LSEC - Leaders in Security

Security Hardening 2012 - part 2

Sequel to the successful Security Hardening Events of October and February, LSEC and its partners are organizing the next quarterly Security Hardening seminar on June 7th, 2012.

“Security Hardening” means to explore the possibilities of improving the IT and Information Security architectures and systems.
During these seminars, it became obvious that most of the topics were very complementary and gave an interesting viewpoint on how to improve security measures within companies.

Outline

This seminar is mainly intended to companies and government departments already having a security environment, and interested in finding out about new solutions, new approaches and ways to improve their security infrastructure. Security Hardening in this case meant to increase the level of security on different aspects and components of your environment. This would have been be either from a network security perspective, a database and application perspective or increasing the granularity and scope of your data protection technologies. With the hardening was also understood ways and procedures to improve security management as a whole.

All together, we’ve explored how to grow from the typical 80% of managed IT and information security risks to upgrade to 90% or and to understand the complexities, costs and resources necessary to this upgrade path.

9.00h : welcome coffee & registrations

9.25h : Introduction, Security Hardening 2012 part 2 - an overview of hardening by Ulrich Seldeslachts, CEO LSEC

9.30h : Registered mail, certifying mail delivery in the Cloud, by Cham San Tek, Regify

10.00h :  How to overcome “blind spots” created by virtualization, by Bjorn de Jong; Net Optics International Business Development EMEA & LAM

Abstract : Virtualization is delivering many advantages to companies and datacenters. Along with the advantages, virtualization can also become a significant threat. The Phantom Virtual Tap software delivers total visibility of inter-VM traffic passing between virtual servers and reveals previously invisible traffic for superior security, regulatory compliance, and manageability.

About : Bjorn has been active in the IT business since 1998, primarily in network management and security solutions (Network General, NetIQ, Visual, Black Ice/ISS etc). Since 2004 his focus has been on Data Access solutions from Net Optics, Gigamon and Network Critical. Net Optics is the leading provider of Intelligent Access and Monitoring Architecture solutions that deliver real-time IT visibility, monitoring and control. More than 7,000 enterprises, service providers and government organizations—including 85 percent of the Fortune 100—trust Net Optics’ comprehensive solutions to plan, scale and future-proof their networks.

10.40h :  Data Leak, by Dominique Laigle Security Practice, Bull Services and Solutoins

Intellectual property thefts around the world have a cost of around 10 billion €/year to businesses as a whole, without counting the several more billion € /year losses for industrial espionage that businesses suffer. As a matter of fact, “Knowledge” thefts are among the most common attacks on companies from unscrupulous individuals. However, we need also to take into account that the most common data leaks occur from insiders who have no clue about the danger of their behaviour regarding their “art of communication” with the outside world. Organisations are therefore realizing that the risks associated with data leaks must be taken into account at the same security level as the overall enterprise security hardening.

To satisfy this growing business need, Bull has developed a “data leaks” solution whose main pillars are:
- Discover and reference the sensitive documents dynamically, based on rules specific to the organization (keywords, recipients ...)
- Establish a footprint that can be recognized even if they have been altered or camouflaged (copy and paste, capture ...)
- Monitor network flows to detect any improper output.

11.20h :  GSM network vulnerabilities, by Peter Cox, UM Labs

The need for data security is well understood, most data applications and services have at least some level of security protection.  In contrast, the security problems associated with voice communication is rarely considered. This presentation will examine the security threats relating to voice calls made on GSM networks and will include a demonstration of call interception on a GSM network. The presentation will then outline how these problems can be addressed using VoIP technology and sound data security principles.
An earlier version of this presentation was presented at the Federal Cyber Security Conference in Baltimore, October 2011.

12.10h : lunch break & networking

13.10h : 3 generations of access & identity management: technology overview, trends and future evolutions, by Rik Van Bruggen, Regional Sales Director Courion

Abstract : In the past 15 years, our industry has tried and tested multiple strategies to address the “identity problem”. Everyone seems aware of the fact that the “insider threat” is a clear and present vulnerability in our organisations’ IT infrastructure, but our strategies to mitigate the risks associated with this vulnerability have been all over the place. In this presentation, we would like to present an overview of the industry’s evolution, assess strengths, weaknesses and lessons learnt from the different attempts at solving the problem - and suggest a way forward.

