ITSS Home IT Security Events SUMIT_08 Symposium SUMIT_08 Agenda

SUMIT_08 Survey Results: A Success!

More than seventy SUMIT attendees responded to the online SUMIT survey in the week following the SUMIT_08 symposium. Several changes took place this year in the organization of SUMIT_08, and the results of the survey show that these changes were positive: 70 percent of those who responded to the survey reported that the overall conference was either 'very good' or 'excellent.'

• To coincide with National Cyber Security Awareness Month, SUMIT_08 was held again in October (rather than in August as in years prior); this timing was approved by 73 percent of respondents.
  
  
• Also for the first time, SUMIT was held at Angell Hall in order to allow space for laptops and for participants to bring in coffee. Seventy-seven percent reported that Angell Hall was a 'very good' or 'excellent' venue, although more directional signage was requested.
  
  
• In years prior, SUMIT has been organized as a full-day event; however, this year was a half-day event. About two-thirds of respondents preferred the half-day length, while the other third preferred the full-day. Including a break was mentioned multiple times.
  
  
• The SUMIT attendee's satisfaction with this year's lecturers is what made SUMIT a true success: One respondent stated, "SUMIT continues to be one of the finest local security symposia. I have attended every year and the quality of the speakers improves every year." From another: "Thank you for bringing great security speakers to U-M!"
  
  

Thank you to everyone who provided feedback. We will use these survey results to continue to deliver top-quality events, and we look forward to seeing you at future events.

If you were unable to attend this year's SUMIT symposium, slides and audio materials are available below as well as here.

Presentation Abstracts & Presenter Information

• Anton Kapela
• Keith Mitchell
• Raffael Marty
• Simple Nomad

Anton Kapela
Co-owner and Partner, 5Nines Data

TOPIC: Stealing the Internet: An Internet-Scale, Routed Man-In-The-Middle Attack

• Presenation Audio with Slides
• Anton Kapela's presentation slides came from an edited verion of the following two PowerPoint files:
• kapela-umich-edited-defcon.ppt
• kapela-umich-summit-final.ppt

"Stealing the Internet" will describe a method where an attacker exploits trust relationships in the BGP routing system to facilitate transparent interception of IP packets. The method will be shown to function at a scale previously thought by many as unavailable to anyone outside of intelligence agencies and carrier networks. The talk highlights a new twist in sub-prefix hijacking that I demonstrated at Defcon 16: using intrinsic BGP logic to hijack network traffic and simultaneously create a 'bgp shunt' -- a "feasible path" -- towards the target network. Results of a recent inter-provider filtering practices survey will be presented as further rationale for stronger route filtering and increased routing security research.Those interested in observing the attack in action and the original demonstration are encouraged to view the video of the presentation, posted at www.defcon.org.

Anton is actively involved in the Internet operations and research community and has been a frequent presenter at the North American Network Operators Group meetings on a variety of topics. He's also a co-owner and partner at Five Nines Data, a local Madison Datacenter and IT solutions company. At 5nines he is responsible for the architecture and implementation of network services and datacenter facilities. When Anton isn't working, he spends time in rehearsal and recording studios playing drums and bass guitar, and dabbles with photography and broadcast video technology.

Keith Mitchell
Director of Engineering, Internet Systems Consortium (ISC)

TOPIC: Case Study: Responding to the Latest DNS Threats

Presenation Audio with Slides
Presentation slides (PDF)

The Internet's Domain Name System (DNS) is increasingly implicated as a target and in perpetration of network abuse. Some attacks exploit vulnerabilities in the DNS protocol itself, and in August, Dan Kaminsky announced CERT VU#800113, which significantly increased the ease with which "cache poisoning" attacks may be perpetrated. Work done by ISC in coordination with other DNS vendors and operators enacted a best-practice controlled-disclosure response to this major threat. This presentation recounts the story so far, and summarizes recent results from OARC and SIE researchers measuring the extent of the problem and mitigation deployment. Various DNS future-proofing techniques against this threat are outlined, but the case is presented that DNSSEC is the only technology which can comprehensively prevent this and other abuses.

