 
|
Security Camp 2006
This year's summer MIT Security Camp will be held on Tuesday, August 15 and Wednesday, August 16 in the Bartos Theater at MIT's Media Lab (E15).
Dates: Tuesday, August 15, 9 AM - 5 PM, Wednesday, August 16, 9 AM - noon
Location: Bartos Theater, MIT Media Laboratory (Building E15)
For more information about MIT Security Camp, please contact Jeff Schiller or Jag Patel.
PRESENTATIONS
Wireless Network Security
Paul Asadoorian <Paul_Asadoorian at NOSPAM brown.edu>
Now, more than ever, wireless networks are going to require security. With everything from cell phones to entire states implementing wireless, it is most certainly ubiquitous. Learn how attackers are bypassing both the traditional methods of wireless security and getting around the protections in even the most secure wireless installations. (Complete with interactive demonstrations). Finally, you will learn how to protect yourself and your wireless network against these techniques.
Network security is a challenge in the large research university. The decentralized management structure and wide array of support models presents a "no size fits all" type of environment. The basic design philosophy of the Columbia Model is that a security system that can protect the rest of the world from Columbia University will also protect Columbia from the rest of the world. There is a chance that we may have some control over the attackers (machines on our campus). This is important because a machine on campus that attacks an outside machine is just as likely to be used to attack an inside machine. The talk will expand on the synthesis of the Columbia model and the software that was developed to make it work.
While defense-in-depth is widely understood as the goal, it's the tension between strategies at the network edge and strategies at the desktop that seem to dominate the security discussion. Can there be a Middle Way, that allows effective centralized controls and locally-appropriate openness?
Could we increase overall security while gaining flexibility and granularity of control at the host? Can we effectively harden systems against Zero-Day attacks? How might the work of incident response be different in such a situation?
Earlier this year, Zanshin completed a Defense-in-Depth research project for Dan Geer, Chief Scientist at Verdasys, Inc. The goal was to devise a configuration for their Digital Guardian product that could protect against Zero-Day attacks. The project yielded some interesting results, and suggests interesting applications for this technology in incident response and management.
Evaluating Hard Disk Encryption in an academic environment
Jonathan Hunt <jmhunt at NOSPAM MIT.EDU>
MIT wants to improve its sensitive data protections by recommending disk encryption solutions for laptops and other computers. We have started by evaluating the encryption tools built into the standard operating systems (namely FileVault and Encrypted File System). Learn how this evaluation is going, including the pitfalls and advantages we have discovered and how we are using a Wiki for collecting feedback.
Tor: An anonymous Internet communication system
Roger Dingledine <arma at NOSPAM MIT.EDU>
What do the DoD and the EFF have in common? They have both funded the development of Tor (tor.eff.org), a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 700 volunteer servers carry traffic for a few hundred thousand users including individuals, companies, and governments.
I'll give an overview of the Tor architecture, and talk about what security it provides and how user applications interface to it. Then we can discuss advantages and drawbacks of Tor in an educational environment, including contrasting the experiences people have had running Tor servers on various campuses -- MIT, Harvard, Georgia Tech, CMU, Berkeley, Michigan Tech, Rice, Toronto, UNC, UCLA, Rose-Hulman, Dartmouth, ...
FBI Invited Speaker
CALEA What's all the hubub about
Jeffrey I. Schiller <jis at NOSPAM MIT.EDU>
CALEA: The Communications Assistance to Law Enforcement Act was passed in 1994. It requires "Telecommunications Carriers" to provide a standardized interface for the use of Law Enforcement to engage in legally authorized communications interception. Recently the FCC has issued rulings to expand the CALEA requirements to cover "Facilities Based Broadband Providers."
This has caused concern and consternation in the ranks of Higher Education. Are we now required to implement CALEA, or not. This talk, by a non-lawyer, will discuss the motivation and issued around CALEA and take a stab at that great question: "What me Worry?"
