|
Die bekannten Security-Profis werden
an zwei Kongresstagen die aktuellen Probleme der IT-Sicherheit diskutieren
und Einblick in Strategien und Sicherheitskonzepte geben.
Following
the Money or Why Security Has so Little to Do With Security
Bruce Schneier
The strangest thing about security is how little it has to do with
security. Why did firewalls succeed in the marketplace when e-mail
encryption failed? Why don't companies regularly install patches?
Why is software of such poor quality? The reasons have little to
do with security, and everything to do with the incentives of the
players involved. Economics, politics, laws, even social constraints
matter much more than security concerns. This talk attempts to peel
back the security talk and explain what really goes on when someone
makes a security decision. The results might surprise you.
Spies,
Lies and Audiotape
James Bamford
The United States and Britain are
engaged in a war based largely on phony intelligence. How could
this happen? Where were the checks and balances? What was real and
what was not? How much was the intelligence politicized? As the
United States fights its war on terrorism and looks to other possible
conflicts, such as in Iran and North Korea, it is critical that
intelligence not be misused and manipulated. But is this possible
with a White House determined to go to war?
Protecting
Databases
Aaron Newman
This presentation addresses some of the most overlooked topics on
database security and presents a view of the database from a hacker's
perspective. It also focuses on generic attacks as well as those
specific to Oracle, Microsoft SQL Server, Sybase, and DB2. We will
be performing some live attacks and discussing how to prevent this
from happening to you.
Honeypots:
The Latest Advances
Lance Spitzner
Over the past several years, honeypots have demonstrated their tremendous
potential as a new security technology. Not only do they have dramatic
detection capabilities, but can also be used for information gathering,
incident response, and targeting the insider threat. Lance Spitzner
will cover in this presentation the latest developments in honeypots,
and what to expect in the next 6 to 12 months.
Real-time
Network Awareness
Martin Rösch
One of the inherent issues with traditional intrusion detection
systems is that a fundamental lack of information leads to a great
deal of ambiguity sensors operate with virtually no knowledge
of the composition of the network components that they are defending.
Mr. Roesch will discuss the truth about implementing an intrusion
detection system and what problems usually occur, like evasion,
insertion & denial of service. He will illustrate his concept
of the “contextual vacuum” and how current systems are
flawed. Solutions are then offered by defining the parameters for
improving IDS with full understand of the network and that results
in higher quality data.
Advanced
Network Reconnaissance Techniques
Fyodor
Fyodor will present real-life examples of common network and firewall
configurations, then demonstrate practical techniques for exploring
and mapping those networks. He will cover IDS evasion, „phantom
ports“, advanced ping sweeps, service/version detection, firewall
circumvention, DNS hackery, IPv6, and more using his free Nmap scanner
and many other Open Source tools.
Trusted
Computing - Gefahr für IT-Sicherheit und freien Wettbewerb?
Rüdiger Weis
Microsoft und die „Trusted Computing Group“ planen mit
einem Aufwand von mehreren hundert Millionen Euro die grundlegenste
Änderung der IT Infrastruktur seit der Einführung des
Personal Computers. Eine wissenschaftliche Analyse der vorliegenden
Vorschläge zeigt zwar insbesondere keine signifikante Erhöhung
der Sicherheit gegen die allgegewärtigen Wurm- und Vieren-Epidemien,
jedoch eine Reihe von neuen Bedohungsszenarien. Zudem bestehen bei
europäischen Regierungen und Industrievertretern nicht von
der Hand zu weisende Befürchtungen, dass die Kontrolle von
kryptographischen Schlüsseln durch US Firmen und die höchst
unuebersichtliche Patentlage, zu erheblichen Wettbewerbsnachteilen
insbesondere für kleine und mittlere Unternehmen führen
könnten.
Wie
entsteht Sicherheit in der Wirtschaft?
Dr. Rudolf Kreutzer
Was versteht man unter Sicherheit in einem Unternehmen?
Wie macht man „normale“ Sicherheit in einem Unternehmen?
Wie entsteht Sicherheit in einem Rechenzentrum?
Wann, wo und wie kann keine Sicherheit entstehen?
Woran scheitern Unternehmen wirklich?
Was macht Unternehmen erfolgreich?
Woran kann man kommende Misserfolge erkennen?
Wie kann man Misserfolge verhindern?
Welche neuen Schwerpunkte entwickeln sich im Risikomanagement?
Was sind die entscheidenden Schlüsselkompetenzen für den
Risikomanager der Zukunft?
Lawful
Interception of IP: The European Context
Jaya Baloo
Lawful Interception (LI) is currently in development internationally
and the area of IP interception poses significant regulatory, as
well as implementation, challenges. The presentation attempts to
elucidate major legal and technical issues as well as citing the
vendors, operators and governments involved in creating the standards
and solutions.
In the European context, all EU countries have
been mandated to have LI capabilities in place and be able to provide
assistance to other member states when tracking transborder criminals.
Public Communications Providers must tread warily between privacy
concerns and LI requirements. Especially with the new talks concerning
Interpol, Enfopol, & Data Retention, communication over public
channels is anything but private. The conditions for interception
and the framework for oversight are not widely known.
As LI in Europe presents an example for the
rest of the world attention should be given to the changing face
of EU legislation. This is relevant not only to the EU expansion
but also concerns EU influence over her eastern and western allies.
Aktuelle
Trends und neue Technologien der IT-Sicherheit
Stefan Strobel
Stefan Strobel wird die neuesten Technologien, die auf dem IT-Security-Markt
erhältlich sind, vorstellen. Neue Möglichkeiten im Bereich
der IT-Sicherheit werden ebenso ein Thema sein, wie überholte
Ansichten und Meinungen.
Alert,
Warning und Response
Volker Kozok
Aufgrund der veränderten Bedrohungslage wächst die Notwendigkeit
der nationalen und internationalen Zusammenarbeit im Bereich der
Abwehr von Angriffen auf kritische Informationsinfrastrukturen.
Dabei sind in zukünftigen Auseinandersetzungen nicht mehr nur
militärische Ziele bedroht, sondern zunehmend auch Infrastrukturen
in Ministerien, Behörden, staatlichen Organisationen und im
zivilen Bereich.
Der Vortrag zeigt die Notwendigkeit nationaler und internationaler
Kooperation bei der Abwehr und Analyse von Angriffen, bei der Planung
und Koordination des Incident Mangements und der Fortsetzung der
Diskussion über kritische Infrastukturen.
Der Schluß fasst die zentralen Herausforderungen zusammen
und zeigt deutlich die Notwendigkeit eines einheitlichen zivil-militärischen
Alarmierungssystems bei netzbasierten Angriffen auf.
The
Relationships between Hackers and Spammers
John Draper
The talk will focus on the relationships between hackers and
spammers and how the two technology's are merging together to bring
new and troubling future threats to the internet.
The speaker will also be providing some interesting trends on how
spam is spread, how it correlates with the release of viruses in
the wild and how these viruses are now so flexible they can pass
any payload to un-suspecting systems without leaving a trace, setting
up spam proxies and other hacker friendly trojans.
nach oben
|
