Building a Security Center of Excellence - Mulligans Sponsored By: Intellitactics
Monday April 28, 2003 7:00 - 7:45 AM
Paul Sop - Chief Technology Officer - Intellitactics, Inc.
Very few information security departments today have a complete understanding of how to create value and measure the ROI behind their information security investments.
This discussion will explore and identify opportunities for enterprise-level implementers who seek to optimize performance of best-of-breed security investments and ensure best practices. By engineering information security centers of excellence, implementers will successfully position information security as a value-added technology function and increase the likelihood of budget increases in subsequent years.
Paul Sop is Chief Technology Officer of Intellitactics, Inc., the leader in providing a comprehensive solution for enterprise security management. Sop co-founded the company in 1996 and under his direction, Intellitactics has developed Network Security Manager™ (NSM™), an industry-leading, holistic, integrated threat management platform that enables security executives to police, prioritize and prevail across the full range of today's information security threats.
Prior to co-founding Intellitactics, Paul was the Vice President of Golden Triangle Online, one of the largest Internet service providers in Ontario, Canada. Paul has also served on the Prime Minister’s Advisory Council for Science and Technology (ACST) as an expert panelist on Canada’s Role in International Science and Technology. Educated at Wilfrid Laurier University, Paul studied Computing and Computer Electronics. He also worked as a consultant at the university and as an econometrics researcher in the School of Business and Economics. Paul holds the prestigious Certified Information Systems Security Professional (CISSP) designation and has worked on projects involving systems simulation, global multi-currency systems, parallel and distributed databases, and all aspects of networking and network security for companies around the world.
Networking Breakfast Sponsored By: Intellitactics, Inc.
Monday April 28, 2003 7:00 - 7:45 AM
Opening Welcome by John Patzakis, President and CEO, Guidance Software Inc.
Monday April 28, 2003 8:00 - 8:15 AM
Special Opening Keynote
Monday April 28, 2003 8:15 - 9:00 AM
Bill "Ches" Cheswick, Chief Scientist, Lumeta Corporation
With 13 years of service at AT&T/Lucent/Bell Labs, Cheswick has worked for nearly 30 years on operating system security. An internationally acclaimed expert on security he co-wrote the bible for firewall management "Firewalls and Internet Security: Repelling the Wily Hacker," (Addison Wesley, 1994). Ches is frequenly invited to think tank summits, international seminars and the coveted annual ritual to the Renaissance Weekend, an invite-only retreat of seminars and discussions aimed at enabling high-achieving guests to "stretch their minds, share their views and their perspectives." In May 2002, he was a delegate to NATO in Warsaw, Poland.
Homeland Security - South Carolina Style Sponsored By: Chief Robert M. Stewart - SLED & Lt. Chip Johnson Supervisory Special Agent South Carolina Computer Crime Center SLED
Monday April 28, 2003 9:00 - 9:30 AM
Turning Security Information Overload into Management Intelligence
Monday April 28, 2003 9:30 - 10:15 AM
Ian Hameroff, Security Strategist, Computer Associates
Many organizations have long viewed IT security as a “bolt-on” component to the network infrastructure or important business applications. This approach has led to the deployment of isolated islands of protection tools, each with proprietary management interfaces and generating thousands of security events each day. As a result, IT administrators are constantly suffering from security information overload, making it challenging to separate the signal from the noise. This session explores how organizations can turn security information overload into security management intelligence, thus improving operational awareness and shortening the discovery and response to security incidents.
Morning Networking Break Sponsored By: Lumeta
Monday April 28, 2003 10:15 - 10:30 AM
Monday Morning Networking Break
OPSEC In The Corporate World
Monday April 28, 2003 10:30 - 11:15 AM
Tom Mauriello, Director, Interagency OPSEC Support Staff
Operations Security is no longer a word being used inside government agencies. OPSEC and security awareness are now very much Homeland Security action items for all of us. During this session, one of our Country's most experienced OPSEC managers will present his entertaining and enlightening views on what Corporations can do to improve their security posture.
