The NEbraskaCERT Conference:
was held in August
at the Peter Kiewit Institute'swas held in August
Scott Conference Center
Omaha, NE USA
|
|
The NEbraskaCERT Conference:
at the Peter Kiewit Institute'swas held in August Scott Conference Center Omaha, NE USA |
|
Bios HA1, HA2 Real Life Forensics Brian will lead you through the application of forensics to modern systems. He will show you tools and methods that are applicable both from informal and rigorous perspectives. SQL Injection Attack: Are your Applications Vulnerable? Dennis Hurst, senior consulting engineer for SPI Dynamics, is responsible for working with developers to educate them on the need for Web Application security and practical ways to protect Web Applications from hacking attacks. With more than 15 years experience in the Information Systems/Application Development industry, he is an expert in system design, implementation and maintenance of complex multi-vendor, multi-platform computer applications and networks. He has extensive experience in planning developing and enhancing Internet systems as well as integrating Internet systems with legacy systems. For the past three years he has focused on developing tools to test and secure the HTTP protocol. Dennis is a Microsoft Certified Solution Developer (MSCD in Visual Basic and SQL Server) and a Certified Novell Engineer (CNE) for version 3.x and 4.x. Furthermore, he has published articles and developed classes on the secure application development process. Dennis has spoken on the topic of secure coding practices at Software Development West 2004,Better Software 2004, WebSec 2003 and various user group chapter meetings. He has been published in asp.net PRO and on http://www.15seconds.com/Issue/000612.htm. Compromising Wetware - Plugging the Human Leaks Ron Woerner is currently a Senior Security Analyst with ConAgra Foods, Inc. In the past 15 years, he has been an Air Force Intelligence Officer, the Information Security Officer for the Nebraska Department of Roads, a UNIX administrator for the Mutual of Omaha Companies, and the Lead Security Engineer for CSG Systems. Ron earned a Bachelors degree from Michigan State University and a Masters degree from Syracuse University in Information Systems. He was awarded the CISSP security certification in August of 2001 and the NSA IAM certification in August of 2003. Network Security in a Patched Environment Guy Helmer is a Principal System Architect at Palisade Systems, Inc., where he is building network security and applications protocol management appliances. Dr. Helmer has also taught graduate courses in distributed systems and Java network programming at Iowa State University . Dr. Helmer received his Ph.D. in Computer Science from Iowa State University in 2000. Dr. Helmer was previously a system programmer, network engineer, and system administrator at Dakota State University, one of Yahoo!'s Most Wired Universities in 1998, 1999, and 2000. His research interests include operating system and network security, intrusion detection, high-performance computation, and software safety. A User-Centric Approach to Encrypted E-Mail Dr. Volker Roth, Chief Technology Officer, was appointed to this role on March 1st, 2004. Before joining OGM Labs, Dr. Roth was a researcher in the field of applied cryptography and distributed systems security at the Security Technology Department of the Institute for Computer Graphics (IGD) of the Fraunhofer Society. His research interests are applied cryptography and security engineering, distributed systems security, mobile code, usability and safety, privacy, and anonymity. While at IGD, Dr. Roth led and was the principal system architect for the Secure Mobile Agents (SeMoA) project. He is also the principal architect of CODEC, a Java-based implementation of cryptographic syntax standards such as X.680, X.690, X.509v3, and PKCS, which is the basis of a commercial Public Key Infrastructure (PKI) software which is used by banks, universities, and in the health care sector. As a Visiting Researcher at the International Computer Science Institute, UC Berkeley, CA, Dr. Roth researched novel mechanisms to secure the inter-domain routing Border Gateway Protocol (BGP). Dr. Roth holds a Ph.D. (Dr.-Ing.) in Computer Science from the Technical University in Darmstadt, Germany. Wireless LANs, Lessons Learned Mr. Borden is an employee of ACS Defense Inc. He is currently supporting a contract with the United States Air Force. In his current position, he travels to Air Force bases as part of a team conducting network security assessments of both wired and wireless LANs. He holds a Masters Degree in Computer Systems Management from the University of Maryland, University College, Graduate School of Management and Technology. He also holds the Certified Information Systems Security Professional (CISSP) credential. The Approach to Risk & Security Metrics Mr. Predrag Zivic, with over 18 years of information technology experience is in charge of defining the strategy of Scienton's development and service. His vision enabled Scienton to work closely with its clients to implement information risk and security management solutions using the Information Security Model(tm). Mr. Zivic, as the management and technical leader for GE-Capital and Platinum Technologies groups