The NEbraskaCERT Conference:
August 18-19, 2009
at the Peter Kiewit Institute'sAugust 18-19, 2009
Scott Conference Center
Omaha, NE USA
|
|
The NEbraskaCERT Conference:
at the Peter Kiewit Institute'sAugust 18-19, 2009 Scott Conference Center Omaha, NE USA |
|
Abstracts
Title: Benchmarking for success Presenter: Bill Dixon Abstract: All to often a new or change to a regulatory requirement or compliance initiative causes organizations to dedicate time and resources to "put out the fire". Information Security and Risk Management program benchmarking allows an organization to align itself based on identified needs. Industry standards such as ISO27001, NIST, and Cobit to name a few service as models. The attendees will be able to identify the value in program benchmarking along with case studies of benchmarking exercises in action and their results. Title: Detection of Data Hiding in Computer Forensics Presenter: James E. Martin, JD, CISSP Abstract: Anti-forensics has become a forensic buzzword recently, but computer users have been trying to hide data for much longer. This session provides a brief look at digital evidence hiding types and taxonomy, complimented by a practical examination of how to identify and process various types of data hiding. Title: Effective Controls over Information Security - An Auditor's Perspective Presenter: Vladimir M. Liska Abstract: In the recent past, controls over information security in most organizations were the prevue of management and the auditors. In today’s changing world influenced by Sarbanes-Oxley, privacy, and data breaches the rules have changed and controls over information security are now the responsibility of all IT professionals. Whether preventive, detective, automated, or manual all security related control activities should be designed and operated in the most effective and efficient manner to mitigate the numerous risks faced by organizations today. We will review technology independent risks and associated controls in key areas of information security including overall security management, awareness and training, end-user computing, incident monitoring, administering logical security (at the OS, data, and application levels), system administration, controlling external network connections, and physical security. This will include real-world examples of risks and controls and help any IT professional create and maintain an effective and efficient control environment around information security. Title: Free Security Resources Presenter: Ronald Woerner, CISSP Abstract: Many security tools, documents, and programs are available for free (or very little cost). This session will show how they can be used for vulnerability assessments, penetration testing, intrusion detection, incident response, and security management. This updated presentation is great for cash-strapped organizations that need to promote and improve all of their security activities. Title: Providing A Modicum Of Security In Virtualized Environment Presenters: Jeff Guilfoyle, Principal SE, Symantec Corporation Abstract: As more and more companies move to VMWare and XEN virtualization technologies, the traditional methods of 'physically' firewalling servers from each other into disparate zones becomes increasingly complex and in many cases impossible. A new approach to security must be explored, relying on host-based controls rather than relying purely on the network. Title: Reporting vulnerabilities that comply with HIPPA and SOX regulations Presenter: Robert Baldi, CISSP, CEH and CIW Abstract: This presentation will cover the legal requirements to report vulnerabilities in regards to HIPPA and SOX regulations. It will also address the crucial need for security professionals to have a solution to report vulnerabilities without fear of reprisal. Companies are too focused on fixing the security issues, putting out their specific fires and moving on. Without collaboration with organizations like US-CERT, software manufacturer and other key agencies we as a society will be at unnecessary risk. Alternative reporting methods will be reviewed in addition to examples of how security researchers are changing the way security professionals can security networks from a global perspective. Title: Security Convergence - What You Need to Know Presenters: Ronald Woerner & Warren Phillips Abstract: Call it convergence, call it holistic security management. By either name, it’s the subject of much talk these days. This session provides the definition of convergence and an explanation of the desired payoffs and unexpected pitfalls that can obstruct efforts to get all security functions working off the same page. In addition, we will discuss common physical security systems (e.g., badging systems, CCTV, DVR) and how they are really network devices that need to be integrated into your security program. Convergence is happening, like it or not. You need to know how it works to grow as a security professional. Title: Security Requirements: Competitive Advantage or Barrier Presenter: Chris Currin Abstract: This PCI-oriented presentation discusses the costs/benefits of PCI security requirements in the context of business liability. It goes over measurement versus management expectations, all in the context of data and statistics from Visa and the PCI DSS. The presentation ends by discussing the science of measurement and how it can be applied to security to help business management staff make solid decisions. Title: So, You Want to be a Hacker or Think like One? Presenters: Lucas Wentz & Jonathan Bender Abstract: The presenters, Lucas and Jonathan, will first talk about different competitions one can participate in to test their skills. Capture the flag (CTF) exercises are good events to test your skills, so Lucas and Jonathan, will also talk about the many CTF frameworks along with other competitions. Finally they will