Abstracts
The following are confirmed abstracts for speakers at the LCA2005 Security Miniconf. As more speakers are confirmed this list will be revised, so check back frequently. The exact time table is still undecided at this stage, but should be finalised a few weeks before the conference.
Security Stream
NSA Security Enhanced Linux in RHEL - Russell Coker
The major new feature in Red Hat Enterprise Linux 4 is SE Linux. I will explain how SE Linux works, describe the features of the SE Linux implementation in RHEL4 and the decisions that were made when deciding which features to implement.
Bio: Russell Coker has been working on SE Linux since mid 2001. He works for Red Hat on the SE Linux support in Fedora and RHEL. Prior to working for Red Hat he used to work as a sys-admin for ISPs.
This talk will be 60 minutes long including questions
Securing Third party web applications - Michael Cohen
Web servers are typically exposed to the most hostile environment - open to attack on the Internet. In addition, web servers typically run the most critical applications interfacing organisations to their customers. When one considers that most web applications are written in house with little scrutiny of the code base, and by programmers which are not security trained, it becomes apparent why web application vulnerabilities are so dangerous - rating high on the SANS top 20 list.
This talk will cover some of the common vulnerabilities which may be present in web applications. The steps which can be taken to ensure that the application is free of those vulnerabilities are also covered - from a full third party code review to an 80/20 solution based on native language implementations, as well as apache's mod_security.
This talk will be 60 minutes long including questions.
Bio: Dr. Michael Cohen received his PhD from the Australian National University at 2001 in the field of semiconductor physics. He has been working at the Australian Department of Defence for the past few years in the position of senior technical advisor - specialising in the fields of Information Security and Forensics. Michael is a primary developer of PyFlag, an advaced free forensic package.
Small Business Security - Easier Than You Think - Samuel Gordon-Stewart
In any business, IT security is critical to the ongoing operations of the business, but to a large number of small businesses, proper security is seen as expensive & difficult. Samuel Gordon-Stewart helps to break through this myth, with the help of SmoothWall, an open source linux firewall distro.
Samuel will explain why security is important, why businesses feel scared of real security & the SOHO router trap that lures small business into a false sense of security. He will then show SmoothWall, explain the reasons behind it's security, ease of use, and why it is so popular. Samuel will also run through a sample installation and setup, as well as explaining the security and features along the way.
SmoothWall doesn't just stop at security though, Samuel will also show it's extendability and the extra features that blow SOHO routers out of the water. Of course, security doesn't stop at the firewall, Samuel will also show his tips for keeping a network secure, even if you don't have dedicated IT staff.
Samuel will also provide a Q&A session to answer all question SmoothWall related. If time permits, Samuel may also show off his own installation of SmoothWall, and explain his own setup.
Bio: Samuel Gordon-Stewart is an IT student at Dickson College, about 20 minutes from the linuxconf venue, he is also an IT Administrator at Dickson College with a SNAP (School Based New Apprenticeship) position. In his work, Samuel has been exposed to plenty of different operating environments, cultures, and systems. Samuel has worked with Linux file servers, Windows file servers, Dansguardian web content filtering and lots more. At home Samuel maintains a small home network with plenty of Linux (and even some Windows) and loves to play with open source software.
In his spare time, Samuel has an interest in radio, sport and dog-walking, and probably drinks a bit too much coffee!!
This talk will be 60 minutes long including questions.
Using OWASP Guide 2.0 with open source projects - Andrew van der Stock
If you monitor Bugtraq, open source projects appear with alarming regularity, often suffering from exactly the same basic and utterly preventable web application faults.
Just sticking a firewall in front of a system and using SSL was never enough, particularly as this is not how open source web applications are deployed. Most open source applications are deployed on badly patched, unfirewalled systems with dodgy versions of PHP and MySQL. Your application should not be the weak link in this equation.
Every vulnerability annoys users, causes system compromises, and disrupts the open source reality distortion field ("Given enough eyeballs, all bugs are shallow"). What's needed is specialist eyeballs, not more of them.
The Open Web Application Security Project is about to release the new version of the Guide to Building Secure Applications and Web Services. Andrew, who is the Technical Editor of the Guide, will show off the new funky features of the Guide, and show how you to become a specialist eyeball and make your code safer.
As the Guide is an open source project licensed under the GNU FDL, you are free to download, monitor development and contribute.
Bio: Andrew van der Stock has an illustrious career of never delivering on his open source projects, starting with a stab at GNU's stty back in the 1990 timeframe. Luckily, delivery has improved over time, with mostly successful stints as a dev on XFree86 (Matrox support), pnm2ppa, XMB Forum, and now various OWASP projects, such as the Guide.
He has been a past president of SAGE-AU, the System Administrator's Guild of Australia, which promulgates the Open Source Development Agreement (OSDA), which is handy if you want to formalize your contribution to code projects outside of your employer's time. He is the current Technical Editor of the OWASP Guide.
