providing them with tools to protect themselves plays an important role in reducing the impact of cyber crime. Technology will continue to develop but it is up to corporate Australia and the wider community to use it wisely. Information, security systems, self protection and improved crime fighting networks will all help but problems must be addressed jointly by corporations, governments and the wider public. |
|
| De-perimeterizing Networks: the need to interconnect Network and Information Security | |
| Hans van Grieken : Vice President Center for Business Innovation (CBI) - Capgemini - NL | |
|
Present-day companies and organisations are faced with a difficult split. On the one hand they want to be agile and client oriented, meaning open to their environment, their clients and their employees. At the same time they want to safe and secure in the way they respect the companies’ interests and that of its clients, partners and employees. Moreover the organisation needs to be compliant to national and international laws in order to survive. In the first part of his contribution to Auscert 2006, Hans van Grieken of Capgemini will elaborate on the growing demand from business and governemental organisations alike to become a “real time” and (more) “adaptive” company. Deriving a number of examples from business and government, he will illustrate that present day security concepts fail to allow organisations to make this transition. In the second part of his speech, Van Grieken will touch on the concept of de-perimeterization and it’s relationship toward Service Oriented Architectures. Finally, in the third part of his contribution, Van Grieken will touch on a number of new technologies that are part of a stack of technologies that Capgemini has identified, which will help companies to become safer and more open at the same time. |
|
| Data Theft: the new corporate Nightmare | |
| Jeremy Poulton : SurfControl Partner Manager - SurfControl Pty Ltd | |
|
According to Australian Computer Crime and Security Survey, more than one in three companies have experienced electronic attacks that harmed their reputation, integrity or availability of network data or systems. Increasingly individuals and businesses are subject to identity fraud and sensitive data theft or leakage. Data theft is the new invisible crime, growing from year to year, representing a serious risk to any organisation. Current data theft risks are escalating in sophistication and can enter organisations via many vulnerability points: spyware, phishing attacks hidden in spam e-mail, viruses or through inappropriate user behaviour. All of this leaves the network vulnerable to hackers to enter and steal information. Since these threats can be introduced to the network via multiple sources, protection has to be across every point in an organization that touches the Internet. Discover how data theft risks are affecting your organization and why holistic, multilayered approach is needed to significantly reduce the risks of successful data theft attack or sensitive data leakage. SurfControl’s world leading Internet security solutions, combined with real-time Adaptive Threat Intelligence™ service, provide an integrated approach to reducing network vulnerabilities. By the end of the presentation, participants will have an understanding of:
|
|
| DNSSEC Use and Deployment | |
| Marcus Sachs : Deputy Director - Computer Science Laboratory, SRI International | |
| The Domain Name System (DNS) is a critical part of the Internet, faithfully translating host names to Internet Protocol (IP) addresses via a world-wide distributed database. Developed in the 1980s, the DNS is a zero-security system, designed in a time of mutual trust and an era of few deliberate infrastructure attacks. In fact, the DNS protocol is not even as secure as the IP layer above which it operates. The arrival of millions of new users to the Internet community in the 1990s introduced a new threat model that the DNS was unable to protect itself against. Today it is estimated that at least 10 percent of name servers on the Internet are vulnerable to DNS attacks. Many technology experts believe that it is just a matter of time before we will see serious attacks on the DNS infrastructure. Since the mid-1990s work has progressed on modifications to the original DNS, called the DNS Security Extensions or DNSSEC. This talk will present a brief overview of how the DNS works and will discuss the work underway to deploy DNSSEC globally. | |
| Defeating Windows Forensic Analysis in the Kernel | |
| Darren Bilby : Senior Security Consultant - Security Assessment | |
|
It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap you are, you load up your forensic toolkit and take forensic copies of current memory and disk. You kick off your tools to analyse the forensic copies you've taken, nothing. All the processes are good, no apparent hooks, all hashes match verifiable sources. You check the forensic copying process, it worked perfectly. What have you missed? How could it not be in memory or on disk? Someone is playing you for a fool, and it's probably someone in kernel land. Your forensic image has been faked, and yet any court in the country would accept your process as sound. This talk will be a low level talk aimed at forensic analysts and administrators. It will show techniques and an implementation for defeating live forensic disk analysis on Windows systems. |
|
| Green Room: eSecurity Cluster | ||||||||||||||||||||||
|
Interested in no-obligation free advice from a range of experts on different information security topics? Come and visit the members of eSecurity Australia at their Birds of a Feather Session on Monday May 22nd. You will have a chance to talk “one-on-one” to the following experts:
eSecurity Australia is a cluster of organisations expert in an area of information security working in collaboration to develop the e-Security industry and business opportunities for the members within that market segment. Contact us at exec@esecurityaustralia.com or www.esecurityaustralia.com |
||||||||||||||||||||||
| eXtreme Hacking – Web Applications | |
| Chris Gatford : Manager - Ernst & Young | |
| Deirdre Hurley : Manager - Ernst & Young | |
| Sascha Hess : Manager - Ernst & Young | |
|
This eXtreme Hacking - Web Applications tutorial will provide an insight into the web application security risks that need to be considered for all applications. It will demonstrate "real life" issues to show what can happen and highlight common security problems encountered. This course will leave attendees with security guidelines, which they can use in the future when designing and implementing web applications. Who should attend this tutorial?
For detailed information on the course content and structure please visit our web site at http://www.ey.com/Global/content.nsf/Australia/Auscert_Tutorial |
|
| Fuzzing: Brute Force Vulnerability Discovery | |
| Michael Sutton : Director - iDEFENSE/VeriSign | |
|
Discovering security vulnerabilities has gone from being a hobby for computer geeks to an emerging industry that is of significant interest to corporations and government entities attempting to protect their networks. Dozens of vulnerabilities are discovered daily, but how? What are the tools and techniques used by security researchers to conduct this ‘black magic’? One of the more popular methodologies used in vulnerability discovery is ‘fuzzing’. Fuzzing is ‘brute force’ approach which throws ‘everything but the kitchen sink’ at a technology in the hopes that the developer hasn’t accounted for all forms of unexpected input. It is a methodology that has existed for some time but it remains unsophisticated due to the lack of automated tools which are essential if fuzzing is to be used successfully. That landscape is changing as open source and commercial tools are now being released. This makes fuzzing available to a wider audience which previously had been limited to security researchers. However, it is important that software developers and QA engineers also embrace such tools. Only when developers begin to embrace a proactive approach to identifying vulnerabilities will we see a meaningful decline in public vulnerabilities and exploits. This presentation will introduce fuzzing and discuss how it can be applied to different classes of vulnerabilities. Most importantly, newly developed open source tools will be demonstrated and released publicly. Two primary audiences will be attracted to this presentation; those wishing to discover vulnerabilities through fuzzing and those who wish to protect against them. |
|
| Fighting Blended Threats | |
| Mike Bessey : Technical Manager - IronPort Systems | |
|
In years gone by spam, viruses and phishing attacks were all discrete methods of attack used by criminals to cause grief or extract money from unsuspecting email users. Today these attacks have become far more sophisticated, they have become blended. This presentation will give you an insight into the tools used by spammers today. Tools that rely on the previous virus infection of millions of innocent user’s PC. It will also show how the good guys can win by using even more sophisticated preventative tools, to block the blended threats without even needing to look inside the emails that carry them. |
|
| Forensic discovery | |
| Wietse Venema : Researcher - IBM | |
| Wietse will highlight the concepts behind his approach to forensic discovery: volatility, persistence, correlation, and more. As with his forensic discovery book, the emphasis is on the general mechanisms, instead of the system specific details that change from one system version to the next. | |
| The full ecosystem of Enterprise Content Security | |
| Oscar Marquez : Chief Technology Officer - iSheriff | |
|
The industry has been led down the garden path when it comes to content security for too long. Your business will rely on a unified content system to meet threats head on but you can¹t deliver threat protection through marketing and a pretty box.
