ISSA Milwaukee June Meeting

June 15, 2011 By

Yesterday afternoon I attended the June 2011 general meeting of the Milwaukee Chapter of the ISSA. The meeting was held at the New Berlin Ale House and was well attended by approximately 30-35 people.

The guest speaker for the meeting was Robert Clark, Eastern US Channel Manager for TriGeo Network Security, and the topic was, “What Can a SIEM do for You?” “SIEM,” of course, stands for “Security Information & Event Management.” Mr. Clark’s talk was relatively quick and not very technical, but he did bring up some useful questions to ask your SIEM vendor, including:

  • What does the solution have to offer out of the box and does it require several modules to meet your requirements?
  • Are there any ongoing professional services and what are the costs?
  • Will you need to provide the hardware?
  • Is the data evaluated in real-time or is it primarily a forensics solution?
  • Does the correlation engine process events in memory or query the database?
  • How intuitive is the interface? Can you easily build or customize rules, filters, etc.?
  • How long is the implementation process and does it require on-site technicians?

Two of the attendees explained how they evaluated SIEM solutions. Their advice was to commit to developing an in-house expert; otherwise professional service fees will eat your budget and you’ll never get a proper ROI on a SIEM solution. One person suggested this might be a valid reason for some organizations to consider a Managed Security Services (MSS) solution.

One attendee also suggested following Anton Chuvakin’s Blog, as he frequently blogs about SIEM.

In all, it was another successful ISSA Milwaukee chapter meeting and a great opportunity to network with other information security professionals in the area.

Filed Under: Uncategorized Tagged With: , , ,

Lock Found, Lock Picked

June 5, 2011 By

Today while driving, I spotted a large Master Lock laying in the middle of the road. I stopped and picked it up. It appeared to be a locked Master Lock No. 5DLFPF. I took it home and picked it within three minutes! Thinking I was all bad and stuff, I did a little research to find out it is only a 4-pin lock and very easy to open using shims. Still, it was fun to find a lock and be able to pick it so quickly. I guess my practicing since learning to pick at DEFCON 18 has paid off.

Filed Under: Uncategorized Tagged With:

OWASP Chicago Meeting

June 3, 2011 By

Yesterday afternoon I drove from Milwaukee to Chicago for my first OWASP Chicago meeting. The meeting was hosted by Morningstar and held in one of their spacious auditoriums. This particular meeting was conducted in the ‘lightening talk’ format with six speakers each talking for 10-20 minutes. The Master of Ceremonies for the event was Mike Tracy of Matasano, who is one of the leaders of the OWASP Chicago chapter. Mike did a great job of keeping the meeting on track and on time.

The first speaker was Tom Brennan of Trustwave and a member of the OWASP Board of Directors. Tom’s talk, “OWASP – Where We Are and Where We Are Going” gave the big picture perspective and talked about the achievements of OWASP to date and plans for the future. Unfortunately, due to traffic, I arrived a bit late and only caught the end of his talk.

Next up was Peter Morgan, also of Matasano, who gave a quick introduction to Buby, a “mashup” of the popular Burp Suite from PortSwigger and JRuby. Peter talked about installation, useful libraries, and extending functionality with modules.

Dan Crowley (@dan_crowley), also of Trustwave, gave an interesting talk titled, “Jack of All Formats.” He talked about how multiple files can be put into a single file by manipulating extensions, headers, start and stop markers, etc. Dan also gave a few examples of the security implications. His talk was so interesting Mike Tracy suggested he come back soon to give his talk in a full-feature format (instead of being limited to 10-20 minutes).

Next, Greg Ose (@gose1)talked about Exploiting Cross-Subdomain Cookie Setting Session Fixation (XSDCSSF), and Jacob Kitchel talked about “Code Auditing by a Dummy.” Jacob’s approach to his presentation was unique in that he described his attempt to solve a SpotTheVuln challenge as a movie plot.

Last up was the ever-popular Rafal Los (@wh1t3rabbit and @rafallos) of HP. Rafal’s talk, “Software Security Reality” spoke about the three pillars of software quality: functionality, performance, and security. His final slide talked about four keys to software security: process, education, automation, and governance.

In all, it was an excellent meeting and the lightening talk format kept it interesting. Kudos to the speakers, to Mike for organizing the event, and to Morningstar for hosting it!

 

Filed Under: Uncategorized Tagged With: ,

About.Me

December 23, 2010 By

I’ve created an About.Me page. It’s at http://about.me/clint326.

No, I don’t want to fight you … I just want to defend and protect sensitive information and critical systems :-)

The About.Me splash pages are an interesting idea and maybe that’s why AOL just purchased them.

But, I don’t see the longevity in it. If it catches on, won’t most blogging software just add splash pages as a feature?

And, how is AOL going to make money on About.Me? Who’s going to want advertising on their splash page? Who’s going to want a link to AOL on their splash page?

Filed Under: Uncategorized Tagged With:

Defining Information Security Risk

November 17, 2010 By

Years ago I wrote a definition of Information Security Risk that still seems to work well for me. Here it is:

Information Security Risk is a function of (a) the likelihood of a specific threat-source exploiting a specific vulnerability in a specific information system and (b) the resulting impact of that event on confidentiality, integrity, and availability.

Do you have a different definition of Information Security Risk? Please add it as a comment!

Filed Under: infosec Tagged With:
« Older Posts
Newer Posts »