| DAY 1: THURSDAY OCTOBER 6, 2011 |
| 8:00 a.m. |
| Lobby |
Registration and Continental breakfast |
| 10:00 a.m. – 10:15 a.m. |
| Matoaka Room |
Welcome and Opening Remarks: Thomas Jefferson |
| Colonial Williamsburg interpreter Bill Barker will share insights about information security in the 18th century. |
| 10:15 a.m. – 11:15 a.m. |
| Matoaka Room |
Keynote Speaker: Jason Rouse, Principal Security Consultant, Cigital, Inc. |
Mobile devices have become the quintessential access device for hundreds of millions of people worldwide. In North America, we are currently adopting mobile at an astounding rate -- pushing services, business, and information access out to mobile users ‹ while not completely understanding some of the underlying risks and opportunities that the mobile platform provides. This talk will expose you to the current state of the practice in the mobile space, covering platforms like Android,
Blackberry, and iOS, the cellular network, and explaining how security in the mobile environment differs from the security basics we've been coming to grips with on the web and elsewhere. There will be case studies throughout the talk, explaining how to attack handsets, the applications on them, and even the cellular network itself. Finally, we'll wrap up with a discussion of some of the more robust secure design approaches available to software vendors and consumers.
|
| SESSION 1: 11:30 a.m. – 12:30 p.m. |
| Dogwood A Room |
Open Source Tools for Blocking Malicious IPs and Domains – Matt Keel (College of William and Mary) and Norman Elton (College of William and Mary) |
| Leveraging open source tools, William and Mary has built a system that creates routing and DNS feeds to block access to malicious hosts. Using existing infrastructure and freely available sources of information, this setup is inexpensive and easy to reproduce. We will discuss the system architecture and the lessons learned during its deployment and operation. |
| Dogwood B Room |
Transcending Borders: Managing User Relations and Expectations - Wayne Martin (Bluee Ridge Community College) and Phyllis Patrick (Phyllis A. Patrick and Associates) |
| Information security is a team effort and individual responsibility requiring effective communication and strong collaborations. Session presenters will bring lessons learned from the rapid changes in Health Care information security that were triggered by federal regulations such as HIPAA and HITECH. The importance of Senior Management and User acceptance, ownership, and participation in the information security process will be emphasized. |
| Holly Room |
Do They Measure Up? Assessing the Security Posture of Third-Party Service Providers - Shirley Payne (University of Virginia) and Kevin Savoy (University of Virginia) |
| In these days of outsourcing, SaaS, and clouds, higher education is increasingly turning to third parties to host institution-owned data to gain efficiencies and reduce cost. But how do we assess the incremental risk of engaging third parties to host our data? How can we ensure that adequate security practices are in place prior to finalizing any contractual agreement? This session will introduce a general strategy and several tools already in use for prequalifying and auditing third parties and provide a roadmap of how one institution dealt with these issues. |
| 12:45 p.m. – 1:45 p.m |
| Matoaka Room |
Lunch break |
| SESSION 2: 2:00 p.m. – 3:00 p.m. |
| Dogwood A Room |
Jlab and Managing International Remote Access – Dr. Roy Whitney (Jefferson Laboratory) |
| New approaches are being taken for cyber security in response to cyber security events and evolving threats at science and technology laboratories. The approaches integrate achieving missions and goals, meeting national standards and achieving acceptable levels of residual risk. |
| Dogwood B Room |
Perspectives on University Information Security: Courtney Carpenter , CIO (College of William and Mary); Brian Daniels, Internal Auditor (Virginia Tech); Darlene Quackenbush, Information Security and Planning Officer (James Madison University); Gene Roche, PhD, Director of Academic Information Services (College of William and mary)
|
| As CIOs, business managers, technicians, auditors, researchers and others consider the challenges of data management and information security, each comes to the discussion with slightly different motivations and views of what problems exist and what actions might be necessary or worthwhile. During this panel, representatives from such constituencies will share their perspectives on information security issues facing our institutions. |
| Holly Room |
Malware Incident Response - Will Urbanski (VA TECH) |
| As malware-specific detection devices have become more mainstream, the quantity and quality of malware-related incident data has also increased. Modern malicious software has forced IT security professionals to rethink how they prioritize and respond to malware-related incidents. Malicious software infections require incident response steps that differ from system compromises. This session will cover the malicious software incident response steps employed at Virginia Tech: the steps we take, the software we use, and how this approach has helped our institution. |