discus different tools to use for testing web applications. Title: Spear Phishing: A Report From The Trenches Presenter: Rohyt Belani Abstract: This presentation will discuss the evolution of phishing from being a means of stealing user identities to becoming a mainstay of organized crime. Today, phishing is a key component in a "hackers" repertoire. It has been used to hijack online brokerage accounts to aid pump n' dump stock scams, and as a means of creating covert channels from compromised user machines to the Internet. During this talk, I will present the techniques used by attackers to execute spear phishing attacks, and real-world cases that I have responded to that will provide perspective on the impact. I will then discuss countermeasures that have been proven to be effective and are recommended by reputed bodies like SANS and Carnegie Mellon University. Title: The State of the Hack Presenter: Kris Harms, Senior Consultant at Mandiant Abstract: During the last 3 years, Kris Harms responded to over 20 computer security incidents at some of America's largest organizations. During this presentation, Kris reviews the current state of incident response leveraging his experiences on the front lines. He discusses how organizations are preparing for and detecting incidents. He demonstrates the latest response techniques used to mitigate the current information security risks organizations face. Discussions and demonstrations are highlighted with actual evidence collected from several cases over the past few months. Title: Stickin it to the Man: How to P0wn - FTW! Presenters: Adam James, James O’Gorman and Don Kohtz Abstract: Have you ever known a locksmith that could not pick a lock? Let’s put ourselves into the mindset of an internal attacker and realize that irrational behavior never seems so on the inside. We will examine why someone might attack your systems and how they might attack your systems. A dual session talk, split with introductory material in the first session and advanced in the second, we will cover everything from information gathering techniques to fuzzing and writing our own exploit. We will find the lock, pick the lock, and make the lock irrelevant. After seeing what a rogue employee can do, we will end the session speaking with Don Kothz, former Assistant Attorney General for the State of Nebraska, about how to detect and handle rogue employees. This is not just a technology problem we face. After this morning session, we will follow up with a second two part talk about this attack we conduct from the point of view of the victim. Title: Whack a P0wn: Play or Be Played Presenters: Adam James, James O’Gorman and Bill Dixon Abstract: A follow up to the morning session, this talk will cover how the victim of the mornings attack would investigate the intrusion. In the first session we will focus on network based evidence, followed by the second session focused on a system based forensics investigation. We will cover how to find out if something happened, how to find out what exactly happened, assess the impact of what happened, and try to identify who did it. After this, we will end the session speaking with Bill Dixon, Director of Assessment & Assurance Services for Continuum Worldwide, about how organizations can better position themselves to properly handle the inevitable. Title: What Happens When You Invite 30 Universities To Hack You? Presenters: Jonathan Bender & Lucas Wentz Abstract: The presenters will demonstrate capture the flag exercises in more detail while focusing on analyzing data, results, and lessons from previous exercises. The presentation will contain detailed forensics of network traffic and vulnerable images, timelines of attacks, and demonstrations of the attacks used. Each attack will be complemented with information on how to harden against the attack. Presenters
The NEbraskaCERT Conference is very
fortunate to get some of the best
speakers to present at our conference. Here is the Class of 2008:
Baldi, Robert - CISSP, CEH, CIW Robert Baldi is a CISSP, CEH and CIW Security Analyst with over nine years experience in Information Assurance with the Department of Defense. He is currently a security engineer for NSA, employed by Booz Allen Hamilton. He graduated from Bellevue University and has worked for the US Air Force and Raytheon. Robert is also an adjunct instructor for information technology and information security courses at Bellevue University and ITT Technical Institute in Omaha, NE. Belani, Rohyt Rohyt Belani is a Managing Partner and co-founder of the Intrepidus Group, a boutique information security consulting company. Prior to starting Intrepidus, Mr. Belani was the Managing Director at Mandiant. Before joining Mandiant, he worked as a Principal Consultant at Foundstone and Researcher at the US-CERT. He is a contributing author for Osborne's Hack Notes “Network Security”, as well as Addison Wesley's Extrusion Detection: Security Monitoring for Internal Intrusions. Mr. Belani is a regular speaker at various industry conferences including Black Hat, OWASP, ASIS, Hack In The Box, Infosec World, DallasCon, CPM and several forums catering to the FBI and US Secret Service agents. He currently teaches a class at Carnegie Mellon University and has been invited to guest lecture at the University of Wisconsin. As an industry expert he has opined on security issues via columns for online publications like Securityfocus and SC magazine, and interviews with BBC UK Radio. Mr. Belani holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University. He currently leads the OWASP Java Project a world-wide consortium of Java security experts. Churchill, Matt Matt Churchill is the Director of Digital Forensics and Cyber Investigations for Continuum Worldwide. Matt is a former member of the FBI's Cyber Crimes Task Force and former Deputy Douglas County Sheriff of ten