That¹s where I will take you through how content security is made up of building blocks and it¹s more of a methodology than just a box.
For more information, email at info@isheriff.com |
|
| From Email to VoIP: Securing the Global Messaging Infrastructure | |
| Dr. Phyllis Schneck : Vice President of Strategic Development - CipherTrust, Inc. | |
|
This talk presents the challenges and solutions in securing global messaging on the continuum from email, to instant messaging to VoIP. The discussion will present an overview of global communications and the issues with protecting core messaging in whatever form, both asynchronous (email) and session-based (IM and VoIP). We explore the technical components of comprehensive messaging security which includes addressing technology solutions for spam, phishing/fraud, zero-day malware, encryption and multi-protocol outbound compliance – governed by a real-time gateway policy engine and refined with worldwide live data streams. We look at commercial and government implementation examples, and explore regulation – where we are and how much is needed... or not? Also covered is a key component of protecting the messaging infrastructure is the ability to channel subject matter expertise to share knowledge between corporations, government and law enforcement. Most recently notorious in the world of phishing and online fraud, is the ability for government and law enforcement to work with private corporations to better understand the landscape and data that normally only the private sector sees. Private sector, government and law enforcement together create a powerful combination in the fight against transnational organized crime that is often fueled by the robustness of the messaging infrastructure itself. |
|
| Fraud and Phishing in Brazil | |
| Marcelo Chaves - CERT.br | |
|
Brazil has seen a huge increase in incidents related with frauds and phishing scams, specially schemes based on the use of trojan horses, keyloggers, screenloggers, etc. This presentation will provide a brief history of online fraud in Brazil and will discuss how CERT.br is responding to these issues, including technical analysis and coordination with AV vendors and the financial sector. |
|
| Godzilla Crypto | |
| Peter Gutmann : Researcher - University of Auckland | |
|
Done at a reasonably high level, as there are about two dozen books which cover things like DES encryption done at the bit-flipping level so I haven't bothered going down to this level. Instead I cover encryption protocols, weaknesses, applications, and other crypto security-related information. Topics covered include:
|
|
| A Generic Framework for Implementation and Use of Intrusion Detection Systems | |
| Charles Tarimo - Stockholm University / Royal Institute of Technology | |
|
Intrusion detection systems (IDS) are prominent security products for surveillance and detection of both external intrusions and internal misuse of computer-based information systems. These products are not only viewed as very promising from a practical point of view but also they have drawn much research activities, both practically and theoretically; as well as drawing considerable financial interests. Current developments, include but is not limited to, integration with network management systems in general, extensive use of formal languages for describing attack patterns and usage anomalies, and comprehensive standardization of the main system components, data formats and exchange protocols. These developments indicate a fast maturing technology which evolves into a variety IDS products. However, they also indicate a still more complex technology, which tends to be resource-intensive and puts very heavy requirements on the competence of its end-users. While research and development has mainly focused on the improvement and advancement of the product itself (IDS), little attention has been given to prime issues that would facilitate effective and efficient use of the technology from the end-user’s point of view. This in turn decreases its practical usability and hence may deny the benefits that the technology promises. Consequently, effective and practical methods and tools for implementation and use of IDSs need to be developed. This paper describes practical aspects of IDSs. Based on an explorative study of both theoretical and practical aspects of IDS implementation, the paper takes on a holistic view which includes the IDS tools on the one hand and the operational environments on the other hand; then an analysis of issues and characteristics of the resulting system is performed. This analysis draws from the IDS literature as well as from findings of one case study on practical aspects of IDS implementation. The case study involved designing, development and deployment of an IDS (Snort) into a university network. This case study serves a purpose of participatory observation for the author/researcher and hence the notion of ‘end-users’ taken in the paper.
Finally, a generic framework that captures deployment requirements for intrusion detection systems is proposed. With such a generic framework, IDS users are supposed to be equipped with a tool, in the form of an increased understanding, that may help them in making informed decisions regarding IDS product selection, planning, implementation, and operations in organisations networks. |
|
| Hardening National IT Infrastructures with Trusted Systems: Mission Impossible? | |
| William J (Bill) Caelli : Assistant Dean - Queensland University of Technology (QUT) | |
|
National information infrastructure protection (NIIP) has taken on increased relevance in the 21st century as all forms of critical infrastructures in a nation become almost, and sometimes totally, dependent upon information and communications technology (ICT). However, with the commoditization of the ICT industry some 25 years ago that national information infrastructure has been largely constructed without overall security imperatives in mind. This applies to most computer hardware, software and data communications products at a time when, given known vulnerabilities, threats from expert opponents are on the rise. Can such an infrastructure be “hardened”, particularly where critical industries are involved? And what roles should government, the ICT industry, user industry and end-users play? Is it about time to stop “blaming the user” and look to government and industry for leadership? Perhaps the USA’s Federal Information Security Management Act (FISMA) of 2002 may give some direction, along with NSA’s Secure LINUX activity. But with “Service Oriented Architecture (SOA)” taking hold, is it all too late? |
|
| Honeyclient technology and the latest client-side attacks | |
| Kathy Wang - The MITRE Corporation | |
|
Organizations that are interested in maintaining situational awareness often deploy honeypots. However, honeypots are only able to detect attacks on servers, due to their passive nature. Honeyclients are client-based applications that actively seek malicious servers to gather data for further analysis. This talk will focus on honeyclients, how they can be used, and will share interesting data that has been gathered with a honeyclient. We will also focus on the MITRE Honeyclient Project, and show you how you and your organization can get involved in this community effort. |
|
| How vulnerable are you really? | |
| Daniel Zatz : Managed Security Services Business Manager - Asia Pacific, VeriSign | |
|
Most organisations conduct regular vulnerability scans and risk assessments, but there are a number of issues that affect the relevancy of the data to individual organisations that are often overlooked, or simply not recognised. Most importantly, vulnerability data is generally based on generic information, so just because a vendor says it is critical, does it really mean that it is really critical within your own environment? Or should a vulnerability be critical if no one is trying to exploit it? In addition, vulnerability data only deals with the impact to that specific host, not necessarily about how that vulnerability will impact the rest of the network. This presentation will examine ways to help your organisation identify, visualise and quantify information security risks specific to your own environment. This will enable enterprises to make better operational and financial decisions by providing a holistic view of threats, vulnerabilities, network access policies and business impacts, at a device, business unit and enterprise level. |
|
| Introductory Malware Analysis Techniques | |
| Eddie Cornejo - DSD | |
|
With the emergence of several high quality analysis tools malware analysis is now well within reach of the common household geek. This workshop aims to teach basic malware analysis skills to people who have not previously been exposed to this discipline. Those who have worked in the malware analysis industry are invited but may find the workshop too simplistic. The workshop will run through several examples demonstrating different aspects of malware analysis, including:
|
|
| Identity Management - latest fad or potent business tool? | |
| Archie Reed - HP | |
| The industry pundits are saying Identity Management will take off with double digit growth in the coming years. Would you bet your money on it? Is this realistically a valuable new business tool? Where do you start on the journey? What should you expect? What are the traps to avoid? | |
| Information Security as a Strategic Asset at Microsoft | |
| Mark Estberg : Director of Information Security Analysis, Design and Awareness - Microsoft IT | |
| The Microsoft Information Security organization is on a journey to play a strategic role in the Microsoft business. Learn how the Microsoft Information Security organization has applied people, process and technology to proactively manage risk and enable the Microsoft business. This session will also explore how Microsoft Information Security is using information security governance to bring business strategy and the Information Security organization closer together. | |
| Information Security: Insanity Rules | |
| Eugene Spafford : Professor - Purdue University | |
|
Albert Einstein is reputed to have said "Insanity is doing the same thing over and over again, but expecting different results." By this definition, most people attempting to establish secure systems are insane. To achieve security, they continue to deploy the same software, attempt to protect their systems with firewalls, anti-virus, and IDS. However, the threats keep coming, and systems continue to fail. This presentation will present some observations of the things that are driving us crazy in information security. I will describe fallacies that have led us to place our trust in the wrong places, and some basic aspects of human nature that complicate our ability to rectify the problems. Better security can be achieved by breaking the cycle of doing the same things over and over again. The audience will be left with ideas of how to regain some sanity and peace of mind, at least as far as information security is concerned. |
|
| Insider Threats | |
| Eric Cole : Chief Scientist - Lockheed Martin Information Technology | |
|
