I’m back from the second edition of the Belnet Security Conference organized today in Brussels. Belnet is the “Belgian National Research Network“. In other words, this is the federal organization which connects universities, governments infrastructures, schools to the Internet using high-speed pipes. Since the beginning of 2010, they also extended their internal CERT (operational since 2004!) and became the official Belgian CERT. It is now open to everyone.
I had an interesting conversation with Pierre Bruyère, the Belnet Director, who explained the reasons why the conference was created last year. Based on their customers feedback, an important need for “security awareness” has emerged. They organized a conference from scratch to address this problem. It was a success and they decided to continue with a second edition.
The day was perfectly organized and approximately 120 people attended. Even if the conference was “made by Belnet and for Belnet customers”, it is open to everybody at a light price. Honestly, it deserves to be recognized and to have more visibility!
The following topics were covered:
- A review of the newly started CERT.be. The first phase is now over and the classic services provided by a CERT are already available. But, they lack of time and team-members. A big expansions is foreseen for 2012.
- Alain Huet from Fedict gave an introduction to a simple (but effective) risk management framework. It is called: “QuickWin”. More information is available here.
- More feedback about DNSSEC, its implementation and potential issues were provided by Tim Verhoeven from dns.be. Good news, dns.be should be ready to provide DNSSEC this year.
- Jérôme Devigne from CERT.be presented (or remembered) interesting facts about the vulnerability scanners. How to use them in an efficient was, how to interpret the results and add more value to them. Interesting: Belnet developed this service for its customers.
- The FCCU (“Federal Computer Crime Unit”) was also invited and presented their toolbox used to perform malware analysis. Some tools are coming from the open source world and other have been developed internally. One of them is able to scan a computer for infected files using multiple anti-virus solutions (like virustotal.com) but everything is automated and results are stored in a backend database to perform further reporting and analyze. Good job!
- Naïm Qachri from the ULB reviewed the current Wireless communication protocols available today (Wi-Fi, Bluetooth, Wimax, RFid, etc…), their associated problems (regarding security) and beyond.
- Finally, the last presentation was based on the legal aspect of the Wi-Fi sharing: what are the constraints and opportunities (presented by a layer, Romain Robert). If you are looking for legal information about wireless networks, have a look at the website of the ALAWN project website (“Authentication and Legal Access in WiFi Networks“).
The conference was a different one for me. The paper I submitted was approved during the CFP and I was invited as a speaker. I talked about “Events Management or How To Survive Security Incidents“. I was a bit stressed but received positive feedback from some guys! If you’re interested, have a look at my slides.
I had very interesting conversations with the CERT.be team and some Belnet customers (mainly from Universities). I recommend you keep an eye on the next edition in 2011. Personally, I’ll be there! And, again, thanks to the Belnet staff for the invitation.