Everything They Told Me About Security Was Wrong
- John Strand
- Thursday, September 20th, 8:15pm - 9:15pm
If you were to believe the vendors and the trade shows, you would think everything was "OK" with IT security. You would think AV works. You would think "plug and play" IDS was effective. You would think that Data Loss Prevention would prevent data loss. Why, then, is it that very large organizations are still getting compromised? Organizations with very large budgets and staff still get compromised in advanced and persistent ways. Something is very wrong in this industry.
Let's find out what is wrong and how we can fix it.
In this presentation we will cover many of the common misconceptions about computer security. A few misconceptions we will destroy with harsh words and live demos are:
- AV will keep malware off my system
- Firewalls will keep the attackers out
- If my system is patched, I cannot be hacked
- Apple computers are far safer than Windows
- Linux is more secure than Windows
- My users are dumb
In this presentation we will have multiple live demonstrations including: hacking a Mac, and hacking a Linux system and bypassing AV. However, the most important thing about this presentation is that we will cover how we need to change our defensive mindset.
After all, if information security was easy it would not take six days to cover the essentials.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
|General Session - Welcome to SANS||Dr. Eric Cole||Monday, September 17th, 8:15am - 8:45am||Special Events|
|Forescout||—||Monday, September 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Infogressive/Fortinet||—||Monday, September 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Fidelis Security Systems, Inc.||—||Monday, September 17th, 12:30pm - 1:15pm||Lunch and Learn|
|Tenable Network Security||—||Monday, September 17th, 12:30pm - 1:15pm||Lunch and Learn|
|The SANS360: The Security Crystal Ball||Rob Lee, Moderator||Monday, September 17th, 7:15pm - 8:30pm||Special Events|
|GIAC Program Overview||Jeff Frisk, GIAC Director||Monday, September 17th, 8:30pm - 9:30pm||Special Events|
|Vendor Sponsored Lunch Session||—||Tuesday, September 18th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Expo||—||Tuesday, September 18th, 12:00pm - 1:30pm
Tuesday, September 18th, 5:00pm - 7:00pm
|Vendor Welcome Reception||—||Tuesday, September 18th, 5:00pm - 7:00pm||Vendor Event|
|Please Keep Your Brain Juice Off My Enigma: A True Story||Ed Skoudis & Josh Wright||Tuesday, September 18th, 6:45pm - 7:45pm||SANS@Night|
|New Legal Methods for Collecting and Authenticating Cyber Investigation Evidence||Ben Wright||Tuesday, September 18th, 7:15pm - 8:15pm||SANS@Night|
|Securing The Kids||Lance Spitzner||Tuesday, September 18th, 7:15pm - 8:15pm||SANS@Night|
|Evolving Threats||Paul Henry||Tuesday, September 18th, 8:15pm - 9:15pm||SANS@Night|
|Securing The Human||Lance Spitzner||Tuesday, September 18th, 8:15pm - 9:15pm||SANS@Night|
|Gone in 60 Minutes||David Hoelzer||Tuesday, September 18th, 8:15pm - 9:15pm||SANS@Night|
|PhishMe||—||Wednesday, September 19th, 12:30pm - 1:15pm||Lunch and Learn|
|Open Mic Night||Untrusted Input||Wednesday, September 19th, 7:00pm - 11:00pm||Special Events|
|Intrusion Detection is Dead||Dr. Johannes Ullrich||Wednesday, September 19th, 7:15pm - 8:15pm||SANS@Night|
|Malware Analysis Essentials using REMnux||Lenny Zeltser||Wednesday, September 19th, 7:15pm - 8:15pm||SANS@Night|
|SANS Technology Institute Master's Presentation||Aron Warren||Wednesday, September 19th, 7:15pm - 7:55pm||Special Events|
|What's New in Windows 8 and Server 2012?||Jason Fossen||Wednesday, September 19th, 8:15pm - 9:15pm||SANS@Night|
|Netwars Competition at SANS Network Security 2012||Ed Skoudis||Thursday, September 20th, 6:30pm - 9:30pm||Special Events|
|SANS Technology Institute Open House||Dr. Ray Davidson, Professor of Practice||Thursday, September 20th, 7:15pm - 8:15pm||Special Events|
|Linux Forensics for Non-Linux Folks||Hal Pomeranz||Thursday, September 20th, 7:15pm - 8:15pm||SANS@Night|
|Windows Exploratory Surgery with Process Hacker||Jason Fossen||Thursday, September 20th, 7:15pm - 8:45pm||SANS@Night|
|Everything They Told Me About Security Was Wrong||John Strand||Thursday, September 20th, 8:15pm - 9:15pm||SANS@Night|
|Ninja Assessments: Stealth Security Testing for Organizations||Kevin Johnson||Thursday, September 20th, 8:15pm - 9:15pm||SANS@Night|
|Netwars Competition at SANS Network Security 2012||Ed Skoudis||Friday, September 21st, 6:30pm - 9:30pm||Special Events|
|Practice - Practice - Practice||Neal Bridges||Friday, September 21st, 7:15pm - 8:15pm||SANS@Night|