This is the first content post of my summary of the day’s events at the DGI Cyber Security Conference and Expo. Click here for the overview post of the conference.
The doors opened at 7:30 for conference attendees. I walked in, checked in and got a very official name badge with my name and organization affiliation (Penn State University) and also a program. I found a seat close to the front and grabbed a quick breakfast provided by DGI. I had some time to kill, so I talked to a few people about what they do and why they were attending the conference. The IRS had a huge contingent that all sat around me; I think they all were security/system architects. After more waiting, the first session got underway.
The keynote speech was given by J. Michael Gibbons who is the Principal for Security and Privacy Services for Deloitte Consulting. Prior to that position, he served as the Chief of Computer Crime Investigations for the FBI. Most of his speech’s content was filled with experience from his FBI days. The name of his session was “Cyber Security: Using A Historical Perspective To Provide Insight on Current Threats.” Mr. Gibbons went over the major types of computer attacks He detailed that hostile code has been the norm for computer security breaches for a long time now, and the only thing that has changed is the delivery method.
He reports that email attachments are still the main (and easiest) vector to deliver such an attack. With 3/4 of all email being spam messages, it is still commonplace for people to click emails that are from people that they don’t trust. Although spam filtering technologies have made massive progress in the last few years, it is still not enough to protect users completely.
A term that I had never heard of was mentioned by Mr. Gibbons during the portion of his speech on phishing. The term “spearphising” is a phishing attack directly at a specific person that is usually a high-level member of an organization. Between November of 2004 and November of 2005, we saw an incredible increase of phishing attacks. This even caused the FBI to take notice of this new threat. Instead of hackers stealing your identity, the victims are actually handing it over willingly.
Mr. Gibbons also discussed keylogging in very general terms, and more specifically on it’s impact on online banking. Keylogging can be accomplished through both hardware and software, and both methods are highly lucrative. For the hardware keyloggers, a device is placed between the keyboard and the computer (which often looks like a USB cord extender) and logs keystrokes in its own memory. Software keylogging is where a program is run silently in the background of your computer and keeps tracks of what you type and where you type it. Sophisticated keyloggers send out the information over the net to the originators of the attack. Obviously, the impact on online banking is that intruders can steal your account information and either steal your money in the account or sell the information to the highest bidder.
The next attack that was shared was a complex trojan infection. In this attack, you merely have to visit a compromised website in order to be a victim. Hostile code hides in the iframe of the webpage and silently infects your system. Unfortunately, these attacks are becoming more and more common. The good news is that there are steps that can be taken to minimize this risk and many others.
Another excellent point is that security professionals must emulate the hacker community. Hackers employ techniques such as real-time data exchange, trusted channels of communications, anonymous workgroups, file and vulnerability exchange, portable code, reusable code and quid pro quo to extend thier devasating efforts upon the world. Even after years of attempting to study the hacker community and their incredible workflow and sharing methods, security professionals are not able to duplicate the process for themselves.
The fact is that zero-day attacks are what hurts the IT industry the most. We need, more than anything else, real-time intelligence on these problems. The problem is that intelligence is difficult, and sometimes impossible to come by. In light of this fact, Mr. Gibbons reflected that user education and training is the most valuable tool of protection and prevention- much more than any type of software or hardware.
The next speech was shared by Dr. George Datesman who is a Senior Manager over at Noblis and Rich Kellet who is an IT Security Officer with the General Services Administration. Their topic dealt with how to identify, develop and retain IT security candidates and contractors.
Mr. Rich Kellet talked about what NIST 800-53 really means. NIST 800-53 is a document put out by the National Institute of Standards and Technology that explains how to set up government IT systems in terms of security. According to Mr. Kellet, a former attorney, 800-53 specifically focuses on management, operations and technology of a secure IT setup. 800-53 means an even greater cost for contracting. Other notable NIST documents are 800-18 (plans for developing security plans) and 800-37.
Dr. George Datesman spoke on how there is a moving shift in federal IT security rules across the board. First, the identification of IT security jobs is crucial to consolidate infrastructure and organiaztion. Requirements set forth by FISMA, the OMBA-130 identify generally accepted practices and standards. The problem is that there are many other government regulatory documents that deal with the same thing. Dr. Datesman expressed the need for a central, highest common denomonator document that takes care of the relationship between IT, security and government.
Check back to this blog for more coverege on the 2008 DGI Cyber Conference and Expo. There are at least six more exciting articles coming.