Sessions

10 AM Sessions

Forensics 101

This session will provide you an overview of computer forensics in addition to a step-by-step guide on securing a compromised computer for additional forensic testing.  We will look at the steps necessary to maintain chain of custody, and what can and can not be done in order to prosecute individuals with computer crimes.

Securely Locking Down Your SUSE Linux
Enterprise Server/Novell Open Enterprise Server

The perimeter security that most organizations have in place has become less effective at stopping threats as businesses open their networks to remote employees, customers and partners. Thus it is important to secure critical infrastructure servers against attack, whether they are important outward-facing machines such as web servers, or critical inward-facing machines such as database servers and application servers.  This session will describe how to use the various features of SLES (SUSE Linux Enterprise Server) and OES (Open Enterprise Server) to secure machines against attack. We will describe configuring classical security features such as the IPTables firewall for Linux, including how to configure your firewall with YaST. We will also describe other Linux security best practices.

Application Security

In today's e-commerce world, web applications are being defeated by traditional security controls used to protect our networks. By exploiting vulnerabilities resulting from programming and configuration errors, weaknesses are routinely found that lead to monetary lost and pose a variety threats to businesses. The session introduces you to the dangers associated with these vulnerabilities and demonstrates how perform appropriate auditing and due diligence against applications.

Windows Server Family History

This presentation is a detailed review of the core features and security hardening differences of Windows Server 2000, Windows Server 2003, Windows Server 2003 SP1 and Windows Server R2. The services that will be covered are Active Directory, Authorization Manager, Internet Information Services, File Services, Windows Shared Services and other core infrastructure services. The content will provide you with working knowledge of the key features and security benefits of each release.

1 PM Sessions

Securing IBM WebSphere Application Server

This session will focus on how security is implemented in the IBM WebSphere Application Server V6 including authentication, authorization and hardening. It will also cover load balancing, failover and high availability. An overview of WebSphere Application Server V6 will be provided including its main themes, packaging, architecture, messaging, administration and systems management.

Linux Application Security for the Enterprise - Novell AppArmor

IT organizations face no bigger challenge than defending their applications from the constant barrage of attacks and malicious code threatening their data. AppArmor is a host-based application security solution for Linux that stops attacks before they can impact the system. AppArmor assures the integrity of servers, eliminates the need for constant security patching, and facilitates regulatory compliance. AppArmor is integrated with Novell SUSE Linux server platforms, including SUSE Linux Enterprise Server and Open Enterprise Server, and includes console- and YaST-based tools to automate the development of application security policies. We will cover the in-depth technical aspects of AppArmor and show you how to develop an AppArmor security policy for open source, custom or commercial applications using the console and YaST-based tools provided.

Vulnerability Assessment / Scanning Tools

An inside look at various scanning tools, real life stories, and using them effectively.

Domain Isolation Using Active Directory Group Policies and IPSEC

This presentation addresses Server and domain isolation which make it possible to create a layer of security to achieve logical isolation of the network traffic that moves between computers or networks. If an attacker manages to gain physical access to an organizational internal network and attempts to access a server that contains valued data assets, server and domain isolation can block access simply because the computer that the attacker is using is not a trusted company device, even if the attacker used a valid user account and password.

The logical isolation approach using server and domain isolation techniques enables the development of a flexible, scalable, and manageable isolation solution that provides the security of isolation without the cost or inflexibility of physical boundaries.

2:15 PM Sessions

DB2/UDB using XML Enablement

This session will focus on the methodology's IBM utilizes in developing secure products.  We will explore configuration settings for DB2 / UDB using XML enablement.

Exploring the Global Security Threat landscape

This session will show current vulnerabilities we face daily from the national/international theatre.   In addition we will discuss popular hacking techniques.

Wireless Security

Challenged with how to roll out a secure wireless solution? This presentation will provide the following:

• Recommended approaches on wireless deployment
• Issues that our customers have experienced with their wireless initiatives
• How to secure your wireless infrastructure
• What is on the horizon for wireless

Windows Server R2

This presentation addresses the Benefits of building upon the increased security, reliability, and performance provided by Windows Server 2003 Service Pack 1 (SP1), Windows Server 2003 R2 extends connectivity and control to local and remote resources. Organizations can benefit from reduced costs and increased efficiencies gained through enhanced management and control over resources across the enterprise. Simplified Branch Server Management - Windows Server 2003 R2 allows you to maintain the performance, availability, and productivity benefits of a local branch office server while avoiding issues typically associated with branch office server solutions such as connectivity limitation and management overhead. Improved Identity and Access Management - Windows Server 2003 R2 includes Active Directory Federation Services, which is designed to help administrators address identity management challenges by making it possible for organizations to share a user’s identity information more securely across security boundaries. Windows Server 2003 R2 also provides UNIX password synchronization, which helps integrate servers running Windows and UNIX by simplifying the process of maintaining secure passwords. Reduced Storage Management Costs - Rich Web Platform - Cost Effective Server Virtualization - Seamless UNIX/Windows Interoperability.