Router Vulnerabilities and Backdoors: Can You Trust Your Vendor?
- Christoph Eckstein - Master's Degree Candidate
- Tuesday, April 14th, 7:15pm - 7:55pm
We often, especially in our private homes, rely on our internet router as the only perimeter defense and gatekeeper for our private networks. But how reliable are those routers in protecting our private networks and data? What are vendors doing to ensure and maintain the security of their routers? With the constant discovery of ever new vulnerabilities and backdoors in internet routers in the recent past, it is apparent that our private networks and data may be vulnerable to unauthorized remote access. This raises the question; can you trust your vendor to secure your private network and data? This presentation provides a theoretical research on reports of disclosed security vulnerabilities in routers in recent history. Furthermore, it takes a look at the vendorsā actions to remediate those issues. Additionally, this presentation will suggest some ideas to mitigate security vulnerabilities and the risk of unauthorized disclosure.
Speaker Bio: Christoph Eckstein works for Deutsche Bank as a Regulatory, Risk & Control Specialist in the Chief Information Security Office in Frankfurt, Germany. Prior to that, he worked as a security specialist for different consulting companies, focusing on web application penetration testing and security audits and assessments. His work experience is mainly concentrated on the airline and energy sector, and currently the financial sector. He is a candidate in the Master of Science Degree Program of SANS Technology Institute, and holds several GIAC Certifications.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, April 12
|Registration Welcome Reception||—||Sunday, April 12th, 5:00pm - 7:00pm||Reception|
Monday, April 13
|General Session - Welcome to SANS||Dr. Eric Cole||Monday, April 13th, 8:15am - 8:45am||Special Events|
|SANS Technology Institute Reception and Information Session||Bill Lockhart, Executive Director, SANS Technology Institute||Monday, April 13th, 5:30pm - 7:00pm||Special Events|
|Understanding the Offense to Build a Better Defense||Dr. Eric Cole||Monday, April 13th, 7:15pm - 9:15pm||Keynote|
Tuesday, April 14
|How to Become a SANS Instructor||Eric Conrad||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Fight Cyber Adversaries with Controlled Collaboration||Trevor Welsh, Cyber Engineering Architect||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Protecting the Things, Including the Ones You Already Have (and don't know about)||Tom Byrnes, CEO and Founder||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Advanced Threats Need Comprehensive Defense||Anubhav Arora, System Architect, R&D, General Dynamics Fidelis Cybersecurity||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Continuous Security Intelligence with the SANS Critical Security Controls||Justin Pennock, North America Sales Leader, EiQ Networks||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Expose the Underground: Prevent Advanced Persistent Threats||Mike Milholland, Network Security Engineer, Palo Alto Networks||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|The Power of Threat Intelligence in your Cybersecurity Program||Jason McEachin - Director, Sales Engineering, Lookingglass||Tuesday, April 14th, 12:30pm - 1:15pm||Lunch and Learn|
|Women in Technology Meet and Greet||—||Tuesday, April 14th, 5:30pm - 6:30pm||Reception|
|Online Training Pool Party||—||Tuesday, April 14th, 6:15pm - 7:15pm||Reception|
|Using an Open Source Threat Model for Prioritized Defense||James Tarala||Tuesday, April 14th, 7:15pm - 8:15pm||SANS@Night|
|The 13 Absolute Truths of Security||Keith Palmgren||Tuesday, April 14th, 7:15pm - 8:15pm||SANS@Night|
