Well the last day of the main conference has passed at Auscert and those not staying behind for the tutorials are winging our way back home. Quite a number delicate heads this morning after the gala dinner last night, but the day forged on.
Keynote - Web 2.0 - Securing the Brave New World
The keynote today was Mary Ann Davidson (Oracle Corporation). Mary Ann discussed a number of the challenges facing us in the web 2.0 world. Where perimeters fade, more and more data is available, there is more to defend and the “need to share trumps the need to know”. She also discussed some of the social aspects regarding the information that is readily available to people, both within organisations as well as on the internet and the need for stronger control over who has access to this information (at least within the organisation).
- Know thy Enemy: deconstructing a multi-billion message spam attack & the criminals behind it - Patrick Peterson (Ironport Systems) gave an interesting presentation on the world behind spam and how it works. Patrick went into some of the specifics of how the spam is delivered, changed and again delivered. How some pieces of spam change every 15 minutes or so and how the domains associated with them are registered and used.
- The Cyber Criminal Economy - Stas Filshtinskiy (ANZ) gave an insight into the cyber criminal economy, which in turn explained why certain things happen in our environment.
- Large Scale Flow Collection and Analysis - Mike Newton’s (Stanford University) presentation gave us information on how the university uses Argus to collect and analyse large amounts of data at the university. The information was used for multiple purposes which included identifying compromised hosts, but also to identify the firewall rules required within their infrastructure.
- Traditional IDS should be dead - Richard Bejtlich (TaoSecurity). Richard’s presentation went into some of the shortcomings of Intrusion Detection Systems. Essentially providing an alert regarding an event is not enough. To identify if there is really an issue the information has to be correlated, ideally from sources other than the one providing the alerts.
Those are pretty much all the sessions I was able to attend today. This was my first Auscert event and I enjoyed it, caught up with some old friends, made some new ones. On to the next one.