Randy Romes, Brian Johnson, Chris Knight,

LarsonAllen

$149.00
Session sponsored by the Upper Midwest Security Association (UMSA)

Organizations spend a tremendous amount of effort and resources to secure their perimeter connections to the Internet. In spite of this effort, hackers still find ways to compromise sensitive data.  The SANS 2009 Top Cyber Security Risks report identifies "client side" software vulnerabilites and "Internet facing web site" vulnerabilies as the top two issues organizations face.  This session will look at some common ways that hackers  take advantage of these situations to breach organizations defenses, whether it is the systems that are Internet accessible (Outside - In attacks), or via systems that reach out to access the Internet (Inside - Out attacks).    The session has been updated from previous years with new tools and discussion of recent vulnerability trends.

This is a hands-on session. Participants will be provided with a "hacker" laptop and software tools.  We will demonstrate tools and techniques to identify risks and vulnerabilities, and the participants will try their hand at each set of tools against live systems. The session will conclude with a capture the flag activity designed to reinforce the concepts and provide an opportunity for participants to practice the tools.

Learning Objectives - At the end of this session you will be able to:

• Recognize and understand common hacker attack methods and privilege escalation scenarios
• Effectively use the tools demonstrated during the course to identify vulnerable systems
• Develop audit and hardening procedures to perform on a periodic basis as part of their normal implementation and administration processes

Key Concepts:

• Defense in depth
• Web application vulnerabilities
• Inside-out attack methods
• Default open systems
• Administrative completeness
• Auditing as a continuous improvement mechanism