provided growth and leading risk and security solutions to Fortune 1000 clients. He achieved CISSP and was one of the first 100 ISO17799/BS7799 certified practitioners in the world. He has presented at the CIO Summit(r), Managing IT Security Risk, EICAR, World Congress on Risk, ISACA, ISO17799 User Group and ISSA conferences. Windows Firewall -- Deployment and Use in the Enterprise Mr. McCoy is a consultant with Microsoft Services. He travels throughout the central United States performing infrastructure and security consulting for Microsoft clients. Before joining Microsoft he had extensive experience with IBM mainframes and UNIX servers which has served him well in the interoperability space. He has a Bachelor's Degree in Computer Information Systems from Bellevue University. He also holds the Certified Information Systems Security Professional (CISSP) credential. OracleX Mr. Grothe was President/CEO of Heimdall Linux Inc. a company that was devoted to developing Common Criteria evaluated versions of GNU/Linux Products. Mr. Grothe is currently working on several security products for the SOHO market for a small security startup. He had also been a DBA for a Fortune 500 company for several years. "BS7799: From Initial Review to Certification" Leonardo garcia Rojas is a CISSP with 11 years working on mission critical systems & information security implementation, maintenance and operation across different industries such as Financial, Telecommunications, Oil, National Security Programs, and Strategic Security Private Programs. He has been a speaker in different national and international conferences, and he has published articles about information security methodology and information security risk analysis. Crypto API in Linux 2.6 Matthew Marsh is Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix Systems LLC, Author of "Policy Routing Using Linux" (SAMS), and Creator of PakSecured Linux. He has worked in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. He also worked extensively with various routing platforms both as a user and as a vendor. On NEAR & BIT-Net in 1984 (PreHistoric Internet) and has been addicted ever since. As Chief Scientist of the NEbraskaCERT, he is researching IPv4/IPv6/IPSec Integrated Security Networks. Additionally, he developed the first (and currently still the only) SNMPv3 manageable policy routing firewall system for Linux available under GPL at http://www.paksecured.com. ISC2 Certification Dow Williamson is the Director of Communications at the International Information Systems Security Certification Consortium (ISC2), a non-profit organization that has certified approximately 20,000 information security professionals in 90 countries over the last 15 years. Prior to coming to ISC2, he spent 2 years as the Vice President of Marketing at Trusted Computer Solutions, a cyber-security software provider located in Herndon, VA. Additionally, he was the Senior Product Manager for the Trusted Solaris Operating Environment at Sun Microsystems and was the Market Development Manager for Government Operations at RSA Security. Williamson also spent 12 years in the Department of Defense in various Information Assurance-related assignments. These assignments included the DoD Multilevel Security Program Office and Chief of Information Assurance Policy at United States Strategic Command. He is a Certified Information Systems Security Professional, holds a BS in Computer Science/Mathematics from Norwich University, a MS in Space Operations from the University of North Dakota, and a MBA from Embry-Riddle Aeronautical University. A PIN-Entry Method Resilient Against Shoulder Surfing Dr. Volker Roth, Chief Technology Officer, was appointed to this role on March 1st, 2004. Before joining OGM Labs, Dr. Roth was a researcher in the field of applied cryptography and distributed systems security at the Security Technology Department of the Institute for Computer Graphics (IGD) of the Fraunhofer Society. His research interests are applied cryptography and security engineering, distributed systems security, mobile code, usability and safety, privacy, and anonymity. While at IGD, Dr. Roth led and was the principal system architect for the Secure Mobile Agents (SeMoA) project. He is also the principal architect of CODEC, a Java-based implementation of cryptographic syntax standards such as X.680, X.690, X.509v3, and PKCS, which is the basis of a commercial Public Key Infrastructure (PKI) software which is used by banks, universities, and in the health care sector. As a Visiting Researcher at the International Computer Science Institute, UC Berkeley, CA, Dr. Roth researched novel mechanisms to secure the inter-domain routing Border Gateway Protocol (BGP). Dr. Roth holds a Ph.D. (Dr.