Andrew is a long time security geek specializing in web application security for the last few years. He currently works full time for a financial institution.
SSL/TLS - Simon Horman (Horms)
SSL/TLS is widely used to securely send data over the Internet, however it is not a magic solution, and without an understanding of how the protocol works and how the underlying technologies it is at best difficult to fully utilise SSL/TLS and at worst easy to use SSL/TLS in an insecure manner.
This presentation will explain how SSL/TLS work, from a high level protocol discussion of data integrity, confidentiality and endpoint verification, to a low level discussion of the different messages that make up the SSL/TLS protocol and the encryption techniques that ultimately secure the connection.
The intended audience will be interested in using or developing applications that make use of SSL/TLS to secure data transfers. I think that means more or less everyone who uses the Internet :-)
Bio: Horms (Simon Horman) works on various load balancing and high availability and email projects. To this end is involved in various Open Source projects including Linux-HA, Linux Virtual Server and Perdition. He is also a member of the Debian Project and the Debian Kernel Team. His main interest is computer networks and in particular how this makes information accessible to people. He is currently a member of the engineering department at VA Linux Systems Japan.
Personal Home Page: www.vergenet.net/~horms/ Linux-HA: www.linux-ha.org Debian: www.debian.org Linux Virtual Server: www.linuxvirtualserver.org Perdition: www.vergenet.net/linux/perdition/ VA Linux Systems Japan: www.valinux.co.jp/en/index.html Taking the fun out of smashing the stack - Sean Burford
The resistance of Linux distributions to exploitation of common software flaws is improving. This talk examines proactive technologies being used to provide protection from memory overflow and format string bugs.
Kernel advances such as position independent executables, non-executable memory regions, stack smashing protection and execution capabilities are introduced. Implementations such as PAX and exec-shield are compared.
The effect of these technologies is demonstrated against a suite of exploitable code snippets, providing the audience with a solid understanding of the level of security they can expect.
Bio: Sean Burford has worn many hats; C/C++ developer, systems administrator and occasional security advisor. He loves to mix and match tools from these disciplines to create better ways to understand software, bugs and all.
Holding a Bachelor of Computer and Information Science from the University of South Australia. Sean has continued his education gaining certifications in Linux Administration (LPI), Solaris 9 Systems Administration (SCSA), and is a Sun Certified Network Administrator.
Forensic and Incident Response Stream
PyFlag - A Forensic and Log Analysis GUI - David Collett
The Forensic and Log Analysis GUI (pyFLAG) is a free (GPL) forensic package designed to streamline the analysis of very large quantities of data. The core design goal of pyFLAG is to use a relational database for managing the large quantities of data uncovered during automatic forensic analysis, leaving the investigator to peruse the results once the time consuming analysis is done.
This seminar covers a number of common computer forensic techniques, and illustrate how these techniques are implemented within pyFLAG.
Some of the techniques covered include:
- Automatic classification of files according to hash databases.
- Image and file extraction - Automatically search for pornography and other imagery, even after the file-system is destroyed.
- Log analysis. (FTP and HTTP Server logs).
RAID Reconstruction and the search for the Aardvark - Michael Cohen
Redundant Arrays of Independant Disks (RAID) are very common in server class systems and are becoming more common in high end workstations as well. These systems present challenges for both forensic acquisition as well as data recovery since imaging individual disks does not yield the data. Instead practitioners must reassemble the data into its original format before the logical image may be used.
This talk will discuss a number of useful techniques to recover from hard disk failures, and reassemble the RAID data. We present a method for automating this process, and provide examples of reassembling the array in practice. This talk will also cover how an Aardvark is a valuable data recovery tool - its always good to keep some termites around.
This talk will be 60 minutes long including questions.
Bio: Dr. Michael Cohen received his PhD from the Australian National University at 2001 in the field of semiconductor physics. He has been working at the Australian Department of Defence for the past few years in the position of senior technical advisor - specialising in the fields of Information Security and Forensics. Michael is a primary developer of PyFlag, an advaced free forensic package.
Computing forensics: a live analysis - Craig Pearce
Most forensics procedures recommend an investigation on a bit-for-bit copy of the affected host image in a sterilised environment, known as a dead-analysis. Situations where the affected host cannot be turned off require a live-analysis to preserve volatile data, such as an encrypted volume where the investigator does not possess the decryption key, attacks in progress, open files and processes and memory-resident information lost when the power is cycled.
This talk demonstrates how to perform a live analysis, while trying to preserve integrity for confidence of evidence handling using Helix, a Knoppix-based CD-ROM equipped with open source forensics tools such as sleuthkit, autopsy and rkhunter.
Additionally, we analyse some (contrived) suspect images where steganography has been used to hide information.
This talk will be 60 minutes long including questions.