Security is not new and organizations have been focusing significant effort to combat attackers that pose to do harm to their critical assets. Firewalls, intrusion detection systems, virtual private networks, just to name a few have been deployed as best practice across a company. While organizations have spent significant money on network security, the problem is that most of it has been to prevent, detect and deter the external threat. While the external threat can cause harm and needs to be addressed, the internal threat can cause just as much harm and be devastating to an organization if not properly addressed. The key concern with the insider attacker is that they have access which gives them the means and methods to perform the attack. Therefore methods that have worked for the external attack will not work against the insider. This tutorial will look at the insider in detail, address the problem and cover creative ways for dealing with and preventing a determined insider. |
|
| Is that App Really Safe? | |
| Jesper Johansson : Senior Security Strategist - Microsoft | |
| How many times has a vendor told you that “Sure this app is safe. We use encryption.” But is it possible to really know whether the app is safe without performing a full analysis? Yes, there are some red flags that you should look out for. Jesper Johansson shows you how in this session. We cannot make application penetration testers out of you in this short time but we can at least teach you about the glaring holes you should look for. We will cover how to perform analysis on common off-the-shelf (COTS) software, such as enterprise services, web sites, any application that talks to database servers, and other software. We can’t tell for sure that an application is safe but we can at least point out some ways it can be blatantly unsafe. Having that level of confidence is an integral part of your risk management strategy in order to Protect Your Windows Network. | |
| IT Security Management: A broad look at an even broader topic | |
| Karl Hanmore : Operations Manager - AusCERT | |
|
The term IT Security Management refers to a large number of loosely related issues. There is an enormous volume of information on the topic - Amazon.com lists over 850 titles within the category "Computers & Internet" relating to security management. This presentation takes a brief look at some of the multitude of areas involved in security management. The aim is to examine the parallels between IT security management at various levels of the community. It is hoped that as a result of this exploration, the need to "Think globally, secure IT locally" will become apparent. |
|
| Keeping The Bad Guys Out and Good Guys In | |
| Adrian Noblett : Networking Specialist - Nortel | |
| Securing the IT infrastructure of an Enterprise can be a daunting task. In theory a secure Enterprise will protect its information assets by denying access to un-authorised users or systems, while at the same time providing seamless connectivity for trusted users and systems.In practice however this can be a difficult task to successfully achieve. The common result of implementing a tightly controlled Enterprise security solution is that not only are the ‘bad guys’ kept out, the ‘good guys’ are often also denied access. As a result of this many Enterprises accept a level of ‘risk’ to provide the balance between information protection and open access for employees , which can be attributed to the fact that authentication and authorisation systems in an Enterprise only understanding two possible results; AUTHORISED or DENIED. Nortel solves this security issue by implementing a layered approach to security and providing the ability to implement a GREY access control environment where the good guys are always let in. | |
| Log Analysis | |
| Abe Singer : Computer Security Manager - Security Techonogies Group San Deigo Supercomputer Centre | |
|
Focusing on how to build an infrastructure to collect, preserve, and extract useful information from computer operating system and application logs - ultimately to help the system administrator learn more about what is happening on their systems and network. Logfiles hold a wealth of information, from resource utilization diagnostics to problems with hardware and software, security problems, and forensic traces of intrusions. Many system administrators have been told to "go figure out those logs." It's a daunting task - there's an awful lot of information in log files, unfortunately it's not well organized or codified. Formats of messages, even timestamps, vary between applications, and sometimes even between different versions of the same application; different operating system distributions will use different messages to record the same event; and the information you need may be spread out over several messages. The system administrator often ends up building a system based on the relatively random data seen early on, instead of having an idea of what they'd really like to know before starting. This tutorial will show how to take a methodical approach to collecting and extracting information in an organized manner. The focus will be primarily on UNIX syslog, with some discussion of Windows logging and other sources of log data. Examples are heavily weighted toward security issues, but provide some examples of resource and diagnostic monitoring. Many real-world examples from logs are included throughout the presentation. The tutorial consists of:
|
|
| Logical Separation and Protection of Hosts on your Network | |
| Grae Meyer-Gleaves - Data#3 | |
| Scott Gosling - Data#3 | |
|
Most of the major vendors now have solutions to logically separate hosts on your network. In addition, some of the technologies allow you to quarantine hosts based on patch levels, antivirus signatures being updated and other criteria. In some instances, the technology allows you to apply patches and settings prior to trusting and connecting them to your critical information systems. This presentation will aim to explore some of the solutions out there at a high level. How your organisation can benefit from the use of logical separation of hosts on your network will be covered. Some of the myths will be answered and questions such as 'how are we going to manage this' will be explored. Specific solutions such as Microsoft's Network Access Protection (NAP) and Cisco's Network Admissions Control (NAC) will be compared and untangled. The presentation will highlight and discuss:
|
|
| Myths and Realities: The Security Business and the Business of Security | |
| Richard Thieme - ThiemeWorks | |
|
Illusion, misdirection, and ridicule: these are the hallmarks of deception as applied to security, intelligence, and counter-intelligence. Reach for a critical piece of "competitive intelligence," i.e. economic espionage, and there's no pea under the shell; watch as propangda and public relations merge and become difficult to distinguish. Understand why Eddie Bernays, the father of spin, and Joseph Goebbels were ironic brothers under their skins. Now add to this state of affairs supply chains of global vendors, many with invisible alliances with hidden partners (corporate, state, and non-state actors) and intel agencies, most making claims that a middle manager finds impossible to verify -- and meanwhile The Boss demands decisions made NOW on the basis of some "useful truth" that security professionals know is a moving target. Conflicting myths and realities confuse the security business even as it morphs into the big business of security. Boundaries dissolve, identities are uncertain, claims are exaggerated and unrealistic, and "insider threats" are difficult to identify and counter. Richard Thieme attempts to iluminate this crazy landscape with a bit of crazy wisdom. If you were anxious before his presentation, you'll be doubly anxious afterward but you'll have a clue as to how to move in this Alice in Wonderland world. . |
|
| Managing beyond known threats | |
| Peter Woollacott : Chief Executive Officer - Tier-3 | |
|
Effective ICT governance demands a systematic and auditable means by which ICT usage is managed to support the needs of the enterprise. It demands due care and accountability for the control and protection of ICT confidentiality, integrity, availability and policy compliance. To satisfy these demands and protect information assets effectively those responsible for ICT security and governance must meet these governance objectives in an increasingly complex and risky networked business environment. This requires a risk management based process for the identification, contextualisation and mitigation of risks that might impact ICT systems and potentially the operation of the enterprise. Recent risk management models categorises the universe of risk into: (i) known (K), Non-deterministic ICT threat management systems systematically process and dynamically baseline each and every event. They automatically execute multiple analyses processes to determine whether a particular event is familiar or anomalous when compared to its historical behavioural pattern of occurrence. By comparison with a behavioural profile each event can be categorized as known (K) or unknown (u) and with subsequent analysis measures of the relationships between events, assessment of the threat severity and potential impact can be prioritized. This anomaly-based behavioural approach to ICT threat management is unique in its ability to detect the unknown, and instantly, any manifestation of an unknowable threat. As a result behavioural based threat management systems are able to identify risks that are quite invisible to deterministic or signature based security management systems. The irrefutable conclusion being that signature based technologies are unsuitable for ICT Threat and Compliance Management purposes because of their inability to recognise and hence manage anything beyond the expected. |
|
| Malware. Is it dooms day, or just another day? | |
| Dave Marcus : Security Research and Communications Manager - McAfee AVERT Labs | |
| New and emerging threats will never go away. Instead, they are multiplying and evolving to ever hardier breeds of malware. Financial gain has been the change in motivation for malware development over the last 18 months. We delve into the latest in emerging threats and discuss how these threats are mitigated with research and common sense application. | |
| Managing Identity in the Cyber World | |
| Jo Stewart Rattray : Director Information Security - Vectra Corporation Ltd | |
|
Identity Management is generally thought of as a system of policies, processes and technologies that enable organisations to control and indeed manage their users’ access to critical systems and applications. Restricting access and securing sensitive information we protect both personal and company confidential data from unauthorised use. In many instances users require access to a wide range of systems and applications which are distributed across both internal and external computer users. Organisations are now finding themselves in a position where they are not just providing access to information to users who are internal to the organisation but also to those from the ‘outside world’. Management of such environments means that we could say that we are managing multiple versions of user identities as their access levels vary across systems and applications making the task even more daunting.
