The Most Comprehensive DFIR Event of the Year: SANS DFIRCON! Save $200 thru 10/3.

San Antonio 2013

San Antonio, TX | Tue, Dec 3 - Sun, Dec 8, 2013
This event is over,
but there are more training opportunities.

Client Access is the Achilles' Heel of the Cloudâ¦

  • Bryce Galbraith
  • Thursday, December 5th, 8:15pm - 9:15pm

Representations of cloud infrastructures often reassure us of their robust security mechanisms by prominently displaying the familiar gold lock in the center of the cloud. While many cloud providers genuinely do strive to deliver confidentiality, integrity, and availability the vital question remains: "Is our data actually secure or not?"

The elephant in the room is that client access is the Achilles' heel of the cloud. This talk has been rejected by more than one cloud conference because they would usually rather not talk about these risks. The truth remains, our data is vulnerable virtually everywhere except the cloud (assuming it is actually secure there to begin with).

This talk will clearly illustrate the realities of cloud infrastructure risks for those people who desire to look beyond the cost-savings and operational benefits clouds can provide and truly protect their zeros and ones, wherever they end up.

Numerous demonstrations of hacker tools and techniques will show how attackers can access data even when the cloud infrastructure itself does not have any known vulnerabilities (e.g. sql-injection, XSS, session management flaws or other logic flaws) by simply bypassing most of the security controls we rely on when using cloud resources.

If you are serious about protecting your data, you will want to be keenly aware of these risks...

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, December 3
Session Speaker Time Type
General Session - Welcome to SANS Eric Conrad Tuesday, December 3rd, 8:15am - 8:45am Special Events
Real-World Risk -- What Incident Responders Can Leverage from IT Operations Eric Conrad Tuesday, December 3rd, 7:15pm - 9:15pm Keynote
Wednesday, December 4
Session Speaker Time Type
The 13 Absolute Truths of Security Keith Palmgren Wednesday, December 4th, 7:15pm - 8:15pm SANS@Night
The Security Impact of IPv6 Johannes Ullrich Wednesday, December 4th, 8:15pm - 9:15pm SANS@Night
Thursday, December 5
Session Speaker Time Type
GIAC Program Overview Johannes Ullrich Thursday, December 5th, 7:15pm - 8:15pm Special Events
SANS Technology Institute Open House Johannes Ullrich Thursday, December 5th, 7:15pm - 8:15pm Special Events
Client Access is the Achilles' Heel of the Cloud⦠Bryce Galbraith Thursday, December 5th, 8:15pm - 9:15pm SANS@Night
Friday, December 6
Session Speaker Time Type
Network Forensic and Visualization Techniques Steve Armstrong Friday, December 6th, 7:15pm - 8:15pm SANS@Night