Public TechBurst Schedule
|2013-10-28||Web Application Security By Example; Frank Kim, SANS|
|2012-05-18||Bro-IDS Workshop; Seth Hall, International Computer Science Institute|
|2011-10-27||Eduroam in the US; Philippe Hanset, University of Tennessee, Knoxville and Eduroam US|
|2008-10-30||DNSSEC -- Living and Loving Life after Kaminsky; Or: How I overcame my fear and signed my zones; Alan Clegg, Internet Systems Consortium, Inc. (ISC)|
Web Application Security By Example
Organizations today rely on critical software systems to conduct business. It's these systems, however, that are often at the root of many headlines about data breaches and corporate hacks. Despite maturing software development processes and increasing deployment of software security tools, organizations often do not focus on the most effective practices for securing critical applications. Common attacks are often caused by simple mistakes that occur while software is being developed and deployed. By educating everyone involved in the software development process, including developers, architects, managers, testers, business owners and partners, you reduce the chances that your organization will become a victim of today's data security threats and ensure they can properly build defensible applications from the start.
Join Frank Kim, SANS Application Security Curriculum Lead, and learn how organizations can use the SANS Securing the Human - Developer to train developers how to avoid common mistakes and create more secure applications. See first-hand examples of common application security flaws that can be addressed through developer security awareness training and understand why application security should be part of every organizations' security program.
May 18, 2012
Getting started with Bro, sizing your Bro cluster
Eduroam in the US
October 27, 2011
Providing visitor access to academic wireless networks can be a daunting task. Very few solutions present a good mix between security and convenience, and can also be time consuming for users and support staff. If an institution has or plan to have an 802.1x infrastructure, adding eduroam to it will provide many benefits including instant access, encryption, and mutual authentication for visitors from other institutions. Reciprocally these benefits will be available to the members of the institution when traveling in the country or abroad. eduroam has more than 2000 institutions worlwide. In the US, we had two members in 2009, twelve in 2010, and more than fifty now!
After a career in mathematical and theoretical biology, Hanset progressively shifted is interest to computer networks. In 2001, Hanset designed and implemented for University of Tennessee the largest Wi-Fi network in academia. An important part of designing Wireless Networks resided in the access control mechanisms which led Hanset to explore authentication and authorization systems like eduroam. He has been experimenting and spearheading the eduroam effort in the US since 2005. Hanset is Constituent Group leader for Wireless-LAN@Educause, and member of the Customer Advisory Board of Aruba Networks. Hanset holds a master in Zoology from "Université Libre de Bruxelles" and a master in Computer Science from University of Tennessee, Knoxville.
DNSSEC -- Living and Loving Life after Kaminsky;
October 30, 2008
With the fear and uncertainty caused by Dan Kaminsky's new attack vector against DNS, the subsequently mandated deployment of DNSSEC into the .gov namespace, and the political debate surrounding the signing of the root zone, the race is on to secure DNS. This talk will explain the recent events that lead up to the government mandate and will help the system administrator and their managers to understand the next steps towards deploying a safe end-to-end DNS infrastructure. The talk will provide an overview of DNSSEC, its interoperability with existing DNS, and will outline the steps required to begin testing and deployment of DNSSEC. Examples of configuration and deployment of DNSSEC will be given using ISC's BIND.
Alan Clegg is a Support Engineer for Internet Systems Consortium. In this position, Alan provides training and support for BIND and ISC DHCP.
Alan has over 20 years providing support and management of Internet facing systems, and as a Dale Carnegie trained public speaker, he has provided tailored learning experiences to corporations (Banc One, Jefferson Pilot Communications), at conventions and meetings (BSDcon, InfraGard, HTCIA), and as part of his job with Berkeley Software Design.
During the NSF funded rollout of Internet access to higher education, Alan assisted in the deployment of "high speed" (56k!) network access to all 2 and 4 year degree granting, publicly funded colleges and universities in North Carolina. Later, as a member of the technical staff of Berkeley Software Design, he provided training and support for the BSD/OS and FreeBSD operating systems. More recently, Alan was a member of the senior engineering team at Hosted Solutions, a data center solutions provider with multiple data centers in North Carolina and Massachusetts.
Alan is involved with InfraGard, a public/private partnership between the Federal Bureau of Investigation and providers of infrastructure in the United States, and has previously served on the board of directors for the Eastern Carolina Chapter.
Serving as a volunteer firefighter for over 18 years, Alan became an American Red Cross Disaster Services volunteer following hurricane Katrina. He is also a trainer for the FEMA Community Emergency Response Team, specializing in CERT response to acts of terrorism.