Visit :  http://prezi.com/anzj7koibsbu/lsec-presentation

About : Rik Van Bruggen has been working in the Identity and Access Management industry since the end of the nineties, at companies like Novell, Imprivata, and now Courion. Having lived through the industry’s different generations of problem solving strategies, he is very well placed at presenting and discussing the latest challenges and solutions with the audience of this session.

13.50h :  Try before you buy : antivirus diverting not only signatures but also sandboxing, by Jerome Nokin, Security Consultant, Terremark (a Verizon Business Company)

Abstract : Malware recognition today is still mainly based upon the recognition of signatures from known malware. But the malicious code signatures are only effective if they haven’t been changed. Modern malware is changing the code (by polymorphism, metamorphism,) or by obfuscation of malicious codes. As a result most antivirus vendors’ were seen forced to supplement their traditional mechanisms of detection by heuristic approaches and emulation of code (sandboxing). But even these detection techniques should be should be tested, despite everything, We’ll take the test by carrying out some of our payloads Metasploit favourites.

About Jerôme is an expert in Ethical hacking (CEH certification), penetration testing (ECSA certification) and vulnerability assessment of Web-based applications, network infrastructures and operating systems. Source code reviewing (C/C++). Prior to joining Terremark (Verizon Business ), he was Security Consultant as System and security architect at Trasys, where he did Vulnerability assessments and penetration testing of web-based applications, network/security related devices and operating system.Part of his expertise he derived from being a Security and Linux engineer with Trasys.

14.30h :  Coffee Break

15.00h : Trusted Computing Technology – Moving security from software to hardware protection. By Nick Spekkels, Business Development Director (commercial) EMEA - & Boudewijn Kiljan, Business Development Director (technical) Global – Wave Systems Corp.

Abstract : Trusted Computing is not only a concept of ensuring information technologies that can be trusted, it is also referring to a standardized technology platform which is supported by many hardware, software and network vendors worldwide to facilitate securing the data on these devices.
Hardening your information security also mean utilizing your existing TPM (Trusted Platform Module), which you might not know you already had in your laptops and desktops.
Discover how you activate your TPM and use TPM to lower your TCO on security. Also find out how hardware based disk encryption can increase your security and compare it to software encryption. Increased security (secrets protected by special hardware) and lower costs (up to 10 times lower than software based full disk encryption technologies products)

About : Nick is an experienced security professional with a focus around Data Protection.
15 years ago Nick started his career at Unilever HQ running IT projects, after 5 years fulfilling various IT roles he made the switch to IT security, starting at SafeBoot, a Dutch Data Protection Software company.
When in 2008 SafeBoot got acquired by McAfee Nick took the role as Product Line Executive for Northern Europe at McAfee.
In that role Nick advised large enterprises on security strategies and how to comply to various local regulations.
Now Nick works as the Director of Business Development EMEA at Wave Systems focusing on security by design and advising organizations about the future of security and the open industry standards from the Trusted Computing Group.Wave Systems Corp. reduces the complexity, cost and uncertainty of data protection by starting inside the device. Unlike other vendors who try to secure information by adding layers of software for security, Wave leverages the security capabilities built directly into endpoint computing platforms themselves. Wave has been a foremost expert on this growing trend, leading the way with first-to-market solutions and helping shape standards through its work as a board member for the Trusted Computing Group.

15.40h : Security Hardening by Privileged User Access control, Johan Van Hove, Security Lead, CA Technologies

Federation is more than Web SSO, but it is the delivery of secured digital identities between autonomous domains, where companies or partner companies can get transparant access to applications made available over Internet. There is a shift happening in the federation concept, where they have to provide for a wider vision and strategy based upon Identity and Access Management.

