SANS Institute

SANS Secure Europe
Community Night Program

18:30 - 21:30, Wednesday, 27 June 2007
At the Management Centre Europe, Brussels
Rue de lAqueduc 11B
B-1050 Brussels
Belgium

Social Aspects of IT Security: Social Engineering

In recent years, people have become more familiar with the term "social engineering", the use of deception or impersonation to gain unauthorized access to sensitive information or facilities. Because computer security is becoming more sophisticated and more difficult to break (although this is still very possible) more people are resorting to social engineering techniques as a means of gaining access to an organizations' resources. Logical security is at a much greater risk of being compromised if physical security is weak and security awareness is low. Performing a social engineering test on an organization gives a good indication of the effectiveness of current physical security controls and the staff's level of security awareness. But once you have decided to perform a social engineering test, where do you start? How do you actually conduct a social engineering test? During my talk, I will discuss the practical aspects of a social engineering attack, providing plenty of war stories from my career as a social engineer.

Speaker Bio

After inventing the Internet alongside Al Gore, Sharon moved on to the development of security protocols that were used to crack 128 bit encryption. She did this with no more than an abacus, a ball point pen and a large pad of paper. Three times winner of the Nobel Prize, Sharon enjoys belly dancing and space travel. Not really. Sharon is a social engineer / penetration tester, currently working for the Attack & Penetration team at Ernst & Young in London. She holds a degree in Computer Science from Trinity College Dublin and a master's degree in Information Security from Westminster University London.

Top 5 Firewall Leaks

Attack techniques have evolved to where traditional packet filtering firewalls, proxies, and even intrusion prevention systems are dramatically less effective at securing a corporate network. The common flaw in most perimeters is that they are designed to thwart inbound session establishment, while being relatively permissive in what they pass towards the Internet. This presentation will discuss the top five traffic patterns that currently breach most network perimeters.

Speaker Bio

SANS Instructor, Chris Brenton is a private consultant with over ten years experience in the field. He is one of the founding members of the initial Honeynet Project, one of the original Internet Storm Center handlers, and started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Security track. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.

Insider Threat

Security is not new and organizations have been focusing significant effort to combat attackers that pose to do harm to their critical assets. Firewalls, intrusion detection systems, virtual private networks, just to name a few have been deployed as best practice across a company. While organizations have spent significant money on network security, the problem is that most of it has been to prevent, detect and deter the external threat. While the external threat can cause harm and needs to be addressed, the external threat can cause just as much harm and be devastating to an organization if not properly addressed. The key concern with the insider attacker is that they have access which gives them the means and methods to perform the attack. Therefore methods that have worked for the external attack will not work against the insider. This presentation will look at the insider in detail, address the problem and cover creative ways for dealing with and preventing a determined insider.

Speaker Bio

Dr. Eric Cole is an industry recognized security expert, with over 15 year's hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow. Dr. Cole is actively involved with The SANS Technology Institute (STI) and SANS actively working with students, teaching, maintaining and developing courseware.

Legal Aspects of Information and Network Security

What are the rights and duties of IT managers and in particular information security officers? How far can they go in monitoring the network behavior of the users? What kind of measures can they lawfully take in case of abuse or incidents? In which cases can they be held liable for incidents or for violations of legal provisions with regard to privacy protection, copyright infringements? This presentation will answer these questions and more.

Speaker Bio

With a law degree from K.U. Leuven, Jos Dumortier studied Information Science (INFODOC) at the Universite Libre de Bruxelles. From1984 and 1992, he was part-time lecturer in Information Science at the University of Antwerp, and went on to become a full-time Professor of Law and IT at K.U.Leuven. He is also the co-founder of the Interdisciplinary Centre for Law and Information Technology and was the Centre's first Director. He has published several books and articles on law and IT, and is the editor of the International Encyclopedia of Cyberlaw (Kluwer International Publishers). He also serves on the editorial boards of other specialized publications. Prof. Dumortier consults regularly as an expert for the Belgian federal government, the Flemish government, the European Commission and several national and international organizations on issues relating to Law and ICT.

Practical Automated Web Application Attack Techniques

Much security research has been released over the years discussing techniques for exploiting web applications. What there is a scarcity of is knowledge on how to use leverage these techniques in order to practically automate the detection and exploitation of web application vulnerabilities, allowing security professionals to easily test for the "low hanging fruit" and spend more time on manual testing for more difficult to identify issues.

This talk will discuss some common web application issues that can be automated, and will discuss several publicly available tools written for "Network Security Tools" and by the speaker, as well as other tools and approaches that can be used in automating web application attacks.

Speaker Bio

Justin Clarke is an information security consultant with over 9 years of security experience in network, web application, source code and wireless testing work for some of the largest organizations in the United States, the United Kingdom and New Zealand. He is the co-author of "Network Security Tools" by O'Reilly, and has spoken at several conferences on security topics, including Blackhat, EuSecWest, RSA, and OSCON.

Justin is active in developing security tools for penetrating web applications, servers, and wireless networks and as a compulsive tinkerer he can't leave anything alone without at least trying to see how it works. Justin got his Bachelor's degree in Computer Science from Canterbury University in New Zealand.