Just after BlackHat Europe, InfoSecurity Belgium was organized in Brussels this week. Something completely different: other atmosphere, other people, business oriented. It is the place to be for Belgian people working in information security. To make a rough comparison, suits and ties are at InfoSecurity what t-shirts are at BlackHat. In parallel to regular booths, there are lot of scheduled seminars about multiple security topics. I presented a talk about… log management! Difficult exercise due to the mixed audience of managers and technical people. But a nice opportunity to perform some awareness about the need for log management solutions. Here is a copy of my slides (also available on slidshare.net):
Besides my talk, this was another good opportunity to perform some social networking activities.
I faced a strange feeling a few days ago… I received a notification from a colleague about a scheduled upgrade of the SSL VPN solution deployed by my company. As I’m a mobile user, I use this SSL VPN daily (and often more than 8 hours a day!). The upgrade covered not only the software but also the security policies in place included a “host check”.
Bundled with the classic user authentication, the goal of the “host checker” feature is to deny or restrict access to resources based on the type of terminal trying to establish the VPN session. Basically, the available checks are:
- Presence of an anti-virus and up-to-date signatures
- Presence and activation of a firewall
- Presence of a specific running process
- Presence of a specific key in the Windows registry
- Being part of a specific Microsoft domain
Practically, it means that a corporate laptop will have more access rights than a public PC running in a cyber-café.
When I tried to connect after the upgrade my access was denied: my host was not compliant with the new policy in place. My laptop is clean, properly managed but the SSL VPN definitively refused to grand me the regular access I needed. I successfully connected to my office resources by another mean and fixed my computer to match the required stuff. No big deal! But in the same time, I started to realize how it can be frustrating for regular users…
As Infosec professionals, our goal is to ensure that the business runs smoothly. Not only by properly protecting the organization assets but also the access to them. It’s the “A” of Availability from the CIA triad – “Confidentiality Integrity and Availability“). Too often, InfoSec Pro forgot the impact of new security measures against the regular users. Guys, even if users are “dumb” and do things which can have a severe impact on our business, from time to time come down off your pedestral!
Try to switch your brain from kernel mode to userland mode and imagine the consequences in case of changes. It’s extremely difficult and, honestly, I’m certainly not the best to try this exercise but it may be constructive from time to time. Don’t misunderstand me, I never said that all security controls must be disabled! But, at least be prepared to face end-users questions and remarks!
This week is a real security marathon. I was in London yesterday but came back to Belgium too late to attend the ISSA Belgian Chapter meeting. The invited speaker was a great one: Chris Hoff. According to friends, it was great! Today was also the first day of the InfoSecurity.be event. This is the main security oriented organization (on a commercial point of view) in Belgium. Too much commercial in my opinion but, the security landscape being small in Belgium, it’s THE place to meet everybody, to have great discussions and to have some drinks.
The 2010 edition saw an cool initiative from (ISC)2: they organized a Professional Development Cafe where CISSP’s could meet other CISSP’s but also people interested into the certification process or a career in the security field. The organizer announced a huge number of registrations but a lowest number of people attended. Less people but quite interesting point of view. It’s always nice to ear feedback from “colleagues”. Several topics were covered: audit, risks assessment, BCP, pentesting, legal, etc.
In the evening, I attended another event organized by the ISACA Belgian Chapter, they also invited a great speaker: Dr Eugene Schultz. He’s a security expert, wrote several books and papers, held several critical positions. This is the typical guy who will be able to keep the word for an unlimited amount of time once a discussion started. The event was original: no slides, no media support, just an open discussion with him, a big “questions & answers” session. Eugene covered several topics like the role of the CISO inside the organizations, mobile security, the coming threats, cloud security and so many topic. It was a great talk.
Now back to home, I still need to process my backlog of RSS feeds, e-mails and tweets, to sleep a few hours and let’s go for the second day at InfoSecurity. I’ll try to attend some conference and make a tour of the exhibitors. The first day looked promising: a lot of visitors and interesting questions. It looks that the crisis did not affect too much the security area and companies still have big projects to be launched.