-Ing.) in Computer Science from the Technical University in Darmstadt, Germany. Solaris Security Roy Gertig is a Unix System Administrator for the United States largest employee-owned company, Science Applications International Corporation (S.A.I.C.), under a support contract to United States Strategic Command. He has over 23 years of experience in telecommunications, intelligence systems, and security. He currently oversees backup and recovery of USSTRATCOM's three different enclaves, works the Information Assurance and Vulnerability Assessment patches, and manages a mass storage sub-system. Roy is a Tivoli Certified Consultant, holds four other CompTIA certifications, and is an associate Certified Internet Webmaster. Preventing the next blast - Intrusion Prevention Systems Brian Gault has successfully designed, implemented and maintained firewall systems and associated rule sets for over 800 clients throughout a core of Information Technology, Finance, Pharmaceutical, HealthCare, and Scientific industries. His primary areas of strength are assessing and optimizing existing networks and firewall systems, as well as auditing, improving, and implementing Network Security policies. Mr. Gault has extensive experience in VPN technologies, security investigations, firewall upgrades and network performance troubleshooting. Sarbanes Oxley compliance Securing Your Corporate Messaging Systems with Open Source Tools. Garrett Anderson has over 10 years of general consulting experience in the Fortune 1000 market. Garrett worked early in his career as an intern in training at the Los Alamos laboratory while completing his degree in Physics. He has held numerous positions in his career from technical support to large systems design architect. He is certified in Microsoft, Netscape, Sun and Netegrity technologies. Garrett's relevant experience came while as an early employee at Netscape in the capacity of senior field engineer. He learned from some of the Internet's best technical engineers about Security, Web Servers, Application Servers and Directories. The key to his success has been his field experience. Garrett has logged over 300,000 miles in the last 5 years architecting, designing, installing, testing and tuning Directory and Security solutions for large ISPs such as Verio and GCI and multi-country enterprises including Volvo and Adobe. He is considered to be one of the leading technical experts in directory architecture and implementation. Integrating physical and IT security for utilities Chris Shepherd has provided directive management consulting for the last 9 years to the utility, financial, and software industries in regards to project management, information & physical security, and disaster recovery. As President of ICCT Corp, Chris has applied his years in project management, banking and consulting experience to assist in raising the level of education in security awareness, and to enable change in those areas. Currently, ICCT Corp is providing onsite support to regional electric power utilities through managing physical security retrofit projects, and information security initiatives, and is involved in preparing the local electric utilities for compliance to pending FERC/NERC security recommendations. Security Basics: Putting the Pieces Together Rick Miller, Vice President, Managed Security Services ISS James Brooks is the Senior Security Product Manager for Verio's Enterprise Hosting business unit, where he is responsible for the development and coordination of security services, including firewalls, intrusion detection/protection services, managed IP-VPNs and other security products. James possesses a thorough understanding of the latest network protocols and IP security technologies, as well as systems engineering, including network architectures and open systems environments. Most recently, James served as the Security Product Manager for Genuity, where he managed security product and service strategy for the company. Prior to that, he held various technical support positions with U.S. Naval Intelligence. James holds a Bachelor of Applied Science and Engineering Technology from the University of Alabama. Rick Miller is the Vice President of Managed Security Services for Internet Security Systems, Inc. (ISS), the trusted expert to global enterprises and world governments providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise for more than 11,000 customers worldwide. Internet Security Systems is traded publicly on the Nasdaq (ISSX), and is one of the most widely recognized and valued information security brands in the world. CIRC/NSOC Proven and Innovative Practices Mr. Dao began his cyber security career as a Flight Commander for a Defensive Counter-Information Warfare (IW) team with the United States Air Force Computer Emergency Response Team (AFCERT). As an AFCERT Flight Commander, he was responsible for conducting defensive IW actions for U.S. Air Force bases worldwide. From the AFCERT, Mr. Dao was recruited to investigate computer related investigations and support Counter-Intelligence operations as a Special Agent for U.S. Air Force Office of Special Investigations (AFOSI). Mr. Dao is an expert at developing and managing security operations and response capabilities. He tuned these skills while architecting and directing the first-line incident management, implementation and forensics practice for a well-known leader in the MSSP market, servicing a Global 2000 client base. Most recently, Mr. Dao was Director and Program Manager for SecureInfo Corporation at the Department of Veterans Affairs Computer Incident Response Capability (VA-CIRC). There, his team continues to manage a 24x7 operation for a 250,000 node network which manages over 1000 security devices to include IDS, Firewall, Gateway and Desktop Anti-virus, and content filtering. Mr. Dao holds