| Session 3: 3:15 p.m. – 4:15 p.m |
| Dogwood A Room |
Securing the Enterprise in a Mobile World – Brian Wisniewski (Carnegie Mellon) |
| The presentation will outline the CERT Defense-in-Depth Framework and the impact mobile computing has had on many current organizations. Industry best practices currently used to help encourage innovation and adoption of mobile technology by users while protecting the enterprise infrastructure will be outlined. We will consider the evolving challenge in protecting intellectual property when devices are lost or stolen, the regulatory and compliance issues surrounding personally owned mobile devices in the enterprise, and the potential for use as an attack vector that greater cellular bandwidth and more powerful devices represent in today's threat environment. |
| Dogwood B Room |
Insuring Your Data: Enterprise Laptop Encryption – Dan Han (Virginia Commonwealth University) |
| With numerous federal, state, and industry regulations, data breach notifications are required when an organization’s sensitive data fall into the wrong hands. However, amidst various regulations and data breach notification requirements, properly encrypting the data in transit and at rest can help an organization to better secure its data, while avoiding some of the mandatory breach notifications required by these regulations. This presentation will provide an overview of the design and implementation of an enterprise encryption system for laptops within the Virginia Commonwealth University; The definition of business and technical needs, implementation methodology, as well as the challenges and lessons learned will be discussed in this session. |
| Session 3: 3:15 p.m. – 4:15 p.m (continued) |
| Holly Room |
Security Techniques and IPv6 – Randy Marchany (Virginia Tech) |
| VA Tech has been running a full production IPv6 network since 2006. Our IPv6 networks operated in parallel with our traditional IPv4 network. This talk describes the process, challenges and security issues that we've discovered in our implementation of the IPv6 network. We'll discuss a migration strategy to IPV6. We'll discuss some of the IPv6 security issues we've discovered in our implementation. |
| Session 4: 4:30 p.m. – 5:30 p.m |
| Dogwood A Room |
Protecting your front door – Web Application Firewall - Kamnab Keo (Virginia Commonwealth University) |
| Web site and applications attacks have increasingly become a favorite target for hackers. In an effort to serve customers more effectively, organizations are migrating what use to be internal or manual business functions to web technology, often times, exposing their internal business functions to the public. As this trend continues, attacks on public facing web applications will increase. While EDU has not been the focus of recent will publicized attacks by groups like “Anyonmouse” or “LulzSeC” it would be unwise to think that EDU organizations are not continuously being probed and attacked. How can a web application firewall help reduce these threats? This session will review real world lessons learned from implementing a web application firewall at VCU. |
| Dogwood B Room |
Securing Remote Access to IT Resources – Bryan Miller (Virginia Commonwealth University) |
| Remote access to network resources has become so common that many organizations take it for granted. However, designing, building, securing and maintaining these remote resources must be done properly to prevent attackers from gaining unauthorized access. This presentation will describe some of the common methods used for remote access, what the bad guys are doing to attack those methods and how network administrators can test their networks to help protect them. Included in the discussion are common tools used by both “whitehats” and “blackhats” to test for security weaknesses. Issues involved with the proliferation of smartphones and other mobile devices will also be covered. The final topic is some general guidelines on device hardening to protect them from attack. |
| Holly Room |
Security in the Apple world: iOS, iCloud and Macintosh Security – Tim Wilkinson (University of Virginia) |
| How secure is a Macintosh out of the box? Is your iOS mobile device secure? What are the security implications of Apple's new cloud storage system, iCloud? This presentation will cover the latest security features in OS X 10.7 (Lion) as well as iOS. We’ll also discuss Apple’s new cloud service, iCloud, and security related to using that service in an education environment. We’ll then wrap up with a review of some security tools that come with the operating system and how to configure your systems to be more secure. Learn how to make your Apple products more secure in an education environment. |
| RECEPTION: 5:45 p.m. - 7:00 p.m. |
| DAY 2: FRIDAY, OCTOBER 7, 2011 |
| 8:00 a.m. |
| Lobby |
Continental breakfast |
| SESSION 1: 8:45 a.m. – 9:45 a.m. |
| Dogwood A Room |
Data Loss Prevention – Ray Usler (Mary Washington College) |
