IT-Defense 2022Round Tables

Round Tables

When it comes to a specialist conference, it is not only the lecturers' quality that matters but it is also important to exchange experiences with other participants who are in similar positions  and deal with similar issues. IT-Defense offers a clear framework to discuss security issues and topics with other participating security experts. 

Participants can discuss their own problems and other profound issues in small groups. For this purpose, IT-Defense lecturers serve as moderators; however, it is also possible to form individual groups on specific subjects.

Simultaneous round-table discussions will be available on Friday, February 4, 2022.

Social Engineering & Security Awareness - Jayson E. Street

In this roundtable, Jayson Street will be covering an aspect of Social Engineering & Security Awareness not often discussed.

He will be covering how Red Teams have taken their role to such an aggressive level it affects the security of the company negatively not by the compromise but the aftermath they leave behind. 
He will discuss how Blue Teams have taken this attitude and instead of refuting it they have adopted this mentality with their own employees and have created a hostile workforce rife with potential insider threats. That may not have been there before they engaged in their programs of 'education'.

Jayson Street will also discuss possible solutions to these two serious issues as well as the powerful and positive results that the Red Team can have with losing. He explains how this works in a way to give the company the best assessment/engagement you have to offer. He also discusses the benefits that companies received with this approach. This is not theoretical but his standard operating procedures when conducting a Security Awareness engagement.

Jayson Street also explains how companies can employ a security awareness program that will actually promote involvement from your employees and make it an incentive to be security aware. He explains a process that he developed called the "Three E's Educate - Empower - Enforce". With this process your employees become active and willing resources in your company's defenses. Instead of being unwilling victims of it and a possible compromise.

There will then be open discussions to talk amongst the group on ways these solutions can be employed at their company and how.

AI & the Law – an Introduction to the Legal and Technical Challenges of Using AI Based Systems – Volker Kozok and Sebastian Kahlert

The new guidelines of the EU initiative for trustworthy AI and the recommendations for the necessary technical and organizational measures made by the supervisory authorities are presented and critically questioned in an introductory talk. Starting from four topic blocks, the participants of the round table will discuss the requirements for risk assessment as well as for ensuring transparency and the rights of persons affected; in addition, approaches for the controllability of AI based systems are presented. The speakers will question the proposed measures, which in many areas are not effective, and explain the challenges operators and users of AI based systems are confronted with when they want to ensure a legally compliant operation.
 

Big Game Hunting – Volker Kozok

Following the lecture, further examples and aspects will be presented in this round table and then discussed in detail.
 

Be Prepared for an Emergency – Planning and Training Incident Response – Marco Lorenz & Steffen Gundel

Luckily, severe security incidents rarely occur in enterprises. And this is why there often is a lack of practical experience and routine in case an emergency indeed does occur. Incident response is then often performed totally uncoordinated, and serious errors are made. To prevent exactly this, numerous important preparatory steps for planning must be taken and decisions made in advance, and it is recommended to regularly train the reaction to potential security incidents in simulation games. In this round table, cirosec partners Steffen Gundel and Marco Lorenz will talk about their practical experiences regarding how the preparation for security incidents should look like and how you can prepare and carry out practical emergency exercises.
 

The Risk of Log Files – Between Necessity and Statutory Prohibition – Joerg Heidrich and Dr. Christoph Wegener

The correct use of log files regularly confronts admins with big uncertainty. Because this information is essential for the analysis of errors, security and attacks on the one hand, while processing it, on the other hand, entails considerable legal risks, in particular with regard to the GDPR. Not rarely are the responsible persons threatened by dismissal or even legal consequences.

In this round table, the two experts Dr. Christoph Wegener and Joerg Heidrich will discuss how the biggest possible legal certainty can be achieved when logging data without jeopardizing the enterprise’s IT security and ability to act. Using many practical examples, they will show the way to combine both data protection and the storage and processing of log data for the analysis of errors, security and, if necessary, attacks in a useful manner. The format leaves a lot of room for questions from the participants.

On-Premise Protective DNS Techniques – Paul Vixie & Boris Taratine

Many cloud DNS providers including openDNS, Heimdal, DNSfilter, Cloudflare, and Quad9 offer DNS filtering whereby questions or answers deemed dangerous are answered dishonestly. This constructive dishonesty is a valuable security feature, and one which the US government recommended universally in an announcement last march (2021). However, managed private networks who use DNS as a control and monitoring point for cybersecurity can't or won't push their DNS service into the cloud. For them, a DNS firewall called RPZ can be used to publish or subscribe to protective DNS filtering policy, which can be deployed locally using any open source DNS server, or any DNS appliance. In this round table, Paul Vixie and Boris Taratine will cover the motives, methods, and context of on-premise protective DNS.
 

Link Analysis –Works in Maltego also – Dirk Wagner and Florian Murschetz

Dirk Wagner and Florian Murschetz will use examples to show how companies can use open data sources as well as individual data sources to analyze and visualize their attack surface. In a specific assessment in the CTI/malware analysis environment they will also explain how to visualize different campaigns and identify overlaps using TTPs (Mitre ATT & CK Framework).

This allows the participants to gain insight into Maltego’s explorative link analysis. Any questions and the participants’ own experiences can also be discussed in the workshop.

Moreover, the participants can follow the practical examples on their own devices; this only requires a Maltego installation.