And how do we know who our users really are? Are they who we believe them to be? Managing and verifying identity are of paramount importance in the protection of our corporate assets. Identity related offences cost Australian business in excess of $2 billion during 2002 – 2003. This presentation will uncover some of the methods that can be used to avoid your organisation being one of the statistics. |
|
| Miscreant Life Beyond MS | |
| Steve Gill - Team Cymru | |
| Yes, there is abundant miscreant botnet life outside of Microsoft. This is a treatise on the resurgence of Unix based bots, miscreant methods, malware, and motivations. These motivations transcend any one operating system, tool, or technology. In the underground, it's all about CRIME; it's all about PROFIT. Miscreants GET it. | |
| Myths, Misconceptions and Mitigation Strategies | |
| Adam Biviano : Premium Support Manager - Trend Micro Australia | |
| Since the turn of the century the threat of malware has changed significantly giving rise to various myths and misconceptions concerning best practice mitigation strategies. Instead of large global outbreaks attacking one specific technology or exploit, the 21st century is hall-marked by integrated threats such as spyware, which are specifically aimed at generating profit. Accordingly, network and content security technologies are now being drawn together to re-define best of breed approaches to everyday threat management. Biviano, a CISSP, leverages his years of engineering experience to explain how these changes are impacting network environments and details new techniques and strategies for dealing with these threats. | |
| Managing Risk: Is it Right for Your Business | |
| Karen Worstell | |
| Are you wondering just what exactly being a CISO means? Does everyone need one? Come share Karen’s experience as VP of IT Risk Management and CISO at major US companies and take away perspectives on Risk Management, roles and top considerations for CISOs, CIOs and Risk Managers to ensure that Risk Management and IT Security are right for your business. | |
| Microsoft Security “Question Time” | |
| Jesper Johansson : Senior Security Strategist - Microsoft | |
| Peter Watson : Chief Security Advisor - Microsoft Australia | |
|
Come along & ask our panel of leading Security experts the tough questions about Microsoft Security. The panel will include Microsoft Security experts such as:
To encourage you to ask your questions, an independent adjudicator will be giving away the following prizes to the 3 best* questions asked during the session:
*the independent adjudicator’s decision is final & no correspondence will be entered into. |
|
| A New Authentication Mechanism and Key Agreement Protocol for SIP Using Identity-based Cryptography | |
| Ernest Foo : Lecturer - QUT | |
| The Session Initiation Protocol (SIP) protocol is commonly used to establish Voice over IP (VoIP) calls. IETF SIP standards do not specify a secure authentication process thus allowing malicious parties to impersonate other parties or to charge calls to other parties. This paper proposes an extension to the SIP protocol that uses an identity-based authentication mechanism and key agreement protocol. These extensions provide stronger cryptographic assurances for VoIP authentication and enable provably secure key agreement between users. The use of ID based cryptography means that a large Public Key Infrastructure (PKI) is not required thus making this protocol viable for large scale implementation. | |
| An Open Architecture for Digital Evidence Integration | |
| Bradley Schatz - QUT | |
|
Recently the need for "digital evidence bags" - a common storage format for digital evidence - has been identified as a key requirement for enabling inter-organisational sharing of digital evidence, and interoperability between forensic analysis tools. Recent work has described an ontology based approach to correlation of event log based evidence, using semantic web technologies for describing and representing event log based digital evidence. In this paper we apply the representational approach to the integration of metadata related to digital evidence, and propose a globally unique identification scheme for digital evidence and related metadata. We relate the representational approach to the digital evidence bags concept identifying a number of shortcomings. We propose an alternative architecture for digital evidence bags, which we call the sealed digital evidence bags architecture. This approach treats bags as immutable objects, and facilitates the building of a corpus of digital evidence by composition and referencing between evidence bags. This architecture facilitates modular forensic tool development and interoperability between forensics tools. |
|
| Online Aspects of Fraud and Identity Theft as seen by the ATO and what is being done to address it. | |
| Michael Monaghan : Deputy Commissioner - ATO | |
|
The ATO, as with many other financial payment organizations, has to deal with fraud involving the use of false or stolen identities. As the Tax Office moves further into interacting with its taxpayer clients online, the opportunities for this activity have increased. Over recent years, the Tax Office has undertaken considerable work to improve its proof of identity and registration processes. This has seen a relative shift from false to stolen identities. Our response has been to complement these approaches through activities such as reviewing and archiving inactive Tax File Numbers and matching identity data with other agencies to enhance the accuracy of tax records. In addition, we continue to enhance business to business authentication controls and improve identity management practices around on-line transactions. This is being achieved through the engagement and education of tax practitioners in relation to the security of their own systems and authentication information, and the introduction and promotion of approved authentication methods such as digital certificates. The Tax Office continues to enhance its controls across the release of high risk refunds and to action all referrals of possible fraud. |
|
| One Size Does Not Fit All: Building Trust and Invigorating Online Transactions for Consumers | |
| Steve Terry : Managing Director - Australia & New Zealand RSA Security | |
|
Today’s consumers are using the online channel to do everything from signing up for financial services to paying bills and trading stocks. By adding peace-of-mind to transacting online, organisations and Government organisations can increase the frequency with which their customers turn to the Internet. But as consumers rely on the Internet for more daily activity, they face growing concerns over account security. Consumer account security is provided almost exclusively via single factor authentication but a recent rash of identity related transgressions by corporations, a notable up-step in the number and frequency of phishing attacks, and the proliferation of key logging spyware have heightened consumer sensitivity to online account fraud. Organisations are facing a sophisticated, organised and innovative technological crime wave. In response, protecting financial assets brings forth several options – and one size doe not fit all. Different customer groups require different levels of security. Different types of transactions are riskier than others. Different segments of customers desire various forms of protection.
Join RSA Security to learn about Adaptive Authentication – a flexible, layered authentication approach that matches security with transaction risk and customer need and preference. |
|
| Protecting Against the New Wave: Revising Security Strategies to Meet the Closing Vulnerability Window | |
| Ben Chan - Patchlink | |
| Neal Gemassmer : Vice President - PatchLink | |
|
Neal Gemassmer, Vice President of PatchLink Corporation, Asia Pacific, will outline how organisational security compliance programs can be reinforced with strategies for patch and vulnerability management. Specifically, attendees to this business presentation will learn:
With the growing number of vulnerabilities and the closing window of time between when a vulnerability is found to when it is exploited (as little as 48 to 72 hours for high profile vulnerabilities), the need to prioritise and implement patches quickly is more critical than ever. This closing vulnerability window is opening up corporations’ pocketbooks. The Zotob worm in August 2005 was classified low-risk but the cost to infected businesses was an average of US$97,000. Even at this high cost, the impact of Zotob was milder than the Slammer or Sasser worm outbreaks.
