Agenda for July 10th - 2nd year Anniversary Party Note: Meeting will start promptly at 6:00 pm.
6:00-10:00pm: A brief overview of the Ohio Information Security Forum. Prizes We will be having a prize drawing at the end of the meeting. Presentation 1: VoIP Hopping the Corporate Data Network – Nate Power In this presentation we will be discussing a method to test Voice VLAN security. The Integration of voice and data into a single network can expose new security holes. Giving unauthorized users the ability to gain privileged access and get to places on the network they don't belong. It is important to understand the risk involved with deploying VOIP technology. Nate Power currently lives in the Dayton Ohio area, employed as a Security Administrator for a publishing company. He started in his career in computers at the age of 16 working at Wright Patterson Air Force Base. That environment sparked interest in network and server environments. Over the years, Nate has built a strong background in *NIX and networking systems. Nate works hard and plays hard. His lifestyle reflects that he lives security. Presentation 2: Web Hacks & Attacks – Deral Heiland In this presentation will examine various Cross Site Scripting (XSS) & Cross Site Request Forgery (CSRF) attacks used against home users and corporate enterprises. We will be demonstrating various high end attacks to steal information, Take control of client machines, gain access to internal resources and modifying users controlled systems. Deral Heiland (CISSP, SSCP) serves as a Security Engineer for a fortune 500 company. Deral’s responsibilities include security assessments and penetration testing. In his spare time Deral does security research, working with vendors in reporting and fixing vulnerabilities. In addition he has presented at numerous security conferences including Shmoocon 2008, Defcon (2004, 2005), Interzone 5, Information Security Summit 2006,2007 and AFCEA InfoTech2007. With over 15 years of work in the Information Technology field, Mr. Heiland has held prior positions including: Senior Network Analyst, Network Administrator, Database Manager, and Financial Systems Manager. Presentation 3: Virtualization: Dissecting the matrix (Technical presentation) – William Kimball A key aspect of security is control and virtualization provides control. Checkpoint, McAfee and Symantec are developing a new line of security products which leverage VMware's VMsafe [1], a virtualization-based API. This presentation helps prepare us for virtualized environments by demystifying the internals of virtual machine monitors (aka. hypervisors [2]). Subtopics include, Intel Architecture [3], emulators [4], binary translation [5], and dynamic recompilation [6].
[1]www.vmware.com/go/vmsafe William Kimball is a graduate student at the Air Force Institute of Technology. |
|
|
|
|