Thursday, October 16, 2008 - 8 a.m. to 5 p.m.
The 4th annual Security at University of Michigan IT (SUMIT) was held on Thursday, October 16, 2008. As the university's flagship event for National Cybersecurity Awareness Month, SUMIT is an exciting opportunity to hear nationally recognized experts discuss the latest technical, legal, and operational trends and threats in cyberspace.
Co-owner and Partner, 5Nines Data
Stealing the Internet: An Internet-Scale, Routed Man-In-The-Middle Attack
"Stealing the Internet" will describe a method where an attacker exploits trust relationships in the BGP routing system to facilitate transparent interception of IP packets. The method will be shown to function at a scale previously thought by many as unavailable to anyone outside of intelligence agencies and carrier networks. The talk highlighted a new twist in sub-prefix hijacking that I demonstrated at Defcon 16: using intrinsic BGP logic to hijack network traffic and simultaneously create a 'bgp shunt' -- a "feasible path" -- towards the target network. Results of a recent inter-provider filtering practices survey will be presented as further rationale for stronger route filtering and increased routing security research.Those interested in observing the attack in action and the original demonstration are encouraged to view the video of the presentation, posted at www.defcon.org.
Anton Kapela has been an on-again off-again Madison resident since 2000. He originally came to Madison to attend Herzing College. A few years into it, engineering and telecommunication opportunities spoke more loudly than school -- ultimately resulting in Anton moving to Miami in 2003 and departing academia with an A.S. In the years following his first stay in Madison, Anton worked and consulted with a number of industry greats. His favorites so far have been Redline Communications, C-net Networks, Motorola's Canopy Wireless division, and a subsidiary of Research In Motion called 'Slipstream.' Recently he consulted on Internap Networks' acquisition and integration of VitalStream - a large international Content Delivery Network.
Anton is actively involved in the Internet operations and research community and has been a frequent presenter at the North American Network Operators Group meetings on a variety of topics. He's also a co-owner and partner at Five Nines Data, a local Madison Datacenter and IT solutions company. At 5nines he is responsible for the architecture and implementation of network services and datacenter facilities. When Anton isn't working, he spends time in rehearsal and recording studios playing drums and bass guitar, and dabbles with photography and broadcast video technology.
Director of Engineering, Internet Systems Consortium (ISC)
Case Study: Responding to the Latest DNS Threats
The Internet's Domain Name System (DNS) is increasingly implicated as a target and in perpetration of network abuse. Some attacks exploit vulnerabilities in the DNS protocol itself, and in August, Dan Kaminsky announced CERT VU#800113, which significantly increased the ease with which "cache poisoning" attacks may be perpetrated. Work done by ISC in coordination with other DNS vendors and operators enacted a best-practice controlled-disclosure response to this major threat. This presentation recounted the story so far, and summarizes recent results from OARC and SIE researchers measuring the extent of the problem and mitigation deployment. Various DNS future-proofing techniques against this threat are outlined, but the case is presented that DNSSEC is the only technology which can comprehensively prevent this and other abuses.
Keith Mitchell was first involved with what is now known as the Internet 20 years ago, as a postgraduate at University College London. Between 1986 and 1991, while working for Edinburgh-based Spider Systems, Keith was a representative on the board of the UK Internet Consortium. In early 1992, he became one of the founders of the UK's first commercial Internet provider, PIPEX. From May 1996 until September 2000, Keith served in the full-time role of Executive Chairman of (LINX), the London Internet Exchange. He has served as a non-executive Director of Nominet UK, and as Chairman of the RIPE NCC Executive Board (1997-99). In September 2000, Keith became a founder investor and served until 2004 as Chief Technical Officer of XchangePoint, a pan-European commercial provider of Internet interconnect and peering services. Between 2004 and 2006 Keith was Technical Director of the UK Internet Forum, where he setup the UK Network Operators' Forum of which he is now chair. In 2006 Keith moved to the USA, and has become Programme Manager of the Operations, Analysis and Research Center (OARC).
In 2008, Keith was appointed as Director of Engineering at the Internet Systems Consortium (ISC).
Chief Security Strategist and Director of Application Product Management, Splunk
IT Data Visualization
The crime landscape is shifting. Crimes are moving up the network stack. Network-based attacks are a topic of the past. The attacks today are executed on the application layer: Web 2.0 and instant messenger attacks are more and more common. Crimes are committed inside of applications: fraud, sabotage, abuse, information leaks, and crime ware are big problems for organizations. Crime has shifted. Have you? Are you prepared to deal with these new developments? Are you still relying on your network-based intrusion detection or prevention systems? Are you aware of what is happening inside of your applications? In addition to monitoring your networks, you have to make sure you are also taking an in-depth look at your applications. Due to the vast amount of log data that needs to be analyzed, novel methods are needed to conduct the analysis. Visualization of data has proven to be the approach generating the best return on investment when it comes to complex data analysis problems. This talk showed how security analysts can catch up with the changing crime landscape by utilizing novel technologies and analysis methods. The audience learned to make use of new technologies and paradigms to deal with the changing threats.
As chief security strategist and director of application product management, Raffy is customer advocate and guardian - expert on all things security and log analysis at Splunk. Starting with IBM Research and Price Waterhouse Coopers Consulting, then ArcSight and Splunk, Raffy has been in the log management and analysis world for many years. He has built numerous log analysis systems and implemented use-cases for hundreds of customers that deal with log management challenges on a daily basis. Currently he uses his skills in data visualization, log management, intrusion detection, and compliance to solve problems and create solutions for Splunk customers. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization. His passion for visualization is evident in the many presentations he gives at conferences around the world and his book: "Applied Security Visualization." In addition, Raffy is the author of AfterGlow, founder of the security visualization portal http://secviz.org, and contributing author to a number of books on security and visualization.
Founder, Nomad Mobile Research Center (NMRC)
Computer Security Myths and Mistakes
Between security consultants, trade magazines, security mailing lists, software and hardware vendors, and yes even speakers at a conference, it is difficult to know for sure who to trust and where to place issues on the priority list. Everyone has either something to sell or something to gain by having you follow their opinion. While in many cases the hard sell of product or service "A" to prevent security disaster "B" is viable, but is it really that important to your organization right now? Not only were some common myths and mistakes discussed in this presentation, but reasons pro and con for each will be discussed. Simple Nomad encouraged viewers to go to their next vendor pitch or consultant meeting armed and ready to shoot some holes in a few industry myths. This was a technical discussion, as the myths will often get shot down via technical means. Questions were *heavily* encouraged.
Mark "Simple Nomad" Loveless has been compromising security systems since the 80s, and has worked as an IT Systems Administrator in the Fortune 500, a security researcher for security software and hardware vendors, and as a consultant performing security audits and penetration tests. He has written tools, white papers, and advisories regarding security and privacy, and has been interviewed by television, print, and online media. He also enjoys virtually any drink with Vodka in it, and believes space aliens are stealing his luggage.