an active TS clearance and is a Certified Information Systems Security Professional. Hidden Concerns of Outsourcing Data Center Operations While industry executives move towards outsourcing system administration, call center and other important business operations, management and audit teams are discovering significant financial, operational and security concerns about how national and international business within critical infrastructure is conducted. Together we'll examine specific decisions and the arising ramifications resulting from outsourcing key organizational functions. Moving past the emotional and political concerns of outsourcing we'll discuss the resulting concerns evolving out of this strategic and tactical approach to the actual case studies and current struggles to harness business operations. Wireless and WiFi: The Good, the Bad, and the Ugly IrishMASMS is an old school hardware & network guy, and has degrees in Management of Information Systems, computer programming, Networking Technology, micro-computer programming, and aviation/aerospace management. Certainly not a bit-head by any means, but he will write some code if forced. After exploring the wonders of the early years with TRS-80's, Mac Plus, and even some Unisys mainframes and a clustered DEC VAX, he is currently frustrated as a miracle worker for a government library with no IT budget, and looking for a better opportunity in the information/network security realm. During off time and when not working any consultant jobs on the side, he helps with the local Linux User's Group and other local IT organizations; also enjoys a few LAN parties, his NES, and his cat. No one can confirm or deny that he is a founding member of the 241_Crew, a locally based group of misfits who explore technology and the local music & epicurean scene. Security Conscious Software Development Mr. T. Steven Barker is a senior systems engineer with Raytheon Company, Intelligence and Information Systems in Falls Church, Virginia. Present assignment includes system security engineering for classified computer systems developed for the US Government. Prior to relocating to Falls Church, Virginia, Mr. Barker was the lead system engineer for a series of satellite communications systems developed for the US Air Force in Omaha, Nebraska. Prior to joining Raytheon (then Hughes Aircraft) in 1995, he was a systems and software engineer for Lockheed Missiles and Space Company in Austin, Texas, working on weather imagery ground stations for the Air Force and the Navy. Incident Prevention Responses Working Together Securely Matt Payne is a Systems Engineer with First Data's Enterprise Infrastructure Services group where he is a member of a team that evaluates and develops infrastructure tools for many of First Data's companies. While away from his day job, Matt is working on his doctorate in Information Technology at the University of Nebraska at Omaha. Kent Tegels is a Senior Systems Analyst for HDR, Inc., one of America's leading Engineering and Architectural Firms where he develops Web-based infrastructures and applications. Kent is a nationally recognized speaker and has co-authored a number of books on Data Access and Microsoft .NET programming. Electronic Interception - From POTS to PINS "The" Doug Ellsworth of "Old School Tradecraft" which was the hit session of the First CERT Conference back in 1999 is back with his views on how - in this age of digital coorespondence - it is the simple electronic evesdropping that still rules in espionage. The year 2004 marks Doug's 15th year as a specialist in the field of Technical Surveillance Countermeasures, (TSCM). Doug has earned international recognition by the leading members of the intelligence and counter-intelligence communities as one of relatively few legitimate TSCM practitioners operating in the private sector. Doug's writing efforts on INFOSEC related topics are included among key papers at Columbia University, and have been cited as authority in a treatise authored by Nasser Abouzakhar and Gordon Manson in the U.K., as well as research conducted by the academic community in Belgium. Security Opinion Letters: Practical tips regarding what to look for and
what to give. James E. O'Connor is a partner with Baird, Holm, McEachen, Pedersen, Hamann, & Strasheim, LLP. He represents the firms' clients with respect to the development, acquisition and use of technology and other forms of intellectual property. In addition, Jim assists clients with matters involving e-commerce, the internet and emerging technologies. From 1982 until joining the firm in 1999, Jim worked for a Fortune 500 company as Senior Counsel & Special Technologies Counsel, Assistant General Counsel, Associate General Counsel and Senior Vice President and Chief Compliance Officer. Jim counseled senior operations and division officers on all aspects of their business, chaired the negotiating teams responsible for acquiring mission critical technologies, and structured and negotiated complex systems integration agreements, software development transactions and hardware acquisitions. Jim also has experience negotiating contracts for data processing, telecommunications and related technologies and advising on the protection of proprietary rights and other legal implications of emerging