| Protecting data in a higher education environment presents a set of unique challenges. The question is, do we know where all that data is stored (desktops, laptops, servers, databases) or is it motion on our network? Can we trust that our users are following policy? How intrusive can we be? Data loss prevention solutions are designed to prevent the unintentional loss or the intentional deletion of sensitive information. In this session, I will discuss why we are looking at a DLP solution to help us discover, monitor and protect our sensitive information. |
| Dogwood B Room |
Known Vulnerability Query Application and Notification Program – Curtis McNay (George Mason University)
|
| The IT Security office at George Mason University lacked a simple flexible tool to researching known vulnerabilities for systems that we were assessing or investigating. We also wanted to provide individual system administrators with reports tailored specifically to their systems in a timely fashion. So we created a web based application that makes the US-CERT’s vulnerability database easily accessible with customizable, flexible, storable queries that are presented in a user friendly format. We’ll show you how we’ve incorporated it into our vulnerability assessment and notification processes. |
| Holly Room |
SANS SEC567: Power Packet Crafting with Scapy – Judy Novak |
| Scapy is a Python API that provides a very intuitive way to easily craft traffic with some knowledge of TCP/IP. This course starts out with an introduction to scapy, including what it is, why you might want to use it, and a demonstration of some simple crafted packets. This is followed by understanding how simple packets are crafted and an introduction to scapy notation and formatting. Eventually, you learn how to craft the TCP three-way handshake and create a client or server side of a TCP session. We also discuss how to sniff network traffic using scapy and how to alter packets. Finally, there is a demonstration on how scapy can be used in real-world scenarios, such as crafting those previously mentioned overlapping TCP segments. |
| SESSION 2: 10:00 a.m. – 11:00 a.m. |
| Dogwood A Room |
Auditing Security for Remote Access to IT Services – Goran Gustavsson (APA) |
| Auditing Remote Access Security focuses on the techniques and audit programs that are used to gain reasonable assurance over an organization’s implemented remote access safeguards that protect data confidentiality, integrity, and availability. Using a risk-based approach, the presentation will guide the audience through a typical remote access audit engagement, which will cover planning and test work phases. |
| Dogwood B Room |
Endpoint Security: A Tiered Approach - Darlene Quackenbush (James Madison University) |
| Computing and data-related activities performed by individuals in a university setting require flexibility in the way endpoint security is managed. Yet supportability and compliance concerns favor standardization. Seeking a workable balance, James Madison University is engaged in several projects focused on identifying and applying the right amount of security control to disparate endpoint uses. The presenter will share James Madison University's approach and discuss their efforts to implement desktop baselines and a stratified model for endpoint protection. |
| Holly Room |
SANS SEC567: Power Packet Crafting with Scapy – Judy Novak |
| SESSION 3: 11:15 a.m. – 12:15 p.m. |
| Dogwood A Room |
Mobile and Cloud Security: Practical Applications of the Information Security Guide – Cathy Hubbs (American University) and Mary Dunker (Virginia Tech) |
| As a security professional, have you been asked to evaluate or provide input on security for cloud computing or mobile technologies, but neither of these is really your area of expertise? Don't panic! Use the Information Security Guide sponsored by the EDUCAUSE/Internet2 Higher Education Information Security Council. During this presentation, practical security considerations for cloud computing and mobile devices will be discussed. All references are from the Information Security Guide. |
| Dogwood B Room |
Design Considerations for Securing Remote Access – Chip Greene– (University of Richmond) |
| Access to IT resources from remote locations is becoming more commonplace each day. Teleworkers, remote research faculty, students and vendor technical support groups each differ in the type of access required as well as which IT resources they use. How do we, as security focused institutions, accommodate these requests and ensure the integrity of university data? Evaluation of the users' specific needs, the technology available for connectivity, and the level of security for each application must be considered to develop a comprehensive remote access design. This presentation reviews these considerations and provides an insight to developing a more secure remote access service. |
| Holly Room |
SANS SEC567: Power Packet Crafting with Scapy – Judy Novak |
| 12:30 p.m. – 1:30 p.m |
| Matoaka Room |
Lunch break |
| SESSION 4: 1:45 p.m. – 4:45 p.m. |
| Holly Room |
SANS SEC567: Power Packet Crafting with Scapy – Judy Novak |
| END OF CONFERENCE |