SANS Institute

SANS @Night

Registration Reception

Caesars Palace ~ Promenade Level
Saturday, September 22 ~ 5:00pm-7:00pm

Register early and get your photo taken with a "Vegas Show Girl"

Virtual Patching for Web Applications with ModSecurity

Speaker: Ryan C. Barnett
Sunday, September 23
6pm - 7pm

Fixing identified vulnerabilities in web application always requires time. Organizations often do not have access to a commercial application's source code and are at the vendor's mercy while waiting for a patch. Even if they have access to the code, implementing a patch in development takes time. This leaves a window of opportunity for the attacker to exploit. Virtual patching (also called "just-in-time patching" and "external patching") is one of the biggest advantages of web application firewalls as they can fix this problem externally. A fix for a specific vulnerability is usually very easy to design and in most cases it can be done in less than 15 minutes. This presentation will outline exactly when and where Virtual Patching is appropriate, the proper steps for their creation and testing. Several examples will also be discussed.

Geekonomics: The Real Cost of Insecure Software

Speaker: David Rice
Tuesday, September 25
6pm - 7pm

Software is becoming the foundation of civilization; yet few, if any industries composing national infrastructures enjoy such little oversight as software production. Despite general agreement on inadequate software development practices and the enormous cost born by individuals and organizations for protecting their systems from exploitation, the software industry enjoys remarkable insulation from liability and regulation. This is a dangerous proposition for national infrastructures. David Rice illuminates the economic impacts of poor quality software and compares regulatory standards among various industries as he challenges software purchasers to demand better quality software so that governments, faced with a popular uprising, will refuse to remain silent on the issue.

Future Trends in Network Security

Speaker: Eric Cole
Tuesday, September 25
7pm - 8pm

Malicious code and other attacks are increasing in intensity and the damage that they cause. With little time to react, organizations have to become more proactive in their security stance. Reactive security will no longer work. Therefore organizations need to better understand what the future trends, risks and threats are so that they can be better prepared to make their organizations as secure as possible. Eric's in-depth cross-industry experience allows him to give relevant examples in every module and for any audience. This course, with Eric at the helm, is an excellent introduction to security issues for IT managers and administrators alike.
- Lowell Williams, Purdue University

I can hear you now: Eavesdropping on Bluetooth Headsets

Speaker: Joshua Wright
Senior Security Researcher, Aruba Networks
Wednesday, September 26
6:00pm-7:00pm

In 2006, the Bluetooth special interest group announced that over one billion Bluetooth devices had been shipped. Walking down any city street, it's obvious what the majority of the population are using Bluetooth technology for: wireless headsets. As many states pass mandatory hands-free laws for talking on the phone while driving, many users are turning to Bluetooth technology for their communication needs.

In this presentation, Joshua Wright will speak about the risks of such technology, and how it can expose organizations to unauthorized information disclosure threats. Wright will also demonstrate an attack against a popular Bluetooth headset where readily available hardware and software can be used to discover a device in non-discoverable mode, injecting and recording arbitrary audio between the attacker and the victim.

Virtual Machine Security Issues: The Road to VM Escape

Speaker: Ed Skoudis and Tom Liston
Wednesday, September 26
7pm - 9pm

Virtual machine environments, like VMware, Microsoft Virtual Server, Parallels, and Xen, are very hot as numerous organizations are conducting virtual server and even virtual machine consolidation projects. With most virtual machines, the GUI makes it look like one guest is separate from another guest and the host itself, so many users and admins assume they must be isolated. But, just because it looks secure and separate, doesnat mean that it is. Over the past two years, Intelguardians has conducted detailed research into the underlying security of VMs, searching for the elusive VM escape, which would allow an attacker inside a guest to wield special magic to start executing code on the host itself. This session will discuss our up-to-date findings and methods for securing your own virtual machines to lower the chance of escape.

Protecting Software with AppArmor

Speaker: Crispin Cowan, PhD, Director of Software Engineering, SUSE
Thursday, September 27
7pm - 8pm

A secure application should do what it is supposed to do, and nothing else. It is the surprising "something else" behaviors in software that become vulnerabilities that attackers exploit to compromise systems. AppArmor is a security system that confines applications to do only what they are supposed to do, including facilities to easily generate security policies for applications. AppArmor is GPL software, a standard feature of SUSE and Ubuntu Linux, and ports are available for Gentoo, Slackware, and Red Hat Linux.

Security is the business of saying "no" sometimes, and therefore always imposes a degree of inconvenience. With perfection comes security and convenience as software "just works" and only does correct things, but there is a supply problem with perfect software :) AppArmor approximates correctness by describing roughly what the application should be permitted to do, and asks you questions about how you want your security profiles to behave. You can turn the knob either way; towards very tight security policy that is more secure, or towards looser security policy that may relax security to provide more convenience.

Crispin Cowan has been in the computer business for 25 years, and security for 10 years. He was the CTO and founder of Immunix, Inc., acquired by Novell in 2005. Dr. Cowan is now the Security Architect for SUSE Linux, and applications that Novell offers for Linux. Dr. Cowan developed several host security technologies under DARPA funding, including prominent technologies like the StackGuard compiler defense against buffer overflows, and the LSM (Linux Security Modules) interface in Linux 2.6. Dr. Cowan also co-invented the "time-to-patch" method of assessing when it is safe to apply a security patch. Prior to founding Immunix, he was a professor with the Oregon Graduate Institute. He is the program co-chair for the 2007 and 2008 Network and Distributed System Security conferences. He holds a Ph.D. from the University of Western Ontario and a Masters of Mathematics from the University of Waterloo.

Birds of a Feather (BoFs)

Application Security and Developer: Birds of a Feather
Lead: Mason Brown
Date: Tuesday, September 25
Time: 5pm - 6pm
Room: Roman III

Several initiatives are underway to improve secure programming skills and knowledge. However we are still doomed to deal with endless streams of software vulnerabilities unless programmers learn to write much more secure code. Join us for this important BoF event to discuss issues and create solutions as we host an open discussion on the hottest issues facing the application security and developer market.

DoD and DoD Contractor: Birds of Feather
Lead: Eric Bassel
Date: Tuesday, September 25
Time: 5pm - 6pm
Room: Roman III

As you know, the Department of Defense Directive 8570 mandates that 100% of the individuals in IA billets be certified by 2010 with a minimum of 40% being trained by the end of FY08. Join us to discuss how to best to train your people and meet the requirements of this directive.

Financial Contractor: Birds of Feather
Lead: Brian Correia
Date: Tuesday, September 25
Time: 5pm - 6pm
Room: Roman III

Join your peers as we host an open discussion on the biggest and hottest issues facing the financial industry today. Some of the items up for discussion include the obstacles and successes stories within your organization, how can we better reach out to the product developers, and how can SANS better service IA professionals in the financial industry.

Health Care Industry: Birds of Feather
Lead: Daryl Gilbertson
Date: Tuesday, September 25
Time: 5pm - 6pm
Room: Roman III

As you know, the Health Care Industry is under increasing pressure to guard and protect patient information, and not just to meet HIPPA regulations. Financial and Physical health is at stake. Join us for this important BoF event to discuss issues and create solutions.

SANS Work Study Program: Birds of a Feather
Lead: Sunny Werner, Work Study Program Manager
Date: Tuesday, September 25
Time: 8pm-9pm

Are you curious about the Work Study program? Just what do all those folks with red aprons do? They've found that being a facilitator can be a great way to experience SANS training and receive their certification attempt at a reduced cost! Talk to experienced facilitators, the Work Study Program Manager and other interested folks and see how you can participate.