However, most organisations continue to miss the vulnerability window by a mile, taking an average of 63 days to implement a patch. This long delay in patching leaves systems wide open to attack. At the same time, organisations that rush an untested patch online face the risk of damaging critical systems. 1. Planning
Attendees will learn how to risk-assess the business. The IT security team should know what the potential vulnerabilities are, where those vulnerabilities are, and how important it is to the business that they are fixed. This means an in-depth study of all of a company’s IT assets. When the company knows what it has and where, it can then check the vulnerability status in each piece of firmware and software. It’s also important to establish which systems are critical, which should be patched first and which need constant patch maintenance.
2. Prioritise
For most organisations, even those with security patch management solutions in place, patching everything straight away is not an option. The IT security team has to be able to cope with the work in progress, and to have the capacity to address any issues which arise during the patching process. The most direct approach is to deal first with the systems that are most prone to attack or hacking – such as ecommerce systems, mail systems and critical business applications. Then move down the food chain to non-critical systems. It’s important to factor in timing of maintenance too – for example, those systems used by office staff should ideally be patched out-of-hours. 3. Policy
Based on the findings of the risk assessment and the patching priorities, the IT manager or CSO should develop a patching policy – specifying what patches should be applied, to which systems, and in which order. Ideally, the policy should have two elements – one to deal with routine, non-critical patching issues in a regular, repeatable maintenance cycle, and a second for serious patches that have to be installed quickly. The policy should also have a procedure for assessing and distinguishing the severity of new alerts. This maps onto the features that should be considered essential when evaluating security patch and vulnerability management solutions. 4. Performance
Even the best patches from the most reputable vendors have not been tested in every possible environment. Following a successful test, if a patch is to be applied to a particularly business-critical system, attendees will learn how to conduct a trial roll-out of the patch first if possible and therefore ring-fence any risk from the new patch. 5. Products
The key points to check in any patch and vulnerability management solution are:
By attending this session, attendees will learn how to make patching an integral part of their overall security management strategy helping to eliminate vulnerability risks and enforce security and compliance policies while reducing overall IT costs. PatchLink is the global leader for enterprise security patch and vulnerability management solutions, delivering comprehensive, multi-platform assessment and remediation for continuous protection across the enterprise to more than 3,000 customers worldwide. |
|
| A PKI for IDR | |
| Geoff Huston : Senior Internet Researcher - APNIC | |
|
It has long been fashionable to criticise PKIs as less than relevant to real-word security domains, and the associated use for a trust anchor upon which a hierarchy of derived trust can be constructed has often been criticised as an imposition of an unnatural model onto real world environments. This reflects shared experiences with attempts to deploy centrally managed hierarchies for inherently distributed, non-hierarchical namespaces such as the email system (PEM) and directory services (X.500, LDAP) where external pressures to retain localized control, and rejection of a central authority represented fundamental blocks to deployment in the global Internet. However, this position has been changing recently, as attacks on network infrastructure become more subtle. Distributed infrastructure services in the Internet, such as the DNS and routing, have looked to PKI models to provide enhanced security options to their natural hierarchy. As illustrated by recent initiatives by the US Department of Homeland Security, the Internet industry has focussed attention on the risks of an unsecured routing infrastructure, and focussed on the need to consider as rapidly as possible, appropriate improvements in the underlying technologies of the global Internet. This presentation will describe the design objectives and experiences in the implementation of an address resource certificate infrastructure that can be used as a PKI to support a number of security options in the area of inter-domain routing in the Internet. Some conclusions are made regarding the overall utility of this approach to securing the IDR environment using a PKI. |
|
| Payments industry approach to customer identity management using the emv payment smartcard | |
| Colin Whittaker : Head of Security - APACS | |
|
The threat to on-line services is clearly driving the demand for sensitive on-line services, such as those operating in the financial sector, to migrate to stronger forms of authentication than ID and password. The UK payments Industry has been investigating collaboratively for a number of years how best this can be achieved in a UK on-line market for banking and financial services where UK customers have multiple accounts and relationships with many providers. One of the primary lines of investigation has been how the industry could exploit the virtues and benefits of the investment made in the UK “Chip and PIN” solution, in which the smartcard enabled debit/credit card would replace the magnetic stripe card for face-to-face transactions. The goal was to reuse the security services on the CHIP in novel ways in an on-line environment. This work culminated in the development of a UK specification for the use of these cards remotely in a solution that became known as “Token Based Authentication”. Subsequently this work made a significant contribution to the MasterCard Chip Authentication Program Architecture, which the industry is now basing its solution upon. The presentation will explain the basis of the technology underpinning the solution, the current and future threats that have influenced the direction taken in the solution, a demonstration of an emulation of the solution, and explore some of the challenges in confronting the industry in delivering the solution to customers. |
|
| Protection in a Hostile Environment: how Two-Factor Authentication can ensure that you and your client's are not at risk | |
| Fraser Thomas : CEO - Swivel Secure Limited | |
|
There is a convergence of several forces that are contributing to a greater demand for proper authentication into networks: the proliferation of inexpensive VPNs; ubiquitous broadband; employer asking for 24x7 remote accesses for their workers; and increasing requirements for a remote and contracted work force. Phishing, Trojans, keyboard sniffers and other threats are becoming rife. The speaker will discuss these threats and what can be done about them. |
|
| A Project for the Synthesis of Composite TCP/IP Networks During Emergencies | |
| Selwyn Russel : Senior Lecturer - QUT | |
|
This paper describes a project being undertaken by National ICT Australia with a Safeguarding Australia theme. History shows that the pattern of use of communications during a large scale emergency to be quite different from those of normal times. The emergency recovery team needs a communication network with capabilities and configurations which have a very different profile from everyday communications networks, to avoid network overload from enquiry bursts and to favour emergency management traffic. Ideally, this temporary network would involve a unification of all commercial networks which at other times are competitive.
