Everything They Told Me About Security Was Wrong
- John Strand
If you were to believe the vendors and the trade shows, you would think everything was "OK" with IT security. You would think AV works. You would think "plug and play" IDS was effective. You would think that Data Loss Prevention would prevent data loss. Why, then, is it that very large organizations are still getting compromised? Organizations with very large budgets and staff still get compromised in advanced and persistent ways. Something is very wrong in this industry.
Let's find out what is wrong and how we can fix it.
In this presentation we will cover many of the common misconceptions about computer security. A few misconceptions we will destroy with harsh words and live demos are:
- AV will keep malware off my system
- Firewalls will keep the attackers out
- If my system is patched, I cannot be hacked
- Apple computers are far safer than Windows
- Linux is more secure than Windows
- My users are dumb
In this presentation we will have multiple live demonstrations including: hacking a Mac, and hacking a Linux system and bypassing AV. However, the most important thing about this presentation is that we will cover how we need to change our defensive mindset.
After all, if information security was easy it would not take six days to cover the essentials.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
|Everything They Told Me About Security Was Wrong||John Strand||SANS@Night|
|Ninja Assessments: Stealth Security Testing for Organizations||Kevin Johnson||SANS@Night|
|General Session - Welcome to SANS||Dr. Eric Cole||Monday, October 8th, 8:15am - 8:45am||Special Events|