Pat Cain – How Many VPNs are Too Many? (also known as Vendor Management Done Too
Good)
BC has segregated its users into different VPNs based on their needs. The presentation will try to rationalize the thinking behind this effort and identify the issues that are causing us to rethink the implementation. One of the drivers was to better control our vendors since vendors have been identified by Home Depot, Michael’s, and Target as a risk. But if you squint *everybody* looks like a vendor.
Nick Lewis – Internet2 NET+ and Security and identity Portfolio
This session will provide an overview of the NET+ Program and new Security and Identity Portfolio. An overview of the current state where security and identity are included in the NET+ program will be presented. A high level overview of the portfolio plan for 2015-2016 including opportunity for community discussion of needs and gaps in the portfolio will be presented. In addition to the presentation, there will be time for questions, comments, and discussion with the audience to help shape the direction of the NET+ Security and Identity portfolio.
Dmitri Pal – Integrating Linux Systems with Active Directory
To connect a Linux system to Active Directory one needs to consider different factors: how the authentication is conducted, where the identities are stored, what is the DNS configuration and many others. Depending on the requirements and use cases one has to determine which technologies are best for connecting a Linux system to Active Directory environment. The session will give and overview of the possible approaches and compare them to each other outlining best practices and recommendations.
James Smith – The Benefits in Externalizing DMZ-as-a-Service in the Cloud
Organizations often place critical web infrastructure in the DMZ which means that attackers able to enter the DMZ can inflict damage to those web systems. When a web application is attacked, all DMZ layers frequently fail along with the local network. A more effective approach is to extend the web DMZ into the Cloud.
This session will explore existing problems with current WAF implementations (including examples of current exploitations) as well as what is currently being done to address these problems: More importantly, this session will review how newer cloud-based architectures will replace the WAF as a more effective and efficient security fabric. These sorts of cloud-based platforms are only now made possible through a combination of service providers such as AWS/Azure/IBM and newer cloud-centric DMZ architectures which leverage the cloud service provider as the point-of-presence for an organization’s Enterprise DMZ
Nick Levay – Information Security as Counterintelligence
Understanding an information security program’s maturity level and building a framework upon which you can benchmark progress is a challenge for all practitioners. This talk describes how to judge your current capabilities, juxtaposed with examples of countering state-sponsored cyber espionage operations that target the think-tank community.
Doug Pearson – REN-ISAC: Information Sharing for Protection and Response
REN-ISAC is a trust community formed among IT security professionals representing higher education and research institutions for the purpose of sharing operationally actionable information for security protection and response. 440 member institutions are represented by 1300 persons.
Additionally, REN-ISAC serves as a CSIRT (computer security incident response team) for all of .EDU regardless of membership, and as R&E’s trusted partner in commercial, governmental, and private security information sharing relationships.
Doug will talk about what the REN-ISAC is and does, the benefits of membership, about exciting plans to broaden the service of REN-ISAC to its member institutions, and will touch on technical means and results of threat indicator sharing for protection and incident analysis.
Melissa Muth – Using DNS to Protect Clients from Malicious Domains
Protecting against security threats is especially difficult on large University networks without centralized network security controls.
Antivirus software and patching aren’t enough to protect clients from zero-day threats, polymorphic malware, and malicious third-party ads hosted on otherwise legitimate websites. A DNS sinkhole is a lightweight method that the University of Pennsylvania is using to protect against these threats, leading to a 97% reduction in compromises. This talk will describe the architecture and lessons learned when going from pilot to production.