|
|
| Responding to the Security Needs of a Company with 500 CEOs | |
| Richard Forno : Principal Consultant - KRvW Associates | |
|
In 1995, the United States House of Representatives embraced the Internet with abandon -- and fortunately realized early on the need for information security. However, while building security programs for a large corporation is challenging, consider doing it for a single company with nearly five hundred equally-empowered and unaccountable chief executive officers! Join veteran security professional Richard Forno as he discusses the delicate nature of providing information security to national legislators, the timely creation of the first incident handling program for the United States Congress, his team's involvement with the incident handling community during national political crises, and the unique nature of incident handling in the legislative branch of a national government. |
|
| Steganography | |
| Eric Cole : Chief Scientist - Lockheed Martin Information Technology | |
| Steganography (stego) is not new and has been around since the dawn of time. However with the advent of computers, the widespread use of the Internet and growing international threats, stego has taken on a whole new interest. While there are a lot of theories and claims about stego, many of them are fabrications of the truth. This presentation will focus on the truths and myths about stego focusing in on new advances and techniques and what this means to both governments and organizations. As insider threat continues to grow, stego poses a real threat to organizations of all shapes and sizes. In addition to threats, the presentation will also cover ways to detect, defend and prevent against this growing problem. | |
| Security 2010: The Changing Landscape | |
| Steve Reddock : Technical Services Manager - Internet Security Systems Australasia | |
|
The security landscape is changing. Network security is evolving and unique attack vectors are constantly emerging:
In this presentation, Internet Security Systems (ISS) will address these emerging attack vectors and provide some unique examples of what ISS’ X-Force research and development team has been observing “from the coalface”. A number of protection solutions will also be discussed. |
|
| Security and Usability | |
| Peter Gutmann : Researcher - University of Auckland | |
| An important consideration when building an application is the usability of the security features that it will employ. Security experts frequently lament that security has been bolted onto applications as an afterthought, however the security community has committed the exact same sin in reverse, placing usability considerations in second place behind security, if they were considered at all. As a result, we spent the 1990s building and deploying security that wasn.t really needed, and now that we.re experiencing widespread phishing attacks with viruses and worms running rampant and the security is actually needed, we.re finding that no-one can use it. This talk will look at security usability principles for applications, covering everything from the initial design stages through to final pre-release usability testing. | |
| Spam, Botnets & Spyware | |
| Mark Sunner : CTO - MessageLabs | |
|
Email as we know has become as ubiquitous as the telephone – in addition it is a “push” technology and the combination of these two factors make it highly desirable from threat perspective. Over the past three years we have seen the “Bad guy” community become very adept at milking every last cent out of the worldwide SMTP infrastructure by converging virus a spam techniques to harvest vast swaths of host computers (Botnets) for their own nefarious purposes. By examining large quantities of interception data as well as the techniques they are using over time it is possible to highlight trends of how they might further evolve and accurately adapt future filtering models and techniques. If we stick with these same concepts, we can start to see why other communications protocols such as IM are currently less attractive – simply because they don’t have access to the same install base. Today the IM space is broadly made of three main vendors, namely MSN, AIM & YAHOO. There are of course a great many other lesser networks but these three represent the three main IM ecosystems and, crucially although MSN & YAHOO has recently announced an intention to merge they do not all yet talk to each other. So from the bad guys perspective they are vastly unattractive when compared to email as the latest SPIM attacks will stay locked inside whichever ecosystem they were initially seeded. However, in the not too distant future it is highly probably that all these ecosystems will eventually merge and common standards will appear between them. At that point, such a network will have immediate appeal to the bad guys and we can start to make rough estimates of how a threat roadmap might start to evolve. Of course, after HTTP & IM the next logical conclusion will be VoIP. Although blue-sky at present, the dramatic cost savings achievable via VoIP solutions would certainly indicate this is a communications technology that’s likely to have a very fast adoption rate and, as soon as this happens, once again we will have yet another critical mass install base available via the Internet which will in turn become a target as the install base reaches a critical mass. In tandem to the comparatively slow growth of email/virual threats has been the development of Web based threats most commonly refereed to as Spyware. Because of it’s relative infancy the term “Spyware” is often used to refer to a multitude of different types of software/malicious activity. Broadly speaking, the three most common types of “Spyware” are classified as follows:
The speed that these threats have evolved in the web environment is particularly significant. If we take traditional PC viruses as a benchmark they have taken some 15+ years to evolved from annoying and disruptive malware written predominantly by young adolescent males into the far more insidious information or CPU stealing steathware of today. This same threat evolution lifecycle has taken place at break-neck speed in the world of Spyware because it has been commercially motivated from the outset. Spyware can be unwittingly picked up (and installed) from a variety of Internet activities such as downloading a game or utility but which will result in multiple instances of hostile tracking/snooping software being installed on the system. Typical examples of the most common type of programs found to contain Spyware are as follows:
At first glance the majority (if not all) of the above applications are more commonly associated with home user type usage rather than typical corporate access. However, it should come as no surprise that the majority of corporate usage is in fact non-standard or put another way, not necessarily work related as illustrated in figure 4 below. The majority of time spent online (55%) in the corporate environment is for recreational use e.g. shopping, sports, entertainment etc. and may also include downloading and execution of programs associated with these activities that may contain Spyware. Similarly as working patterns change to permit a more flexible environment (hot desking, working at home etc.) browsing patterns are trending towards becoming less rather than more secure. It is vital therefore the companies provide appropriate education and guidance to the online workforce as well as ensuring that Acceptable Usage Policies (AUPs) are amended to cater for online browsing habits and mechanisms are put in place to provide enforcement. Contact Details:
Mark Sunner MessageLabs Ltd. T: +44 (0) 1452 623463
M:+44 (0) 7876 475000
|
|
| Security can deliver business agility: how to build an access strategy that will meet practically any access scenario | |
| Kelvin Rundle : Systems Engineer - Citrix Systems Asia Pacific | |
|
With concepts such as business process outsourcing, mobility, business continuity planning, service orientated architectures, joint ventures and a desire for greater speed to value having an increased business focus, a requirement for implementing a secure, flexible access infrastructure is becoming progressively more critical. This session will take you on a visionary ride on how to build a future-proof access strategy that will provide your organisation with the required access infrastructure to meet any current or future access scenario. This presentation will look at the required components to solve common access scenarios while examining the benefits of having a flexible access strategy. By the end of this presentation you will be empowered with the knowledge of how to deliver any application to any user across any network to practically any device while specifying and maintaining discrete security controls. |
|
| A Security Day in the Life of the World’s Largest Networking Company | |
| Chuck Trent : Vice President - Cisco Systems | |
This presentation will address the following :
|
|
| Securing .NET2 and SQL2005: A Web Hosting Perspective | |
| Jorke Odolphi : Product Engineer - WebCentral | |
| Rob Risetto : DBA Team Leader - WebCentral | |
|
.NET2 and SQL2005 represent two of the most commonly targeted technologies on the Internet today. Hosting developers and administrators face a myriad of threats against these infrastructure components. Two of WebCentral’s most senior technologists share their experiences in deploying these technologies into large multi-tenanted environments, with a particular focus on the security challenges they faced. |
|
| Securing End-to-End Remote Access: the Connection, the Network, and the Endpoint | |
| Richard Ting : Director of Product Management - Aventail | |
| The attempt to create a “Fort Knox” of corporate networks is in stark contrast to the reality of how network communication is evolving and how users want to access the network. Your users demand more access, to more applications, from more devices and endpoints than ever before. You want to deliver access that offers complete mobility and transparency so they can work more productively from anywhere. But, you must make it secure and control your costs. This session will show you how to effectively build an end-to-end SSL VPN remote access solution through real-world case studies. | |
| Securing FTP and Telnet in Cross-Platform Networks | |
| Kenneth Udd : Director of Sales - SSH Communications Security | |
| This presentation is intended for IT professionals at enterprises who need to secure FTP, Telnet, as well as other system administration access methods in heterogeneous environments. The perspective is that of a large organization with a diverse network environment, consisting of a large number of servers that run multiple different operating systems. The presentation describes common vulnerabilities and known exploits of plaintext file transfer and terminal connections. Also, eight areas to examine when seeking and evaluating products and technologies for an FTP and Telnet replacement are introduced. Finally, a cost-effective security approach based on Secure Shell for cross-platform, large-scale environments are introduced. | |