|Self-Education: Using the Pull Method for Security Awareness Training||Lance Spitzner||Tuesday, April 14th, 7:15pm - 8:15pm||SANS@Night|
|Cyber Leadership Reception||—||Tuesday, April 14th, 7:15pm - 8:15pm||Reception|
|Router Vulnerabilities and Backdoors: Can You Trust Your Vendor?||Christoph Eckstein - Master's Degree Candidate||Tuesday, April 14th, 7:15pm - 7:55pm||Master's Degree Presentation|
|Preparing for PowerShellmageddon - Investigating Windows Command Line Activity||Chad Tilbury||Tuesday, April 14th, 8:15pm - 9:15pm||SANS@Night|
|iOS Game Hacking: How I Ruled the Worl^Hd and Built Skills For AWESOME Mobile App Pen Tests||Josh Wright||Tuesday, April 14th, 8:15pm - 9:15pm||SANS@Night|
|Securing The Kids||Lance Spitzner||Tuesday, April 14th, 8:15pm - 9:15pm||SANS@Night|
|Using Sysmon to Enrich Security Onion's Host-Level Capabilities||Josh Brower - Master's Degree Candidate||Tuesday, April 14th, 8:15pm - 8:55pm||Master's Degree Presentation|
Wednesday, April 15
|Vendor Solutions Expo||—||Wednesday, April 15th, 12:00pm - 1:30pm||Vendor Event|
|Vendor Solutions Expo||—||Wednesday, April 15th, 5:30pm - 7:30pm||Vendor Event|
|Malware Analysis for Incident Responders: Getting Started||Lenny Zeltser||Wednesday, April 15th, 7:15pm - 9:15pm||SANS@Night|
|Gone In 60 Minutes||David Hoelzer||Wednesday, April 15th, 7:15pm - 8:15pm||SANS@Night|
|Windows Exploratory Surgery with Process Hacker||Jason Fossen||Wednesday, April 15th, 7:15pm - 8:45pm||SANS@Night|
|It's Time To Make a Case||Moses Hernandez||Wednesday, April 15th, 7:15pm - 8:15pm||SANS@Night|
|A 0-Budget Approach to the Containment of Malware Traffic for Small Organizations||Paul Ackerman - Master's Degree Candidate||Wednesday, April 15th, 7:15pm - 7:55pm||Master's Degree Presentation|
|GIAC Program Overview||Jeff Frisk||Wednesday, April 15th, 8:15pm - 9:15pm||Special Events|
|Enterprise PowerShell for Remote Security Assessment||James Tarala||Wednesday, April 15th, 8:15pm - 9:15pm||SANS@Night|
|Hacking Back, Active Defense and Internet Tough Guys||John Strand||Wednesday, April 15th, 8:15pm - 9:15pm||SANS@Night|
|Security Data Visualization||Balaji Balakrishnan - Master's Degree Candidate||Wednesday, April 15th, 8:15pm - 8:55pm||Master's Degree Presentation|
Thursday, April 16
|Tackling Application Security Challenges Through Progressive Scanning||Tom Cline, Technical Account Manager||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Rapid Visibility and Compliance with CloudPassage Halo||Ryan Thomas, Director of Product & Chad Gasaway, Sr. Sales Engineer||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Reverse Engineering Emails for Threat Indicators||Ronnie Takazowski, Senior Research Engineer, PhishMe||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Anatomy of An Attack - It Takes an Expert to Stop Attackers||Stephen Coty, Chief Security Evangelist, Alert Logic||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Bit9 Connect IR Partner Enablement||James Darby, Director of IR/MSSP Operations||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Prevent - Detect - Respond||Justin Kallhoff, Founder, Infogressive||Thursday, April 16th, 12:30pm - 1:15pm||Lunch and Learn|
|Debunking the Complex Password Myth||Keith Palmgren||Thursday, April 16th, 7:15pm - 8:15pm||SANS@Night|
|The Law of Offensive Countermeasures, Active Defense or Whatever You Wanna Call It||Benjamin Wright||Thursday, April 16th, 7:15pm - 8:15pm||SANS@Night|
|Raising the Bar with Security Skills Assessment and Training||Paul Hershberger - Master's Degree Candidate||Thursday, April 16th, 7:15pm - 7:55pm||Master's Degree Presentation|
|Let's Face It, You Are Probably Compromised. What Next?||Joff Thyer||Thursday, April 16th, 8:15pm - 9:15pm||SANS@Night|
|Defense Needed, Superbees Wanted||Malik Mesellem||Thursday, April 16th, 8:15pm - 9:15pm||SANS@Night|