Newfoundland hosted its first Security BSides conference this weekend in St John’s. This event was part of a larger series of security conferences that are happening around the world. There aim is to bring together security experts, industry professionals and others in their community to directly connect, share ideas, insights, and develop long lasting relationships.
Norbert Griffin, the lead event organizer, welcomed the near 140 attendees to the conference, then quickly set the stage for eight diverse talks touching on security topics from penetration testing to hiding the evidence that anything unsavory has ever even occurred on a computer system.
Here are the highlights from the talks:
Chasing Turkeys – Travis Barlow, Director of Consulting Services – Atlantic Region, eSentire.
Travis opened the conference with an illuminating discussion on how some items (tools, software, documents, etc) rarely considered a risk by infrastructure managers, systems administrators, and even by IT Security Professionals can be leveraged by attackers to not only exploit key weaknesses in systems but to exfiltrate data from within an organization. He drove his point home by recounting an occasion on which he had successfully defeated a target network’s defenses simply by using what was left available on the systems. Admin tools, documents, shared folders, etc, on production systems are a penetration testers dream, we all have to be careful what we leave kicking around.
iPads: Love’em, Hate’em, You’re going to have to deal with’em – Mark Nunnikhoven, Security Architect.
iPads (and iPhones) are popping up on your network and your going to have to secure them. Mark took the audience through a discussion touching on connectivity, data storage, applications, support, media management, and more, while identifying some of the pitfalls, problems, and challenges associated with these (and similar) devices. He then presented some approaches to help minimize the risks these devices pose without significantly impacting the experience users expect.
Modern Malware Exposed! – Ajay Sood, Territory Manager for FireEye.
Ajay’s talk covered trends in modern malware. While traditional malware still represents a common threat to all users, today’s malware has evolved into a more cunning foe. No longer are exploits just about attacking the host operating system, now it’s about attacking the client applications. These attacks are also more likely to be quiet about their presence, forming long term relationships between the attacker and the victim. Further to these advances are targeted attacks; these malware focus upon gaining access to data of particular systems or users. Add in phishing for another angle on exploiting defenses, and it becomes clear that the ‘good old days‘ worrying about just viruses & worms have passed.
The Web is a Battlefield – Jean-Pier Talbot, WatchGuard.
In this talk Jean-Pier painted a grime picture of the realities of the modern web. There are many dangers lurking that the unsuspecting user may fall afoul. To demonstrate this premise he performed a live demo of how easily one could succumb to a cross site script vulnerability.
How to Secure your Apache Camel Deployment – Jon Anstey, Principal Engineer for FuseSource.
Jon offered a different view on security from the other presenters at the conference. He approached security from the perspective of an application developer, more specifically of an Apache Camel developer. To do this he introduced the concepts of Enterprise Integration Patterns and Apache Camel’s role in implementing them (Apache Camel is a popular open source java framework for routing data from one endpoint to another). He then illustrated the four key areas of security that a Camel developer must be aware of when developing and deploying Camel routes.
Virtually Safe? – Kellman Meghu, Security Engineering Manager for Check Point Canada.
Kellman provided a lively discussion on security strategy perspectives when working with the cloud. He asked the audience to think about what we are trying to accomplish when we move to virtualized services and how that relates to security. He then asked if we want to virtualize our security infrastructure (leveraging virtualization technology to deliver security services) or if we need security for our virtualized environment. Each distinction comes with their own set of pros and cons. Bringing these two sides together he highlights that what is important here is our data. A possible solution to this being that we focus security through our own private clouds, and shared or community clouds that we form with others.
Having your cake and eating it – Remote Access Security – Tim Newell, Senior Security Consultant with Bell Aliant.
Today we are seeing an increase in demand for remote access. To provide access we have to consider security and costs. In a perfect world security would come first, however IT staff are under pressure to reduce costs while enabling remote access. What we need to work on is how to provide the access our users demand while still maintaining security. Tim lead a discussion focussing on the challenges we face delivering scalable, flexible systems that provide varying security postures depending upon what we are trying to access (one size fits all approaches do not work). He then illustrated the concepts he reviewed in a case study.
Evasion with anti-forensics – Adam W. Mosher, Senior Security & Network Consultant with Bulletproof Solutions.
What is and isn’t anti-forensics? Whom uses it? How effective is it? How does it affect the forensic investigator? Adam introduces the audience to all of these issues, and the ramifications of there use in the field. After listening to his talk it becomes clear that hiding evidence of activities is evolving at an alarming pace.
The true highlight of the event though was all the opportunities attendees had to meet one on one with their peers. The event venue was a buzz from morning until late night with ideas being shared and new connections being made. It’s not too often that penetration testers, system administrators, network analyst, security researchers, application developers, and vendors get together to discuss the pressing security issues of today and tomorrow. The event organizers, and sponsors, really out did their selves in providing this unique opportunity to participate in the global Security BSides community, hopefully this will be the first of many more to come to St John’s.