Adding Rich Access Control and Audit Logging to Windows Applications
- Andy Milford and Andy Hopper
- Wednesday, September 21st, 12:30pm - 1:15pm
Do you have an application that is managing potentially sensitive information? Oftentimes, merely granting a user access to an application is not enough: you may also need the ability to set permissions on individual objects as well as track when people access those items. This talk will cover how applications that target the Windows platform can incorporate the ability to manage highly granular access control and automate audit logging by using the security subsystems in the Windows operating system. Topics covered include discretionary access control lists, system access control lists, the Windows audit log and the Windows Authorization APIs.
Andy Milford -Product Manager, Log Management, Ipswitch Network Management Division Andy Milford joined Ipswitch in 2009 after the log management company he founded, Dorian Software Creations, Inc was acquired by Ipswitch. He holds a patent relating to log management, and the U.S. Army recently awarded the Certificate of Networthiness to the flagship utility he created, WhatsUp Event Archiver.
Andy Hopper-Senior Software Architect, Ipswitch, Inc. Andy is a Senior Software Architect in Ipswitch's Alpharetta office working on the infrastructure of the Log Management and WhatsUp Gold product lines.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
Monday, September 19
|The Dark Side of Social Networks: Malware & Fraud||Dr. Paul Judge, Chief Research Officer||Monday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|Spear Phishing: The truth behind Night Dragon, Aurora, and APT||Rohyt Belani, CEO, PhishMe Inc.||Monday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|Unified Security Monitoring||Serge Nadon, Sales Engineer||Monday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|Eyes on the Prize: Protecting Your Valuable Assets||Shawn Munoz, Senior Sales Engineer, ArcSight - an HP Company||Monday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|There Has To Be a Better Way.||Will Irace, Director of Research & Services||Monday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|How to Become a SANS Instructor||Eric Conrad||Monday, September 19th, 12:30pm - 1:15pm||Special Events|
Tuesday, September 20
|Vendor Expo||—||Tuesday, September 20th, 12:00pm - 1:30pm
Tuesday, September 20th, 5:00pm - 7:00pm
|Vendor Sponsored Lunch Session||—||Tuesday, September 20th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Welcom Reception||—||Tuesday, September 20th, 5:00pm||Vendor Event|
|Book Signing - SANS Published Authors||—||Tuesday, September 20th, 6:00pm - 6:30pm||Vendor Event|
|Securing The Kids||Lance Spitzner||Tuesday, September 20th, 7:15pm - 8:15pm||SANS@Night|
|Securing The Human||Lance Spitzner||Tuesday, September 20th, 8:15pm - 9:15pm||SANS@Night|
Wednesday, September 21
|Building Trusted Clouds||Ravi Kumar, Group Manager||Wednesday, September 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Efficient Vulnerability Management with Penetration Testing||Alex Horan, Project Manager||Wednesday, September 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Building an APT Protection Plan||Joshua McCarthy, Systems Consulting Engineer||Wednesday, September 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Adding Rich Access Control and Audit Logging to Windows Applications||Andy Milford and Andy Hopper||Wednesday, September 21st, 12:30pm - 1:15pm||Lunch and Learn|
|Network Security Evolved: Enabling DNSSEC||Johannes Ullrich, Ph.D.||Wednesday, September 21st, 6:15pm - 7:15pm||SANS@Night|
|Windows Exploratory Surgery with Process Hacker||Jason Fossen||Wednesday, September 21st, 8:15pm - 9:15pm||SANS@Night|
Thursday, September 22
|GIAC Program Overview||Jeff Frisk||Thursday, September 22nd, 6:00pm - 7:00pm||Special Events|
|Big Brother Forensics: You Can Run but You Can't Hide!||Chad Tilbury||Thursday, September 22nd, 6:15pm - 8:45pm||SANS@Night|
|NetWars||—||Thursday, September 22nd, 6:30pm - 9:30pm||Special Events|
|SANS Technology Institute Brief||Stephen Northcutt||Thursday, September 22nd, 7:00pm - 7:45pm||Special Events|
|Emerging Trends in the Law of Information Security and Investigations||Ben Wright||Thursday, September 22nd, 7:15pm - 8:15pm||SANS@Night|
|How to Steal a Million: Exploitation in a Web-connected World||Kevin Johnson||Thursday, September 22nd, 8:15pm - 9:15pm||SANS@Night|
Friday, September 23
|NetWars||—||Friday, September 23rd, 6:30pm - 9:30pm||Special Events|
|Iron Fan III||—||Friday, September 23rd, 7:00pm||Special Events|
|Who is Watching the Watchers?||Mike Poor||Friday, September 23rd, 7:15pm - 8:15pm||SANS@Night|
|Pentesting Web Apps with Python||Justin Searle||Friday, September 23rd, 7:15pm - 8:15pm||SANS@Night|