| Silently Fixed Vulnerabilities – Skeletons In Microsoft's Closet | |
| Andre Derek Protas - eEYE | |
| Steve Manzuik - eEYE | |
| For years vendors have been criticized over the practice of silently fixing security flaws and not releasing bulletins to notify their customers. While it is easy to find many researchers and experts criticizing alike, it is typically hard to find actual proof that this practice remains ongoing. Regardless of personal opinions over the rational vendors use to justify silently fixing bugs, the reality is that many defensive technologies rely on specific signatures to detect potential attacks and identify specific vulnerabilities as they were reported in vendor advisories. The basic argument against silently fixing vulnerabilities lies in the above fact. If a security device is signature based, it cannot reliably detect something it does not know exists and most security vendors do not have the resources or time to manually verify that the software vendor has been upfront with all of the threats that were fixed in the patch. This talk will outline the steps taken to identify potential vulnerabilities silently fixed and offer examples of recent security updates that contained silently fixed vulnerabilities and why they are a threat. | |
| Sidewinder G2 Live Attack Demo | |
| Eric Sorenson : Senior Sales Engineer - Secure Computing Corporation | |
|
See 2 attacks, 2 firewall technologies in action, and 2 very different results. You’re invited to join Secure Computing Corporation for a live attack demonstration presentation that has been designed to show the critical difference between a high-assurance Applications Defenses™ firewall and a network-layer stateful inspection firewall. We invite you to see what the latest application attacks are all about firsthand in real time. During this event, you will learn:
Come, see, discuss, and learn from the experts in securing connections between people, applications, and networks™ |
|
| Security in Context | |
| Theo Nassiokas : Head of Information Security - Strategy and Governance - Westpac Banking Corporation | |
This presentation attempts to address all the stuff that security people are generally bad at, but need to become better at, including:
|
|
| Secure, Intelligent Networks of the Future | |
| Greg Fitzgerald : Vice President Marketing - TippingPoint, a division of 3Com | |
| We are at an inflection point in the industry where a new network model that delivers greater business value is being defined. The increasing IT complexity, regulatory issues, and security concerns coupled with the convergence of voice, data and video traffic are demanding a significant change to the network. The new model contemplates an intelligent overlay network [UTF-8?]to manage and secure the connectivity pipes. Intelligent, converged networking is driven by the fact that more than ever before, businesses require a network that auto-protects, auto-prioritises, auto-corrects and auto-reports because such a network is more cost effective, easier to use, and maximises business operations. | |
| Secure programming traps and pitfalls | |
| Wietse Venema : Researcher - IBM | |
| Wietse analyzes a very small program that appears to be obviously correct, yet completely fails to perform as expected, for more reasons than many people can think of. The audience is expected to have some programming experience, but detailed knowledge of C, UNIX or Windows is not required. | |
| Software Security | |
| Kenneth R. van Wyk - KRvW Associates | |
| Richard Forno : Principal Consultant - KRvW Associates | |
|
Security defects are commonly found--and exploited--in today's software products. Clearly, firewalls, intrusion detection systems, and the like are not sufficient to protect our applications from being compromised by attackers. This two day tutorial provides the student with a close look at security activities that can be practiced throughout a software development lifecycle in order to improve the security of the end product. It spans design and architectural aspects of security as well as language-specific implementation details through its numerous Java and C examples. These concepts are put to practice through the four hands-on exercises interspersed throughout the lecture material. |
|
| Secure SOA: Dream or Reality? | |
| Venkat Raghavan : Manager of Security Products - IBM | |
| Security is one of the critical challenges facing organisations deploying SOA. SOA adoption introduces new and unforeseen security challenges, including multiple platforms, protocols, security domains and security credentials. What are the drivers for SOA security – should we focus on people, process, information or technology? How can an organisation achieve the necessary transformation from a resource-centric application delivery model to a process-centric model? And are the current security standards and technologies to do this mature enough? | |
| The SANS Top 20 Internet Security Vulnerabilities List & SANS @RISK Consensus Security Vulnerability Alert Project | |
| Rohit Dhamankar : Lead Security Architect - TippingPoint, a division of 3Com | |
|
The SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities some years ago. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists. The Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation and it is the result of a process that brought together dozens of leading security experts. A living document, the SANS Top-20 list includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. |
|
| Red Room: Snort Users Reception | |
|
|
| Safe VoIP, is there such thing? - A Technical Session on Securing VoIP Systems for All Companies | |
| Ben Karlo - Fortinet | |
| There is so much talk about VoIP in Australia at this current time & rightly so - VoIP is an application that can potentially save a company thousands upon thousands of dollars in traditional call fees. But being an IP application VoIP is naturally prone to a number of vulnerabilities that can cause your company a great deal of problems and a lot of lost productivity and money. Is it possible to have a totally secure VoIP system? This session will look at how to secure VoIP systems from an in-depth technical point of view. | |
| Security without Firewalls | |
| Abe Singer : Computer Security Manager - Security Techonogies Group San Deigo Supercomputer Centre | |
|
So what is a firewall? Early firewalls were just packet-filtering routers, which could only filter IP addresses (not port numbers). Then came port filtering, proxy firewalls, and stateful packet filtering (SPF). To some people, using NAT is considered a firewall. Firewalls don’t necessarily provide as much security as popularly believed. Securing individual hosts can provide better security and functionality than using a firewall. Hosts are protected from each other in addition to the Internet. Use of scalable configuration management, no plaintext passwords, and aggressive patching can provide host-based security in a scalable, cost-effective manner. It has worked for us; maybe it can work for you. |
|
| Securing Your Converged Voice & Data Network | |
| Erik Rudin : Senior Technical Consultant (VoIP) - NetIQ | |
|
With the adoption of IP telephony and the convergence of data and voice networks, companies are facing new challenges to both the management and security of their new infrastructure. The addition of voice traffic to a network opens security vulnerabilities that can cause both telephony outages and network outages. VoIP security presents risks that organisations must address before the technology is actually deployed. Good network security processes and practices become even more important as VoIP components are added to your network. VoIP can bring your organisation tremendous benefits — such as cost savings and increased productivity — but it can also bring security concerns including;
In this session, you will learn how to:
|
|
| The top 3 security trends you can't afford to overlook | |
| Rob Pregnell : Regional Product Marketing Manager, Asia Pacific - Symantec | |
| As your business and IT infrastructure grow and change so too does the threat landscape surrounding it. At times it can feel impossible to keep up with everything you need to do to ensure your systems are 100% secure and that you are meeting mounting compliance regulations. This session will discuss the three top security challenges Symantec has seen evolve in the past year and offers real solutions to counter strike or proactively avoid them. From cybercrime and criminal acts such as identity theft, extortion and fraud to the management of a complex messaging environment including instant messaging and email security and availability, this session will discuss strategies to ensure your network is safe, manageable and compliant. | |
| The Australian Higher Education and Research sectors Certification Authority Federation | |
| This is a project to enable Universities to collaborate and interoperate with each other at low cost and low risk. Join us to learn about the trust fabric and trust model used to implement this Federation and hear an update on its progress. Refreshments will be provided. | |
| The Horrors of Headlines: Keeping Your Company Out of the Press, Lessons from a leading forensic investigator | |
| Bryan Sartin : Vice President Investigative Response - Cybertrust | |
| Bryan Sartin, Cybertrust VP of Investigative Response, and a well-known advisor to VISA and MasterCard will share the lessons he has learned over the last 15 years investigating some of the world's most well-known (and the many unknown) incidents of data compromise. Just a few of the topics Bryan will cover are: the leading causes of data compromise, common mistakes companies make after an attack and the pillars for preventing future compromise. This will be a riveting session of real-world examples, anecdotes and serious advice on how you can reduce the chances your company will make headlines as a result of a data breach. Don't miss it! | |
| Trends in Online Financial Crime: Technology in the Service of Serious Online Criminality | |
| Jake Jacobson : U.S. Secret Service | |
|
Our presentation will examine the technological capabilities being fielded by the online criminal community active in serious financial crimes and identity theft. Computer malware has become part of the enabling infrastructure behind the financial crimes perpetrated by online carding networks, and these groups actively utilize the services of programmers to create custom malware in service of fraud, identity theft, and other financial crimes. In addition to malware, the online criminal community funded by financial crime is able to muster a wide range of other technical capabilities ranging from intrusions for hire to the harnessing of spamming services for dedicated financial crime. The profit potential inherent in financial crimes enables carding networks to afford whatever type of technological capabilities they require to further their criminal activities, and there is every reason to believe that criminals’ use of customized malware and other underground technology services to further financial crimes and identity theft will continue to pose a challenge for the foreseeable future. |
