Die bekannten Security-Profis werden
an zwei Kongresstagen die aktuellen Probleme der IT-Sicherheit diskutieren
und Einblick in Strategien und Sicherheitskonzepte geben.
10 Ways to waste your money – Stefan Strobel
Es gibt viele Möglichkeiten, die IT-Sicherheit in der eigenen
Organisation zu verbessern. Es gibt aber auch viele Möglichkeiten,
Geld für Sicherheitsprodukte oder Dienstleistungen auszugeben,
deren Kosten so gut wie nie in einem sinnvollen Verhältnis zum
Nutzen stehen. Dieser Vortrag greift einige der am häufigsten
anzutreffenden Fehlinvestitionen heraus und zeigt Hintergründe,
warum sie dennoch empfohlen werden und warum sie in der Realität
keine relevante Verbesserung bringen.
A Quantum Leap for Cryptography - Gregoire Ribordy
Quantum cryptography is a new technology that puts quantum physics
to work to secure optical networks. Information is sent on the
form of single-photon pulses. Intercepting these pulses inevitably
translates into perturbations, which reveal eavesdropping. The
first quantum cryptography systems have been put on the market
recently. They can be used to secure communications between sites
in a metropolitan area network and the first commercial applications
have been presented recently.
Advanced Exploiting - Tobias Klein
Dieser Vortrag beschäftigt sich mit der Beschreibung und Demonstration
einiger innovativer
Techniken, mit deren Hilfe moderne Schutzmechanismen (Stateful Firewalling,
Protocol/Content
Inspection, dedizierte Malicious Code Filter etc.) sowie Forensics
erfolgreich umgangen werden
können.
Changes in the security scanning industry, Renaud Deraison
In his talk, Renaud Deraison will cover the changes
that occured in the security scanning industry
over the last
few years: distributed scanning, fingerprinting, passive scanning,
etc... He will also cover how the users have changed over the
years and how their expectations regarding the scanners have
changed over the time. Finally, Renaud will also present the new
features of the version 2.2 of the free Nessus Security Scanners.
Cyber Terrorism – What
they can really do and what they really cannot do - Fred Cohen
This presentation will address the hyperbole surrounding cyber terrorism
and take a realistic look at what terrorists can and have done involving
information technology and what they likely can and cannot do given
their capabilities and intents. Based on studies performed over periods
of years looking at open source intelligence, cases of use and exploitation
of information technology by terrorists, and reviews of many systems
that comprise parts of critical infrastructures and enterprises,
this talk will focus in on the realities of what to expect and what
to do about it.
The
Dynamics of Diversity in Computer Security – Marcus
Ranum
Late in 2003, a group of security experts identified Microsoft's
operating system dominance as a threat to the security of nations.
If all systems are running a common platform, they reasoned, vast
damage could be caused by common attacks - much in the same way that
a crop or animal with no genetic diversity can be quickly wiped out
by the arrival of a new predator or blight. The 'Microsoft Monoculture'
whitepaper had a profound impact on IT practitioners, and spurred
a great deal of debate within the community.
The question remains, however, 'if this is a problem, why has it failed to manifest
itself yet?' Perhaps the truth is more complex than the simple 'Monoculture'
analogy would lead us to believe! In this presentation, we will explore
the problem from several sides, and will try to understand the sometimes contradictory
pressures that govern massively complex mission-critical systems like the Internet.
Are we really ripe for disaster? How can we find out?"
Future Directions in User Authentication -
Burt Kaliski
The maturing of a number of information technologies --- mobile
communications, biometrics, knowledge-based authentication and
RFID ---
offers an array of mechanisms for authenticating humans to computer
systems
over the coming decade. In this talk, we'll review some promising
approaches, highlight the challenges in implementing them successfully,
and
explore how they might fit together in a day in the life of a prototypical
future user.
Live Digital Forensic Analysis -
Brian Carrier
When a system
is suspected of being compromised, a response team performs basic
analysis on it to verify an incident occurred. This
analysis must balance the needs to place little trust in the system,
to minimize the impact on the system, and to obtain accurate information
from the system. In this talk, we will examine techniques
that can be used to verify that a system has been compromised and
we will examine the risks associated with analyzing a live system.
Stalking the Wily Hacker - Clifford
Stoll
Someone breaks into your computer. What do you do? Slam
the door? Call the police? Ignore the problem? For a year, a German
computer programmer broke into my system, along with over forty other
computers around the world. By silently tracking him back, I discovered
that he was spy, selling software and military data to the Soviet
KGB. A couple of years ago, he was convicted of espionage. What techniques
did he use to crack into computers? Where are the holes in our systems?
How do you trace someone across the worldwide computer networks?
Who was willing to help -- and who wasn't? Come hear Stalking the
Wily Hacker and find out. A fun time is guaranteed for all.
Über
das Denken von Menschen, insbesondere von Informatikern, Prof.
Dr. Gunter Dueck
Philosophisch-Satirisches über Management und Techies
Am täglichen Arbeitsplatz kommen oft Frust und Ärger
auf. Controller kämpfen mit dem Spieltrieb von Programmierern,
Prozess-getriebene Manager mit Vertriebsleuten, die Aufträge
jagen. Jeder gegen jeden, alle fühlen sich unverstanden. Exemplarisch
finden wir die Wechselfälle des Alltags in den Dilbert-Cartoons
von Scott Adams wieder. Im Vortrag wird diesen Schwierigkeiten
auf den Grund gegangen. Mit Sicherheit kommt auch die Sicherheit
darin vor. Denn die Philosophie weiß seit eh und je: „Nur
der Sichere ist sich sicher, nicht sicher zu sein.“
Der Vortrag beleuchtet Thesen des „Wild Duck“ - Autors
aus seiner Lebenssinn-Trilogie ("Omnisophie", „Supramanie“, „Topothesie“),
deren Kritiker zwischen "gedruckte Provokation" und "Lichterketten
aufgegangen" schwanken. GI-Mitglieder kennen seine ständige
Kolumne „Beta-Inside“ aus dem Informatik-Spektrum.
Windows
Server 2003 Security - Dr. Eugene Schultz
Windows
Server 2003 is Microsoft's newest operating system. Developed in
accordance with Microsoft's Trusted Security Initiative (TCI), Microsoft
announced that this operating system was the most secure one ever
when it was first released. Skeptics have questioned
Microsoft's claim, however, and have downplayed the TCI as little
more than a publicity stunt. This presentation will address
these issues with a special focus on the security features built
into Windows Server 2003 and how they can be enabled or configured,
as well as the nature and severity of security-related vulnerabilities
that have been identified so far.
Weitere Informationen zu den Vorträgen
erfolgen nach Freigabe durch die Referenten.
nach oben
|