Real World Applications of BioMetric Technology Sponsored By: Ciber, Inc.
Monday April 28, 2003 11:15 AM - 12:00 PM
Mr. Robert L. Turbeville – Senior Vice President with BioMetrics Solutions Group-BSG, a division of ISS (Information Systems Support)
BioMetrics is not a 100% solution. Can logical access and physical access work effectively together? Is every installation in need of logical and physical access controls? Join us as we look at 2 case studies as used in a state correctional operations environment and in the pharmaceutical manufacturing application to answer these, and other questions about BioMetrics in the Real World.
Networking Lunch in the Exhibit hall Sponsored By: CIBER, Inc.
Monday April 28, 2003 12:00 - 1:30 PM
Mike Bean - Guidance Software Kevin Mandia - Foundstone Robert Gagnon - Ontario Provincial Police William Farwell - Deloitte & Touche LLP
Our Advanced Computer Forensics track is one of our most popular tracks each year. Industry experts from around the Country present some of their thoughts and suggestions on a variety of current advanced forensics topics.
EnCase v4. At last, solutions to nagging Computer Forensic Issues - Mike Bean – Guidance Software
Computer Forensic Examiners have long been nagged by issues like the need for:
Full international character support with Unicode Search Hits and Book marking Organization Advanced search tools Dynamic Disk Interpretation NT4 Mirror, Stripe, Span Interpretation Support for Compressed NTFS Files Compound Filter Queries
Guidance Software trainer Mike Bean will show you some of the exciting new features in EnCase version 4 that will aid computer forensic examiners throughout the world.
Information Assurance and CyberSecurity at the Strategic Level - Kevin Mandia - Foundstone
Information technology has provided great benefits to organizations; it can greatly increase efficiency of employees, promotes effective decentralized communication, it fosters collaboration, and it provides tremendous flexibility to employees. IT greatly contributes to the "internationalization" of organizations. However, along with these benefits, a door of liabilities open up:
Direct costs from computer intrusions (theft, extortion, intentional damage) Costs to resolve incidents Negative public exposure and diminished consumer confidence Regulatory requirements to protect electronic data Failure to meet contractual obligations Worst Case Scenarios Stop-gap countermeasures or tactical knee-jerk reactions will not adequately prevent these liabilities from occurring, nor posture an organization to handle an adverse incident in a methodical, effective manner. Mr. Mandia will provide real examples of how these liabilities impact organizations, and discuss some strategic forensic approaches to minimize the risks an organization faces from the liabilities the information age has brought.
Investigating Thefts of Intellectual Property - William L. Farwell - Deloitte & Touche, LLP
The number one call to corporate computer forensic consultants involves the theft of intellectual property. Mr. Farwell, Deloitte’s new Director of Computer Forensic Services, will cover:
What is Intellectual Property? Finding the Evidence Techniques Recent Cases Caveats __________________________________________________
Building a Better Computer Forensics Lab (Mouse Trap) - Robert Gagnon - Ontario Provincial Police
For years, you flew by the seat of your pants. You begged, borrowed, and stole equipment to conduct computer forensic examinations. Your kid's allowance was bigger than "your budget." Well the Budget Gods have finally looked kindly on you and you are now chosen to build "the unit," when before you were "the unit." Detective Sgt. Gagnon will provide you with the work involved in the creation of the Electronic Crime Section, Investigation Support Bureau. It will include the headaches like:
Budgets and Procurement Selecting Personnel Lab Equipment/ Field equipment What worked and What Didn't Lab Processes Inventory systems Problems & Solutions Encountered
John Bumgarner - President, CyberWatch Scott Turik - Paladin Technologies Inc.
The proliferation of wireless technology has introduced a new venue for criminals, terrorist organizations and foreign intelligence services to conduct unauthorized network activity on both government and commercial networks. The rapid adoption and implementation of wireless technology is making it difficult for information security professionals and investigators to stay abreast of this evolving mechanism to commit computer crime. This evolution in networking is going to have a profound affect on the commission of network crime and intelligence gathering in the immediate and foreseeable future.The intent of the seminar is to provide information security professionals and investigators with the basic knowledge necessary to identify the threat to wireless networks, how to secure wireless networks and to be able to conduct investigations in a wireless network environment.
