IT-Defense 2019Round Tables

Round Tables

When it comes to a specialist conference, it is not only the lecturers' quality that matters but it is also important to exchange experiences with other participants who are in similar positions  and deal with similar issues. IT-Defense offers a clear framework to discuss security issues and topics with other participating security experts. 

Participants can discuss their own problems and other profound issues in small groups. For this purpose, IT-Defense lecturers serve as moderators; however, it is also possible to form individual groups on specific subjects.

Simultaneous round-table discussions will be available on Friday, February 8, 2019.

„Law for Dummies” – IT Security Act, GDPR, Telecommunications Act and many more – a small excursion into the cyber world of jurists – Volker Kozok

This round table discusses the following questions:

  • What are my experiences with inspections by supervisory authorities?
  • How do I handle reporting obligations?
  • How can I use my SIEM solution for data protection?
  • What are the responsibilities of the CISO/CIO?
  • How does “privacy by design” work?
  • How can I explain IT (and IT-Defense) to a jurist?
  • What do I have to observe for the evaluation of social media?
  • What’s new about Ross Ulbricht?

Computer Security Metrics – Marcus Ranum – Marcus Ranum

Security practitioners often complain that management does not understand what they do. Usually, that's at least partly a result of security practitioners not being very good at tying "what we do" to 
"what the business does" and explaining the effects of changes in the business. In this presentation, we will outline how to produce and present metrics.

DNS Security – Carsten Strotmann

DNS (Domain Name System) is one of the very fundamental protocols of the Internet. Almost no application will work without DNS name resolution. But the classic DNS protocol is frighteningly insecure: no authentication, no integrity checks, data sent in clear text and easy to spoof. Existing security extensions, such as DNSSEC, spread very slowly.

The Internet Engineering Task Force (IETF) is now, after many years of stagnation, working full force to upgrade this veteran protocol: transport security using TLS, HTTPS or QUIC, mitigation of denial-of-service attacks using DNSSEC/NSEC(3) and DNS cookies, automation of DNSSEC key management, and reducing DNS metadata leakage with QNAME minimization.

But not everyone is happy with the changes: developers of DNS software fear the rise of complexity as well as bug-filled and bloated software. Administrators lose control over DNS as a security tool, because DNS data will be encrypted. Privacy advocates fear DNS data leaks to large DNS resolver operators in the Internet.

This round table will discuss new security-related developments regarding the DNS protocol, their limits and issues. In the discussion you will learn how to deploy some of the new extensions with minimal additional risks for your own network, and without hitting known stumbling blocks along the way.

Educate - Empower - Enforce changing your employees to assets instead of liabilities! – Jayson E. Street

In this round table we will discuss together ways to educate users also ways to empower them to be invested into your security as well as ways to enforce your security polices in a way that builds up your workforce not tear them down. We will talk about how to do OSINT within parameters of GDPR. We will also talk about working within German privacy laws while educating users and enforcing policies.

Tor: Internet privacy in the age of big surveillance - Roger Dingledine

In this round table session you can ask questions and learn things in more details around Tor from president and co-founder of the Tor Project Roger Dingledine.
 

Vulnerabilities of industrial control systems demonstrated on the example of a high-bay warehouse – Stefan Strobel & Martin Hartmann

The past few years have repeatedly witnessed new vulnerabilities in industrial control systems. Based on common SIMATIC S7 controllers, this presentation explains the programming and communication of these devices, some exemplary security flaws, as well as how they can be exploited by an attacker. Using the model of a high-bay warehouse with the latest 300 and 1200 series S7 controllers, we are going to clearly demonstrate several attacks live.