  |
|
| |
|
|
||||
|
||||
| Security Surf Seminars Alaska • August 6th to 13th, 2005 |
||||
| Advanced
Linux Security (half day) Description of how you can utilize advanced linux kernel patches such as LIDS, Grsecurity, Systrace, RSBAC, or SELinux to lock down your machine to the point that a root compromise is uneventful.
Dealing with Windows RPC (half day) The Remote Procedure Call (RPC) protocol is used in a wide range of operating systems for host-to-host communication that supports distributed application environments. No matter what the operating system, RPC-based services have not exactly been known for their intrinsic security, but there are special security problems in the Windows implementation of RPC. This presentation delves into security-related issues in connection with Windows RPC--specifically how this service works, the particular components and associated calls, and the implications for security. There are many possible control measures that can reduce the dangers of this dangerous protocol, but every one leaves something to be desired. The last part of this presentation covers the cost versus benefit ratio of each potential control measure.
Security Solutions from IBM (half
day) This talk will cover the range of IBM security products. We'll talk about IBM Tivoli Access Manager, IBM Tivoli Identity Manager, IBM Tivoli Privacy Manager, IBM Tivoli Risk Manager, among others, and discuss how they fit into an overall secure service oriented enterprise architecture that includes human access, application-to-application communication, and Web services.
Secure Linux Programming (quarter
day) Avoiding vulnerabilities such as race conditions, symlink attacks, buffer overflows, and common methods of securely managing processes that have extra privilegs with set*id, chroot, and the most common mistakes with coding for enhanced privileges processes. This would be a longer (and less dizzying) version of my "Linux: The Securable Operating System -- every Linux security hook in 60 minutes or less."
Windows CIFS Security (half day) The Server Message Block (SMB) protocol has been around for a long time now, but few people understand exactly how this protocol works and what its rather dismal implications for security are. SMB sessions involve a bizarre four-step handshake in which security can be bypassed by any reasonably proficient attacker. Additionally, SMB is vulnerable to a variety of denial of service (DoS) attacks. This presentation focuses on the various versions of Microsoft's SMB implementation, the Common Internet File System (CIFS), focusing on the SMB handshake, the format of the SMB portion of packets, the implications for security in Windows systems, and the many solutions that can be implemented.
Email, File, and Filesystem Encryption
How to use GnuPG (GNU's PGP software). How PGP works, creating and managing private keys, using keyservers, verifying and signing other party's keys, encrypting and decrypting from the command line, integration with other tools (email clients such as Mutt, etc). Symmetric file encryption with GnuPG and/or OpenSSL. How to create and use Linux Cryptographic filesystems (including kernel recompilation if necessary) to provide automatic encryption of all data on a given filesystem.
Benchmarking Intrusion Detection Systems
How effective is a given intrusion detection system? In most people's minds, the question is settled on the basis of handwaving or religious arguments. Furthermore, vendors have resisted providing empirical data on the IDSs they sell, further clouding the issue. Although few organizations benchmark the IDSs they use, a number of "quick and dirty" benchmark methods that could provide some empirical data without requiring a considerable amount of resources can be used. Additionally, more thorough (and more valid) methods are available if the time and resources needed are available. This presentation covers methods for IDS benchmarking and the advantages and limitations associated with each.
|
Introduction to Application Security Concepts In this talk we'll introduce the basic concepts of security and how they apply to enterprise systems and applications. We'll start with fundamentals, covering encryption, hashing, digital signature, authentication, and authorization among other concepts. Then we'll apply those to network, system and application security, explaining how the fundamentals are used by enterprises to protect valuable data. We'll look at how we can use security at the transport layer, such as with SSL, to protect data in transit. We'll see various access control enforcement techniques such as firewalls and reverse proxy security servers. Along the way we'll see how J2EE declarative security makes the job of developing secure applications easier, delegating much of the security responsibility to the application server. Finally we'll briefly introduce security for Web services.
Cryptographic Tunnels with SSH and
Stunnel The talk will provide a quick overview of VPNs with the majority of time spent describing SSH and Stunnel (SSL) tunnels, including how to properly set up unattended logins for ssh, and being your own certificate authority for SSL.
Secure Shell and Network-based Intrusion
Detection: Can (or Should) They Co-exist? Secure shell (ssh) provides strong authentication and protection against unauthorized capture of data sent over networks. At the same time, however, by encrypting the data portion of packets, ssh makes network-based intrusion detection considerably more difficult. Attackers also often take over a host, gain a root shell, and then plant a tty sniffer that captures ssh keys/passwords before they traverse the network, thereby defeating the password security that ssh provides. Some organizations have simply given up by banning the use of ssh altogether, even though data sent over networks becomes exposed to snooping. There are, however, better alternatives, one of which is Baysian analysis of connection context--determining the kind of ssh connections that occur between hosts and calculating the probability that a given host is compromised given the probability that others that share ssh connections with it are or are not compromised. A case study will be used to show the kinds of problems associated with using a network intrusion detection system to identify security breaches and how Baysian analysis can help address these problems.
Linux VPNs and Cryptographic Tunnels
There are a plethora of technologies that can be used to protect network communications. VPNs are the most popular buzzword of the day, but are often misconfigured or unnecessary. In this seminar noted author Brian Hatch will provide an overview of several VPN technologies available on the Linux platform, discussing their features, drawbacks, and interoperability with third party hardware and firewalls. He will also discuss other more lightweight options for creating secure communications between hosts that are frequently more efficient and provide better security than full blown VPN connections, such as SSH tunnels and SSL/TLS sessions using Stunnel. Private communication, be it with VPNs or other crypto tunnels, are in today's technology headlights, and this seminar provides technical insight and knowledge that you can use immediately to enhance your projects and secure your network communication.
IBM Tivoli Access Manager (quarter
day) Access Manager is an extremely versatile access control enforcer. In this talk we'll look at the various ways Access Manager can secure enterprise applications, discussing its components and architecture. We'll also demo several uses of Access Manager and see how you can programmatically use Access Manager's APIs to talk to its authorization server and administrative policy manager.
How to use Stunnel to tunnel arbitrary cleartext network connections inside SSL if you control one or more endpoints. How to use Stunnel to allow SSL transmissions for clients and servers when you do not control the source code of the applications. How to build native SSL support into your own applications using OpenSSL. All issues of SSL Certificates, Certificate chains, and becoming your own certificate authorities are discussed as well.
|