years, where he conducted digital forensic examinations. Matt is a graduate of UNO and has earned the professional designations of Certified Forensic Computer Examiner (CFCE), Certified Computer Examiner (CCE), Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH). Matt is a founding member and current President of the Nebraska Chapter of the High Technology Crime Investigation Association (HTCIA) and he is a member of the International Association of Computer Investigative Specialists (IACIS), the International Society of Forensic Computer Examiners (ISFSE)and Infragard. Harms, Kris Kris Harms is a Senior Consultant at Mandiant with six years experience in computer security and incident response. Mr. Harms provides Mandiant with investigative and technical expertise in incident response management and investigation, computer forensics, vulnerability assessment and remediation, and security architecture and design. He has extensive experience conducting large scale incident investigations for Fortune 100 companies, e-commerce sites and financial institutions. He has also supported multiple counter-intelligence investigations at several government entities. Mr. Harms has lead investigations and conducted evidence discovery for several multi-million dollar litigations. A frequent industry speaker and instructor, Mr. Harms has appeared on the CBS News program 60 Minutes and PBS’s Wealth and Wisdom. Mr. Harms holds a Bachelor of Arts degree in Applied Science and Technology from The George Washington University. James, Adam Adam James is a Consultant with Continuum Worldwide. Prior to becoming a Consultant, Adam worked for four years at Mutual of Omaha gaining insight into multiple aspects of a Fortune 500 company while in positions including Provider Analyst, Business Analyst, Computer Programmer/Analyst, and Information Security Analyst. In his most recent position as an Information Security Analyst at Mutual of Omaha Adam was responsible for conducting information security risk assessments, penetration tests, application security assessments, developing audit responses, and providing information security consulting on business and infrastructure projects. Adam holds a Bachelors of Science in Management Information Services from the University of Nebraska at Omaha and has completed his Masters degree in Information Assurance from the Peter Kiewit Institute at the University of Nebraska at Omaha . Adam also holds CCNA, GCFA, and GSNA certifications. Kohtz, Don Don Kohtz is the Director of Investigative & Compliance Solutions with Continuum Worldwide. He was formerly an Assistant Attorney General for the State of Nebraska, the Fraud Bureau Chief at the Nebraska Department of Insurance, and was legal counsel to insurance companies and financial institutions. Don has presented and published articles on the topics of fraud, risk mitigation, and compliance matters. He has investigated matters involving fraud, white collar crime and unethical behavior. Don holds a Bachelor of Science degree, a Doctorate of Jurisprudence, and is certified as a HIPAA Professional (HIPPAP). He is a member of the Nebraska Power Review Board, which regulates Nebraska’s publicly owned electrical utility industry. He is a former executive board member of the Nebraska Crime Stoppers, Inc., and the Heartland Chapter of the Association of Certified Fraud Examiners (ACFE). He is an associate member of both the local chapter and the national organization of the ACFE. He is a recipient of the Distinguished Achievement Award from the ACFE for his efforts in the fight against fraud. Liska, Vladimir M. Vladimir Liska is the Project Audit & Consulting Manager in the Corporate Audit department at TD AMERITRADE based in Omaha, Nebraska. In this role, Vlad has developed and administers a framework to facilitate consulting and assurance services on enterprise projects. Through this framework, Vlad performs active monitoring and risk assessment of enterprise projects, proactively ensures appropriate controls are implemented on projects, and monitors adherence to the product development lifecycles. Prior to joining TD AMERITRADE, Vlad worked in various technology and audit positions in public accounting and the private sector. Vlad holds a Bachelor of Arts degree in Computer Science from Simpson College in Indianola, Iowa and a Master of Science in Information Technology Management from Creighton University in Omaha, Nebraska. He has also served on the faculty at the University of Nebraska at Omaha and has spoken at several local and regional conferences including InfoTech 2004 and the 2007 IIA District Conference. Vlad is a Certified Information Systems Auditor (CISA) and is licensed as a FINRA Registered General Securities Representative, a Register Investment Advisor in the State of Nebraska, and a General Securities Principal. O’Gorman, James James O'Gorman is a consultant with Continuum Worldwide. In his over 10 years of working in information technology, James has worked in consulting, support, and managerial positions at companies across a spectrum of industries. Specializing in information security, James has made contributions in to the industry in the way of speaking engagements, papers, tool and process development that have been made available to the community. A member of the GIAC advisory board and the Omaha ISSA chapter, James holds OSCP, CISSP, GCIA and GCFA certifications Woerner, Ronald - CISSP, IAM, IEM, CEH, and CHFI Ron Woerner is a CISSP, IAM, CEH and CHFI with over 17 years experience in multiple industries. He graduated from Michigan State and Syracuse Universities and has worked for the US Air Force, State of Nebraska, Mutual of Omaha, ConAgra Foods, and AmeriTrade. He has spoken at the RSA Conference, the CSI Conference, CERT, Infotec and Information Security Decisions. He is also on the Information Security Magazine Advisory Board. |