Ofir Arkin - "Next Generation Infrastructure Discovery"
An enterprise IT infrastructure is a complex and a dynamic environment that is generally described as a black hole by its IT managers. The knowledge about an enterprise network's layout (topology), resources (availability and usage), elements residing on the network (devices, applications, their properties and the interdependencies among them) as well as the ability to maintain this knowledge up-to-date, are all of critical importance for managing and securing IT assets and resources.
The inability to "know" the network directly results with the inability to manage and secure the network in an appropriate manner. This is since it is impossible to manage or to defend something, or against something, its existence is unknown or that only partial information about it exists.
The first part of the talk examines the current available network discovery technologies, active network discovery and passive network discovery, and explains their strengths and weaknesses. The talk highlights technological barriers, which cannot be overcome, with open source and commercial applications using these technologies.
The second part of the talk presents a new technology for network discovery, which provides real-time infrastructure discovery, monitoring and auditing information of IT networks.
|
Ofir Arkin is the CTO and Co-founder of Insightix, which pioneers the
next generation of IT infrastructure discovery, monitoring and auditing systems for enterprise networks.
Ofir holds 10 years of experience in data security research and management.
Prior to founding Insightix, Ofir had served as a CISO of a leading Israeli
international telephone carrier. In addition, he had consulted and worked for multinational companies in the financial,
pharmaceutical and telecommunication sectors.
Ofir conducts cutting edge research in the information security field and has published several research papers,
advisories and articles in the fields of information warfare, VoIP security, and network discovery,
and lectured in a number of computer security conferences about the research.
The most known papers he had published are: "ICMP Usage in
Scanning", "Security Risk Factors with IP Telephony based Networks", "Trace-Back",
"Etherleak: Ethernet frame padding information leakage", etc.
He is a co-author of the remote active operating system fingerprinting tool Xprobe2.
Ofir is the chair of the Security Research committee at VoIPSA (www.voipsa.org),
and also serves as a member of the organization's board of directors.
Ofir is an active member with the Honeynet project and he co-authored the
team's books, "Know Your Enemy" published by Addison-Wesley.
|
John Van Boxtel - "Securing your Oracle Application Environment"
Many companies are either in the process of deploying, or are looking at
Oracle's Middleware offerings, especially with the merger with Peoplesoft.
Deploying any web application securely takes time and implementing
something as complex as the Oracle Middleware offerings takes not only a
need to understand how to secure individual pieces, but also how they
interact with one another.
In this talk, you will learn what are the most common pieces involved in
an Oracle Application Environment and how to secure them. It will go
over basic operating system hardening, network and firewall best
practices, and then specifics to the Oracle Applications. Time will be
spent showing how to create a checklist for implementation and policy
control. Additionally, if time permits examples of practical attacks
and their impact on services may be shown.
|
John has extensive experience gained from over 8 years of work in Unix
and Novell Environments. He is currently working for Portland School
District as their Oracle System Administrator and part time technical
lead for their Oracle Portal initiative. Before working for the school
district John had run his own professional services company specializing
in providing consulting to medium sized businesses.
He has an extensive background in System Administration on nearly
all-common Unix platforms and has specialized in the deployment and
security automation. Over the past few years, John has been spending
an increasing amount of time helping companies to secure their web
applications and Unix based infrastructures.
In addition to his consulting on security, John has been involved in
managing, developing, testing and implementing web applications
delivered with an assorted collection of Application Server technologies
including PHP, Java, Oracle App Server, Resin, Tomcat, WebWare, and
traditional Apache. Database technologies used included Postgres SQL,
MySQL, and Oracle 9i and 10g.
|
Matt Conover - "Profiling Rootkits and Malware through Executive Objects"
This talk will focus on a new method to profile user-mode and kernel-mode activity
by hooking executive objects in the Windows kernel.
It is a nice alternative to traditional API hooking and can be used to detect all current rootkits.
Virtually all important operations in Windows are associated with an executive object--be it drivers,
devices, files, sockets, registry keys, etc. By hooking these objects,
we can observe the behavior of the kernel or user-mode application at a very low level,
making it far more difficult for malware/rootkits to hide.
|
Matt Conover has been a member of the IDS Security Response team at Symantec for the last two years,
where he researches the latest vulnerabilities and analyzes worms.
He has also recently published his research on heap exploitation techniques
in XP SP2 and rootkit detection on Windows. When he is not working,
he is also studying computer science and math at UC Santa Cruz.
|
|
