Fifteen Minute Forensics
David Bowie (Boston College)
This talk centers on the need for security staff to quickly assess a computer, or set of computers, to establish a technical response to an incident. We will discuss options, tools, and methodologies available to quickly and efficiently boil the symptoms down to a manageable and understandable problem.
What You Need Before Giving Data To the Cops (or Anyone Else) and Other Legal Pitfalls
John A. Grossman (Massachusetts Attorney General’s Office)
This talk will focus on the laws that you as a system administrator must comply with when sharing data from your network with the government or each other.
REN-ISAC Activities Overview, and Distributed Darknet Information Sharing
Doug Pearson (REN-ISAC), Christopher Misra (University of Massachusetts Amherst)
This presentation is composed of two parts.
(1) [Doug Pearson] The REN-ISAC supports the higher education and research communities by providing network security information collection, analysis, dissemination, early warning, and response, specifically designed to support the unique environment and needs of organizations connected to served higher education and research networks; and supports efforts to protect national cyber infrastructure by participating in the formal U.S. ISAC structure. In this presentation I’ll give an overview of REN-ISAC activities and information products, including detailed focus on our darknet tool, the Abilene Arbor Peakflow SP tool, and a proposed implementation of a centralized honeyfarm watching distributed .edu address space.
(2) [Doug Pearson and Chris Misra] REN-ISAC is piloting a distributed darknet collection with centralized reporting system. Participants, running darknet collectors at their institutions, send extracts of non-local source observations to the REN-ISAC for centralized collection, packaging, and redistribution to security contacts at the source institutions. We’ll discuss both the specifics of the pilot and matters of distributed data sharing and policy. Discussion will help to refine the REN-ISAC project, leading up to a production deployment.
Slides from Doug Pearson’s presentation
Slides from Chris Misra’s presentation
Surplus Computer Hardware – Forgotten but not Gone
Scott Conti (University of Massachusetts Amherst)
The proper disposition of surplus computer hardware is often one of the forgotten components of a comprehensive data security program. “Stairwell Disposal” is a common problem in many organizations. This talk will briefly summarize some of the problems and solutions we have come up with at Umass-Amherst to address the issue and will also provide some interesting information about the electronic equipment recycling and raw material recovery industry.
Slides are not available from this presentation.
Computer Intrusion and Cyber Crime Investigations
James Burrell (Federal Bureau of Investigation)
This session will provide an overview of criminal and terrorist exploitation of technology, investigative and forensic response, technical and investigative challenges, and investigative coordination between academic institutions and law enforcement. The recent trends and results of the FBI Computer Crime Survey will be discussed. This session will also include recent FBI investigative case presentations.
Slides are not available from this presentation.
Searching for confidential data with Spider
Wyman Miles (Cornell University)
Spider is a tool we use to search machines for confidential data that lends itself to regular expression matches, certain file types, etc. Spider’s centralized logging permits department-wide audits. Currently, spider runs from a bootable Linux CD but the is a Cornell project in the works to run it from network bootable images. It has been used to audit Windows and UNIX systems as part of forensics efforts and as part of a regular program to control data leakage onto desktops.
Securing VoIP
Gary S. Miliefsky, CISSP (NetClarity)
“What are the steps in having a secure, Voice over IP telephony network? What does an enterprise need to be aware of before rolling out a converged network? How can an enterprise protect itself against the growing number of vulnerabilities that may attack the VoIP infrastructure?”