Security Camp 2006
This year's summer MIT Security Camp will be held on Tuesday, August 15 and Wednesday, August 16 in the Bartos Theater at MIT's Media Lab (E15).
Every year we all gather under the same roof to talk about security. We all connect to the same unsecured wireless access point and for the next few hours we talk about security in higher education. With the recent wireless exploits released such as Karma and the new research into hardware and firmware fuzzing, increasing security on our own systems has become necessary even at our own conferences.
I aim to give a multi-platform (Windows, Mac OSX, Linux) presentation on paranoid security for the security professional, specifically our laptops and desktops. Showcasing the latest and greatest free (mostly open-source) privacy and security tools for each platform. From secure instant messaging, ssh tunneling, Tor and tons more. I will also address best practices for personal security that many people don't think about but are very important. All of this targeted to the higher education security professional. As security engineers we are always busy securing others, but ask yourself this question: How secure are you?
Now, more than ever, wireless networks are going to require security. With everything from cell phones to entire states implementing wireless, it is most certainly ubiquitous. Learn how attackers are bypassing both the traditional methods of wireless security and getting around the protections in even the most secure wireless installations. (Complete with interactive demonstrations). Finally, you will learn how to protect yourself and your wireless network against these techniques.
Network security is a challenge in the large research university. The decentralized management structure and wide array of support models presents a "no size fits all" type of environment. The basic design philosophy of the Columbia Model is that a security system that can protect the rest of the world from Columbia University will also protect Columbia from the rest of the world. There is a chance that we may have some control over the attackers (machines on our campus). This is important because a machine on campus that attacks an outside machine is just as likely to be used to attack an inside machine. The talk will expand on the synthesis of the Columbia model and the software that was developed to make it work.
While defense-in-depth is widely understood as the goal, it's the tension between strategies at the network edge and strategies at the desktop that seem to dominate the security discussion. Can there be a Middle Way, that allows effective centralized controls and locally-appropriate openness?
Could we increase overall security while gaining flexibility and granularity of control at the host? Can we effectively harden systems against Zero-Day attacks? How might the work of incident response be different in such a situation?
Earlier this year, Zanshin completed a Defense-in-Depth research project for Dan Geer, Chief Scientist at Verdasys, Inc. The goal was to devise a configuration for their Digital Guardian product that could protect against Zero-Day attacks. The project yielded some interesting results, and suggests interesting applications for this technology in incident response and management.
MIT wants to improve its sensitive data protections by recommending disk encryption solutions for laptops and other computers. We have started by evaluating the encryption tools built into the standard operating systems (namely FileVault and Encrypted File System). Learn how this evaluation is going, including the pitfalls and advantages we have discovered and how we are using a Wiki for collecting feedback.
What do the DoD and the EFF have in common? They have both funded the development of Tor (tor.eff.org), a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 700 volunteer servers carry traffic for a few hundred thousand users including individuals, companies, and governments.
I'll give an overview of the Tor architecture, and talk about what security it provides and how user applications interface to it. Then we can discuss advantages and drawbacks of Tor in an educational environment, including contrasting the experiences people have had running Tor servers on various campuses -- MIT, Harvard, Georgia Tech, CMU, Berkeley, Michigan Tech, Rice, Toronto, UNC, UCLA, Rose-Hulman, Dartmouth, ...
FBI Invited Speaker
CALEA: The Communications Assistance to Law Enforcement Act was passed in 1994. It requires "Telecommunications Carriers" to provide a standardized interface for the use of Law Enforcement to engage in legally authorized communications interception. Recently the FCC has issued rulings to expand the CALEA requirements to cover "Facilities Based Broadband Providers."
This has caused concern and consternation in the ranks of Higher Education. Are we now required to implement CALEA, or not. This talk, by a non-lawyer, will discuss the motivation and issued around CALEA and take a stab at that great question: "What me Worry?"
Started | Getting
Services | Getting
Help | About
IS&T | Accessibility
Ask a technology question or send a comment about this web page.