Dana Epp's ramblings at the Sanctuary: SecureWorld Expo Day 2 Review


« SecureWorld Day 1 Review \| Main \| Another Security Hole fixed in PuTTY 0.56 » October 27, 2004 SecureWorld Expo Day 2 Review Well, I am back in Canada tonight, and have a bit of time to catch up on the rss feeds and update the blog. I thought I should summarize day 2 of the SecureWorld Expo show. Here is a quick review: The early morning breakfast session with Kirk Bailey, CISO of the City of Seattle seemed to be pretty good. We showed up a bit late, and had to sit in the back... where the sound was really bad. Luckily I think he is coming up to the West Coast Security Forum and I will be able to hear him speak when he comes up. Crispin did a presentation on host based intrusion prevention for Linux systems through the use of LSM. Interesting stuff. His Subdomain product does similar stuff to my current Windows work in intrusion prevention, hold that to some deep inspection stuff that I am doing. I have heard him speak before, and this presentation wasn't as "fun" as when he talks passionately. His presentation on defending servers during DefCon at the Bellingham Linuxfest was much more interesting. I listened to an EXCELLENT presentation on "Next generation Approach to Risk Analysis" by Peter Stephenson. He presented an interesting topic on Forensic Analysis of Risks in Enterprise Systems (FARES). I could go on for hours about the topic as it was very enlightening as a qualitative risk assessment process. Instead I will point you to the very informative slide deck that was used during the presentation. One thing I liked was the way to use Coloured Petrinet to create interactive risk analysis models and actually test how an attack vector may be mitigates in a network environment without having to actually modify your environment. Makes simulations very nice. The most disappointing panel of the conference, IDS vs IPS was a big flop. There was NO constructive debate on the pros and cons of IDS vs IPS. It was again rah-rah [vendor name here] approach is the greatest. No one would give a straight answer to anything. From cost to implimentation techniques, it was all basically a deflection to come talk to them and explore needs. Beau summed it up pretty good as we walked out. No way in hell should anyone put a network IPS in place to STOP critical business network flow when so many false positives already overwhelm us in the IDS space. I add that no way in hell should we consider a single device accessable by the Internet to hold all our keys to our security; network IPS vendors saying you should store all your private keys for a certificate proxy should be shot. (That would be a good portion of the panalists) Overall, it was a good show. I am chomping at the bit now though for the West Coast Security Forum. In a few blog entries later this week, I will discuss some of the interesting findings that I had while talking with vendors. Posted by SilverStr at October 27, 2004 11:24 PM \| TrackBack		My 5 Favorite Books Writing Secure Code Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind My 5 Favorite Papers Smashing the Stack Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides Archives December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 GeoURL

October 27, 2004

SecureWorld Expo Day 2 Review