Topics that will be covered in the track:
Wireless technology communication mechanisms and devices·
Wireless vulnerabilities and weaknesses
Locating and Identifying wireless networks
Information that can be identified in a wireless environment
Mechanisms/best practices for securing wireless networks
TrustWave’s seminar is designed to provide students with a detailed review of the concepts required to perform initial investigations into network intrusion incidents. The course will provide a strong foundation in the operating system, the IP protocol suite, Microsoft networking, common application layer protocols, “hacker/cracker” activity (including reconnaissance, exploitation and denial-of-service attacks) with special attention provided to supporting forensics analysis and investigations.
The Network Intrusion Investigations Fundamentals course is taught by TrustWave’s security consultants, all of whom have strong backgrounds in information security and telecommunications and data network analysis and investigation.
Prerequisites: There are no formal prerequisites for this course, other than a basic comfort with using computer systems and an eagerness to learn this exciting subject.
Introduction to the UNIX OS The “flavors” of UNIX: BSD, Solaris, Linux, etc. Basic UNIX Architecture (everything is a file)
Sources of Information Logfiles Disks Network Traffic
Introduction to IP Networking Fundamentals Evolution of the Public Internet IP and the Postcard Analogy Domain Names and DNS ICMP & Ping IP and Ethernet – 2 Addresses Adding Network Services Unreliable Services and UDP Reliable Services and TCP Common Services and Applications -Mail (SMTP, POP, IMAP), Web (HTTP), etc. Firewalls and Router ACL’s Microsoft networking
Overview of Remote Attack Methods and Network Reconnaissance Goals of reconnaissance: discovering hosts, topology, services, OS A little more detail on ICMP and TCP Network Reconnaissance Techniques: Port Scans, Ping Scans, etc. Traceroute Banner Grabbing OS Fingerprinting Slow Scans SNMP Probes Microsoft Probes (QTIP Demo) Trojan Probes Tools of the Trade: nmap, nessus, Cybercop, firewalk, etc.
System Exploits Buffer Overflows - Basic Concept - Vulnerable Code Examples Web Server attacks Root Kits
Trojan Horses Basic Concepts Back Orifice Demonstration Other Trojans: netbus, Sub7, QAZ
Denial Of Service (DOS) Attacks Early Techniques: Smurf, Land, Ping Of Death, etc. SYN Flooding Distributed Techniques: Trinoo, TFN, Stacheldracht, etc. Combating DOS – screening routers & rule sets DOS Mitigation
Network Monitors Packet Capture with TCPDUMP Protocol Analyzers: Ethereal , Net Xray, Microsoft’s Network Monitor Intrusion Detection Systems (IDS) RMON
Methods of Analysis Public Databases Log File Analysis Network Events
Physical Security and Penetration Testing - Breaking Into Your Buildings Part II
Dennis O' Brien, Physical and Technical Security Pioneer ________________________________________________
Weapons of Mass Destruction - FAQ
Sgt, Jim Windle - Bomb Squad Commander, CMPD
Dennis has spent decades studying the many risks, threats, vulnerabilities and countermeasures associated with both physical and technical security. Both are extremely important, but the physical security vulnerabilities are the low hanging fruit of the overall risk management problem. He will present his host recent thoughts on the overall state of physical security as only he can present it. You might not sleep for a while after this educational and entertaining session.
Sgt. Jim Windle will share some of the most timely information available reagrding the possible threat of Weapons of Mass Destruction. He is well known as an exciting and entertaining trainer as well as a nationally known expert in many subjects including bomb recognition.
Jim Raubach - Forensic Computers, Inc. Lee Tydaska - Computer Conversions, Inc. Shannon Moore - ICS
No part of the rapidly growing fields of computer technology is changing faster than the emergence of bigger, faster and often less expensive hardware. The three presentations in this track will provide an expert look at how we can maintain and perform forensics or recovery on our old, current and soon to be new hardware.