|
| True Intrusion Prevention: Protecting Against Threats From All Vectors, AT All Times | |
| David Thomason : Director of Security Engineering - Sourcefire | |
| First generation Intrusion Prevention Systems (IPS) have failed to solve today’s threat problem – breaches are occurring at an ever increasing rate, damaging organizations’ reputations and costing revenue. Standalone IPS only protect against intrusions, coming from the perimeter, during the time of the attack. Today’s blended threats require blended security systems that have more remediative options. Join Sourcefire, the creators of Snort® and the world leader in intrusion prevention, as he discusses how the combination of endpoint, threat and network intelligence provides true intrusion prevention by defending networks against threats from all vectors, all the time – before, during and after an attack. | |
| The Power of One | |
| Michael Brookes : Marketing Manager, Strategy & Business Development, Pacific - Honeywell Building Solutions | |
|
Until recently, physical security and information security have occupied very different worlds within the organisation. However, advances in technology combined with ever increasing compliance and risk management requirements have led to a new era of corporate security management where physical and information security are converging to form a synergistic and symbiotic relationship. Organisations that understand the potential for alignment between these two worlds are reaping the benefits not only in terms of improved security, but also better risk management and greater return on their security and IT systems investment. In this presentation, Honeywell general manager, Paul Bardon, explains:
|
|
| The Rise of Multi-vector Attacks – the new threat paradigm targeting organisations | |
| Tom Chan : Enterprise and Partner Client Services Manager - MessageLabs Australasia Pty Ltd | |
|
MessageLabs the global leader in messaging security and management services welcomes you to “The Rise of Multi-vector Attacks – the new threat paradigm targeting organisations”. Over the past 24 months, the sophistication of the threat landscape has changed dramatically. Spam, virus, phishing and spyware techniques have converged to deliver the first multi-vector attacks that are targeting organisations for the purpose of extortion, illicit financial gain and political advantage. Ernst & Young estimate that online fraud accounts for US$5 billion of overall financial crime, growing at a staggering 200 to 500 percent every year. Today MessageLabs intercepts around 2-3 targeted attacks per week where as in 2004 this figure was almost negligible. This is expected to increase with the adoption of new messaging technologies such as http, Instant Messaging and VoIP. Mr Tom Chan will give an overview of multi-vector attacks across a range of attack techniques and why safeguarding your organisation today requires a pragmatic multilayered approach to messaging security. |
|
| The top 3 security trends you can’t afford to overlook | |
| Rob Pregnell : Regional Product Marketing Manager, Asia Pacific - Symantec | |
| As your business and IT infrastructure grow and change so too does the threat landscape surrounding it. At times it can feel impossible to keep up with everything you need to do to ensure your systems are 100% secure and that you are meeting mounting compliance regulations. This session will discuss the three top security challenges Symantec has seen evolve in the past year and offers real solutions to counter-strike or proactively avoid them. From cybercrime and criminal acts such as identity theft, extortion and fraud to the management of a complex messaging environment including instant messaging and email security and availability, this session will discuss strategies to ensure your network is safe, manageable and compliant. | |
| Unified Access Control - Its not just about 802.1x | |
| Greg Bunt : Systems Engineering Manager - Juniper Networks | |
|
A key new challenge for network administrators and operators is providing ubiquitous access in a safe manner. Enterprises need a solution that ties together all aspects of the user’s identity, device, and local network, with uniform policy enforcement. This balancing act between usability and security is best addressed by Unified Access Control (UAC). Join Greg Bunt, Juniper Networks APAC Systems Engineering Manager for Emerging Technologies, to understand why UAC is more than just 802.1x protocols and how an extended enterprise can leverage the benefits of UAC solutions to deliver more productivity without compromises in protection. |
|
| UTM: Move Beyond the Security Box | |
| Scott McKinnel : Country Manager, Australia and New Zealand - Check Point Software Technologies | |
| Unified Threat Management (UTM) has generated a lot of attention in the market as the magic potion to address the increasing sophistication of security attacks. While UTM has received a lot of attention, it is not readily understood what it is. For those in the mid-market, UTM is likely to take the shape of an appliance that houses a range of security technology that can simply and cost effectively protect from blended hreats. For larger organisations, UTM should be about taking an architectural framework in order to address blended threats, as opposed to a ‘one size fits all’ box that houses a range of siloed technologies. Join Scott McKinnel, Country Manager Australia and New Zealand for Check Point Software Technologies, to discuss the changing role of Unified Threat Management in the current security climate. | |
| Workshop | |
| Marcus Sachs : Deputy Director - Computer Science Laboratory, SRI International | |
| The Domain Name System (DNS) is a critical part of the Internet, faithfully translating host names to Internet Protocol (IP) addresses via a world-wide distributed database. Developed in the 1980s, the DNS is a zero-security system, designed in a time of mutual trust and an era of few deliberate infrastructure attacks. In fact, the DNS protocol is not even as secure as the IP layer above which it operates. The arrival of millions of new users to the Internet community in the 1990s introduced a new threat model that the DNS was unable to protect itself against. Today it is estimated that at least 10 percent of name servers on the Internet are vulnerable to DNS attacks. Many technology experts believe that it is just a matter of time before we will see serious attacks on the DNS infrastructure. Since the mid-1990s work has progressed on modifications to the original DNS, called the DNS Security Extensions or DNSSEC. This tutorial builds on the Wednesday's talk about how the DNS works and the work underway to deploy DNSSEC globally. We will step through the process of how to add DNSSEC to an enterprise's DNS servers and will discuss the value an organization gains by deploying DNSSEC to its DNS zones. | |
| Why is FTP and managed file transfer so important? | |
| Todd MacDonald - Tumbleweed | |
|
SYNOPSIS:
Why is FTP and managed file transfer so important? In our global economy with no "off hours" - the Internet is the first ever 24x7 ubiquitous information delivery system not just for online access and transaction processing, but also for file transfers. File transfer is mission critical in most organisations. Now you can learn from one of the world's leading experts everything you wanted to know about FTP. How to manage the transfer of important files over the internet, reliably and securely, to meet any stringent requirements. This advanced workshop, frequently interactive in style, will cover: FTP protocols, advanced analysis of FTP environments, the best practices to design and cost justify FTP environments, typical FTP problems and requirements, and Q&A. WHO SHOULD ATTEND:
CTO, CSO, IT Mgr, IT Infrastructure Mgr/Team/Architects, IT Security Mgr/Team/Architects, e-Commerce Mgr/Team/Architects, IT Risk Mgr & Auditors, Network Mgr/Team, IT Ops Mgr/Team, IT Consultants. |
|
| Windows Intrusion Prevention Workshop | |
| Jamie Gillespie : Team Leader for Training and Education - AusCERT | |
|
Overview This full-day hands-on tutorial is based on AusCERT's 2-day workshop, with focus on the preparation of security controls in Windows and prevention of intrusions. This tutorial will identify common attack types, misconfigurations and architectural issues associated with maintaining Windows XP clients and Windows Server 2003 systems. This workshop addresses basic to intermediate security topics relevant to standalone and networked Windows systems. Audience This course is intended for systems administrators who have a daily involvement with Windows administration. In order to gain the most benefit from this course, it is recommended that participants have a basic understanding of the following:
|
|
| Web Services: New Technology – New Risks | |
| Oliver Binz : General Manager - b-sec consulting | |
|
“How will the new Web Services revolution affect your Business and Information Security Strategy?”
Web Services have arrived and are revolutionising the way businesses communicate with each other and their customers. The rapid adoption of Web Services is the result of the significant value they provide to organisations, by increasing productivity and improving communication. However, not everyone is familiar with the new and increased security risks posed by this new technology, and many current deployments are leaving organisations highly exposed. This presentation provides an insight into these new information security risks that organisations are exposed to when implementing or communicating via Web Services. We will also explore some of the methods available in managing the associated risks. b-sec Consulting is NOT a vendor of technology, and as such we are not attempting to sell you the latest security gadget. This presentation is designed purely to educate and draw attention to something CIOs and CSOs will need to manage - either now or in the very near future. Presented by Oliver Binz (Director, b-sec) and Justin Derry (Senior Security Consultant, b-sec) |
|
| What to expect when APRA calls | |
| David Pegrem - APRA | |
|
The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the Australian financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, friendly societies, and most members of the superannuation industry. If you work for one of these financial institutions your work may fall under APRA’s scrutiny. APRA shows an interest in IT Governance, Strategic Planning, Risk Management, Project Management, Application Development, Infrastructure Management, Outsourcing, and Internal and External Audit. This Presentation covers an introduction to what APRA does, the IT Operational Risk framework it uses for on-site reviews, how the reviews are conducted and what the common issues found across the industry. |
|