technologies. Jim also served as Secretary and General Counsel for a national software development and services company. Jim received his law degree from Notre Dame in 1978. In 1975 he received his B.A., magna cum laude, from the University of Nebraska-Omaha, where he was awarded a Regents' Scholarship. Jim also teaches "Technology and Law" at Creighton University School of Law 1985-2001 and "E-Commerce and the Law" starting in 2002. He is a member of the Omaha Bar Association, Nebraska Bar Association, the Computer Law Association and the American Bar Association's Section of Intellectual Property Law and Section of Science & Technology. Real World Linux System(s) Auditing - A View from the Field Information Systems Audit Manager First National Nebraska Inc. Mike has over 25 years of experience in the areas of information systems audit, information systems implementation, and financial audit. His experiences span a variety of industries during his years with public accounting firms and his last 10 years has focused on the financial services with firms such as First National Nebraska Inc.,Pricewaterhouse Coopers, First Data Corp, and American Express. Mike has been involved in both the external and internal audit processes and also has served as a software trainer and a university instructor. Currently Mike leads the Information Systems Audit group for First National Nebraska Inc. assessing risk and helping to improve the control environment for technology sectors at the bank and the related non-banking subsidiaries. Mike has been published in the ISACA Information Systems Control Journal and the IIA's Internal Auditor journals. Secure OpenBSD Installation and Operation Windows Server & Desktop Lockdown - from DMZ to the Desktop Your Information Security Silver Bullet Tools and Techniques for Open Source Package and Patch Management Mat Caughron, principal consultant of PHP Consulting, holds a Masters Degree from the Boston University School of Medicine and is a practicing CISSP with an interest in the health care information problem space. His services were more recently used in the role of technical integrator for the University of Nebraska Medical Center's Phield Project. Conducting a Security Audit: An Introductory Overview Bill Hayes has worked nearly three years for the Omaha World Herald Company corporate security department as an information security specialist where he conducts security audits for the World Herald's nationwide firms. For the past 17 years, he has performed a variety of information technology and information security duties in the corporate and academic environments. Bill has a Bachelors degree in Journalism from the University of Nebraska Lincoln. He also does freelance writing for computer magazines and web sites. His byline has appeared most recently in Processor Magazine and the SecurityFocus web site. Preventing the next blast - Intrusion Prevention Systems
The current state of security panel Stephen Nugen is founder and President of NuGenSoft, LLC, a provider of Information Security services since 1998. Steve's experience includes research, development, and management responsibilities at Harris Corporation, Iowa State University, GTE, and Raytheon. Steve is a CISSP whose local affiliations include: NEbraskaCERT, Infotec, College of Saint Mary, Infragard, and others. The current state of security panel Blaine Burnham is the Director of NUCIA and a Senior Research Fellow for the College of Information Science and Technology. Most recently, he was the Director of the Georgia Tech Information Security Center. Blaine's previous experience includes information assurance roles at the National Security Agency (NSA), Los Alamos National Laboratory, and Sandia Laboratory. The current state of security panel Alex Nicoll is a Senior Technology Research Fellow in the College of Information Science and Technology at the University of Nebraska at Omaha (UNO), and the Assistant Director for Technology for the Nebraska Consortium for Information Assurance. He has extensive experience in systems administration, adaptive controls, and operating system security. Alex's research interests include Robotics, Artificial Intelligence, and Computer and Network Security. The current state of security panel Tim Vidas is a Senior Technology Research Fellow in the Nebraska University Consortium for Information Assurance, in the College of IS & T. In addition to teaching at UNO, for the past several years Tim's main focus has been in the private sector with System / Network Security, Defense in Depth, and Systems Integration. His interests include Automation, Information Assurance, Education, Integration, OSS, and wireless technologies. Tim is locally associated with ACM, NEbraskaCERT, Infragard, OLUG, SANS, and the Omaha Perl Mongers. MudSlide - No not the drink, the software Matt Harriger is a student in the College of Information Systems and Technology at the University of Nebraska at Omaha. He is pursuing a bachelor's degree in Computer Science with a concentration in Information Assurance. MudSlide - No not the drink, the software Daniel Ulrich is a recent graduate of UNO who focuses on operating systems and information security. He is interested in problem-solving techniques as they apply to practical security issues. |