BIO:
Keith Mitchell was first involved with what is now known as the Internet 20 years ago, as a postgraduate at University College London. Between 1986 and 1991, while working for Edinburgh-based Spider Systems, Keith was a representative on the board of the UK Internet Consortium. In early 1992, he became one of the founders of the UK's first commercial Internet provider, PIPEX.  From May 1996 until September 2000, Keith served in the full-time role of Executive Chairman of (LINX), the London Internet Exchange. He has served as a non-executive Director of Nominet UK, and as Chairman of the RIPE NCC Executive Board (1997-99).  In September 2000, Keith became a founder investor and served until 2004 as Chief Technical Officer of XchangePoint, a pan-European commercial provider of Internet interconnect and peering services.  Between 2004 and 2006 Keith was Technical Director of the UK Internet Forum, where he setup the UK Network Operators' Forum of which he is now chair.  In 2006 Keith moved to the USA, and has become Programme Manager of the Operations, Analysis and Research Center (OARC).

In 2008, Keith was appointed as Director of Engineering at the Internet Systems Consortium (ISC).

Raffael Marty
Chief Security Strategist and Director of Application Product Management, Splunk

TOPIC: IT Data Visualization

Presenation Audio with Slides
Presentation slides (PDF)

The crime landscape is shifting. Crimes are moving up the network stack. Network-based attacks are a topic of the past. The attacks today are executed on the application layer: Web 2.0 and instant messenger attacks are more and more common. Crimes are committed inside of applications: fraud, sabotage, abuse, information leaks, and crime ware are big problems for organizations. Crime has shifted. Have you? Are you prepared to deal with these new developments? Are you still relying on your network-based intrusion detection or prevention systems? Are you aware of what is happening inside of your applications? In addition to monitoring your networks, you have to make sure you are also taking an in-depth look at your applications. Due to the vast amount of log data that needs to be analyzed, novel methods are needed to conduct the analysis. Visualization of data has proven to be the approach generating the best return on investment when it comes to complex data analysis problems. This talk shows how security analysts can catch up with the changing crime landscape by utilizing novel technologies and analysis methods. The audience will learn to make use of new technologies and paradigms to deal with the changing threats.

BIO:
As chief security strategist and director of application product management, Raffy is customer advocate and guardian - expert on all things security and log analysis at Splunk. Starting with IBM Research and Price Waterhouse Coopers Consulting, then ArcSight and Splunk, Raffy has been in the log management and analysis world for many years. He has built numerous log analysis systems and implemented use-cases for hundreds of customers that deal with log management challenges on a daily basis. Currently he uses his skills in data visualization, log management, intrusion detection, and compliance to solve problems and create solutions for Splunk customers. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization. His passion for visualization is evident in the many presentations he gives at conferences around the world and his book: "Applied Security Visualization." In addition, Raffy is the author of AfterGlow, founder of the security visualization portal http://secviz.org, and contributing author to a number of books on security and visualization.

Simple Nomad
Founder, Nomad Mobile Research Center (NMRC)

TOPIC: Computer Security Myths and Mistakes

Presenation Audio with Slides
Presentation slides (PPT)

Between security consultants, trade magazines, security mailing lists, software and hardware vendors, and yes even speakers at a conference, it is difficult to know for sure who to trust and where to place issues on the priority list. Everyone has either something to sell or something to gain by having you follow their opinion. While in many cases the hard sell of product or service "A" to prevent security disaster "B" is viable, but is it really that important to your organization right now? Not only will some common myths and mistakes be discussed, but reasons pro and con for each will be discussed. Go to your next vendor pitch or consultant meeting armed and ready to shoot some holes in a few industry myths. Warning: this will be a technical discussion, as the myths will often get shot down via technical means. Questions *heavily* encouraged.

BIO:
Mark "Simple Nomad" Loveless has been compromising security systems since the 80s, and has worked as an IT Systems Administrator in the Fortune 500, a security researcher for security software and hardware vendors, and as a consultant performing security audits and penetration tests. He has written tools, white papers, and advisories regarding security and privacy, and has been interviewed by television, print, and online media. He also enjoys virtually any drink with Vodka in it, and believes space aliens are stealing his luggage.