16.20h : When business fully understands the challenges of security, an end to end security strategy can be considered. An example from laptop to datacenter, by Antonio Mata Gomez, Oracle

Abstract : The simple question was : what is Oracle doing on information security? There was a simple answer : many things. That has resulted in a series of activities for Oracle to demonstrate their security practice, from db hardening to an end to end perspective. Oracle’s identity management solutions, Oracle applications and the whole cloud offering are only a fragment of the security perspectives of Oracle. As a result, with this concept of an end to end approach, as a case study, it becomes clear what the concept of hardening is all about. It starts from the single data digit, but has to be carried throughout the chain of processing, at light speed or faster and secured.

Case:  Transparency, Accountability and Auditability of high privileged users access is mandatory.
Efficient and consistent User Administration of multiple Databases is becoming more and more important, and is a basic requirement in compliance and auditing discussions. Not only making sure that the right users have access to the right databases at any point in time, but also the traceability of the past and a full view of the lifecycle management and auditability of the high privileged users (eg DBAs) is a key basic compliance requirement in any organization Compliance is not only a matter of processes and applications, but also the place where the information is stored, is seen as a serious attention point for auditing the compliance, security and risk exposure. Ensuring that the right people at all times have only access to the information they are entitled to, has never been so important.  The user management across these multiple DB instances is often done individually, with manual interventions or using scripts, which is costly, not error free and not well accepted by auditors.
About : Antonio started his career as an Oracle database consultant. Back then IT was more interested in High Availability and Scalability but enterprises started showing a growing interest in protecting their key Business Assets persisted in database management systems. Antonio’s expertise was formed through many projects where protecting the database was key in order to guarantee the required security level.In his role of Database Security expert Antonio closely followed up on the Identity & Access Management market trends, which has enabled him to approach security projects from multiple angels.

17.00h : Closing Remarks & Networking Reception

18.00h : Close of Seminar

Specifically some topics we are aiming for :
- network monitoring, deep packet inspection
- embedded security
- IPv6 & impact on security
- Database security hardening
- Web application security - firewalling
- New developments in hardware security – TPG/CC-based
- Security as a service (in the cloud)
- Virtualization security
- Identity management – access management - authentication
- Vulnerability testing – intrusion detection
- Data Protection technologies & systems
- Critical Infrastructure Protection
- Cybersecurity & Malware protection
- Security Monitoring & Network Monitoring
- Governance & Compliance
- …

Practical Details

LSEC Security Hardening 2012 - part 2
June 7th, Kasteelpark Arenberg, Leuven - Department Computer Sciences - 200

Seminar : Auditoria N- Celestijnenlaan 200n, 3001 Heverlee - Lokaal 00.04 - 200N.00.0004
Registration : INKOMHAL 200S

Driving instructions :
http://wms.cs.kuleuven.be/cs/english/general-information/directions
Departement Computerwetenschappen
KU Leuven
Celestijnenlaan 200A
3001 Heverlee – België
Once inside Follow Signs to auditorium 200N 00.04 – or 200S 00.02 for reception and lunch break.
Following E40 or E314 to Leuven, exit Leuven centre (nr. 15) and turn at the 3rd traffic light right for Heverlee by entering Celestijnenlaan. You will find the signs to the Department on your right (200A).
Public transportation : follow instructions on the Computer Sciences website

Register already now, to ensure your seat at http://securityhardening2012part2.eventbrite.com

Free to participate to LSEC Members, LSEC partners and partner Members, Agoria Members, ECSA Members.
Free to participate to any others when subscribed before March 30th. After that date, subscription fee of 150 €.
Non-Cancellation fee of 150 €, upon no cancellation at least 1 day before the event and non-appearance.

This event was supported by CA Technologies, an LSEC platinum sponsor for our events. We are always open to other, additional interested parties.

About the organizers :
This event is organized by LSEC, a not-for-profit association focused on Information Security in Belgium. LSEC has been organizing over the last couple of years over 100 highly professional information security oriented activities. LSEC is a founding member of the European Security Innovation Network, a project supported by the European Commission through the INTERREG IVb program that supports innovative developments in the North Western European region in Security. With its partners Systematic Paris region in France, SITC in the UK and TeleTrusT in Germany, LSEC welcomes the active participation of companies to participate in the discussion of potential threats, challenges and opportunities for companies in the domain of Security, or to the enterprise market and government institutions.