Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
One Man Shop: Building an Effective Security Program All By Yourself - Medic
- Integrate with environment
- Continuous monitoring
- People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
- Compliance, per usual, means dick in the final analysis
- Roughly five year plan w/ deliverables
- Needs organizational supprt. Still answers to the Business.
- Supports, !replaces Business
- Security will not mature past …
Following battlefield tales that Hezbollah had compromised the IDF communications network during operations in Lebanon last year, defense contractors have developed Meshnet, a hardware and software firewall appliance to protect the data networks of battlefield equipment, on the chance that someone would figure out how to infect them with malicious agents of some sort in the near future. Meshnet is supposedly based upon the Sidewinder Security Appliance from Secure Computing, but includes specialized hardware that deals with the network protocols and connection gear used in the control systems of tanks, armored personnel carriers, or what have you along with anti-spyware …