MIT Security Camp 2006
|
MIT Security Camp 2006 |
|
MIT Information Services and Technology in association with the Northeast Regional Computing Program (NERCOMP) is sponsoring a Security Camp on Tuesday and Wednesday, August 15-16, 2006. Discussion topics include Wireless Security, How not to get Hacked, Security Models as well as an invited speaker from the FBI. Breakfast, lunch and snacks will be provided.
Attendance at the Security Camp is free, but we'd still like you to register at http://websurvey.mit.edu/scamp.
Agenda
Tuesday August 15th +-------+----------------------------------------------------------------+ | 8:30 | Light Refreshments available | +-------+----------------------------------------------------------------+ | 9:00 | Welcome and Introduction | +-------+----------------------------------------------------------------+ | 9:15 | How not to get hacked at the MIT Network Security Camp | | | | | | Nicholas Andre DePetrillo <nick at NOSPAM oshean.org> | | | | | | Every year we all gather under the same roof to talk about | | | security. We all connect to the same unsecured wireless | | | access point and for the next few hours we talk about | | | security in higher education. With the recent wireless | | | exploits released such as Karma and the new research into | | | hardware and firmware fuzzing, increasing security on our | | | own systems has become necessary even at our own | | | conferences. | | | | | | I aim to give a multi-platform (Windows, Mac OSX, Linux) | | | presentation on paranoid security for the security | | | professional, specifically our laptops and desktops. | | | Showcasing the latest and greatest free (mostly | | | open-source) privacy and security tools for each | | | platform. From secure instant messaging, ssh tunneling, Tor | | | and tons more. I will also address best practices for | | | personal security that many people don't think about but | | | are very important. All of this targeted to the higher | | | education security professional. As security engineers we | | | are always busy securing others, but ask yourself this | | | question: How secure are you? | +-------+----------------------------------------------------------------+ | 10:15 | Break (light Refreshments) | +-------+----------------------------------------------------------------+ | 10:30 | Wireless Network Security | | | | | | Paul Asadoorian <Paul_Asadoorian at NOSPAM brown.edu> | | | | | | Now, more than ever, wireless networks are going to require | | | security. With everything from cell phones to entire | | | states implementing wireless, it is most certainly | | | ubiquitous. Learn how attackers are bypassing both the | | | traditional methods of wireless security and getting around | | | the protections in even the most secure wireless | | | installations. (Complete with interactive demonstrations). | | | Finally, you will learn how to protect yourself and your | | | wireless network against these techniques. | +-------+----------------------------------------------------------------+ | 11:30 | Security Models | | | | | | Joel Rosenblatt <joel at NOSPAM columbia.edu> | | | | | | From Corporate to ISP; one size does not fit all. | | | | | | Network security is a challenge in the large research | | | university. The decentralized management structure and | | | wide array of support models presents a "no size fits all" | | | type of environment. The basic design philosophy of the | | | Columbia Model is that a security system that can protect | | | the rest of the world from Columbia University will also | | | protect Columbia from the rest of the world. There is a | | | chance that we may have some control over the attackers | | | (machines on our campus). This is important because a | | | machine on campus that attacks an outside machine is just | | | as likely to be used to attack an inside machine. The talk | | | will expand on the synthesis of the Columbia model and the | | | software that was developed to make it work. | | | | +-------+----------------------------------------------------------------+ | 12:30 | Lunch | +-------+----------------------------------------------------------------+ | 13:30 | Seeking The Middle Way: Digital Guardian and Incident | | | Management | | | | | | Bob Mahoney <bob at NOSPAM zanshinsecurity.com> | | | | +-------+----------------------------------------------------------------+ | 14:30 | Break | +-------+----------------------------------------------------------------+ | 14:45 | Evaluating Hard Disk Encryption in an academic environment | | | | | | Jonathan Hunt <jmhunt at NOSPAM MIT.EDU> | | | | | | MIT wants to improve its sensitive data protections by | | | recommending disk encryption solutions for laptops and | | | other computers. We have started by evaluating the | | | encryption tools built into the standard operating systems | | | (namely FileVault and Encrypted File System). Learn how | | | this evaluation is going, including the pitfalls and | | | advantages we have discovered and how we are using a Wiki | | | for collecting feedback. | | | | +-------+----------------------------------------------------------------+ | 15:45 | Break (Refreshments) | +-------+----------------------------------------------------------------+ | 16:15 | Tor: An anonymous Internet communication system | | | | | | Roger Dingledine <arma at NOSPAM MIT.EDU> | | | | | | What do the DoD and the EFF have in common? They have both | | | funded the development of Tor (tor.eff.org), a | | | free-software anonymizing network that helps people around | | | the world use the Internet in safety. Tor's 700 volunteer | | | servers carry traffic for a few hundred thousand users | | | including individuals, companies, and governments. | | | | | | I'll give an overview of the Tor architecture, and talk | | | about what security it provides and how user applications | | | interface to it. Then we can discuss advantages and | | | drawbacks of Tor in an educational environment, including | | | contrasting the experiences people have had running Tor | | | servers on various campuses -- MIT, Harvard, Georgia Tech, | | | CMU, Berkeley, Michigan Tech, Rice, Toronto, UNC, UCLA, | | | Rose-Hulman, Dartmouth, ... | | | | +-------+----------------------------------------------------------------+ | 17:15 | Logistics Discussion | +-------+----------------------------------------------------------------+ | 17:30 | Done for the Day | +-------+----------------------------------------------------------------+ | 18:00 | Dinner | +-------+----------------------------------------------------------------+ Wednesday August 16th +-------+----------------------------------------------------------------+ | 8:30 | Light Refreshments available | +-------+----------------------------------------------------------------+ | 9:00 | Jim Burrell -- FBI Invited Speaker | +-------+----------------------------------------------------------------+ | 10:00 | CALEA What's all the hubub about | | | | | | Jeffrey I. Schiller <jis at NOSPAM MIT.EDU> | | | | | | CALEA: The Communications Assistance to Law Enforcement Act | | | was passed in 1994. It requires "Telecommunications | | | Carriers" to provide a standardized interface for the use | | | of Law Enforcement to engage in legally authorized | | | communications interception. Recently the FCC has issued | | | rulings to expand the CALEA requirements to cover | | | "Facilities Based Broadband Providers." | | | | | | This has caused concern and consternation in the ranks of | | | Higher Education. Are we now required to implement CALEA, | | | or not. This talk, by a non-lawyer, will discuss the | | | motivation and issued around CALEA and take a stab at that | | | great question: "What me Worry?" | +-------+----------------------------------------------------------------+ | 11:00 | Closing Discussion | +-------+----------------------------------------------------------------+ | 12:00 | Done | +-------+----------------------------------------------------------------+
Copyright
© Massachusetts Institute of Technology
Comments and
questions to jis@mit.edu