http://www.tomshardware.com/business/20040930/index.html By Humphrey Cheung September 30, 2004 Defcon isn't the only hacker convention for people living on the West Coast. Toorcon, a computer security conference in its sixth year, provides a viable alternative to people who want to learn more about computer security. Toorcon was held Friday September 24 to Sunday September 26 at the Manchester Grand Hyatt in sunny San Diego, California. With over 300 people in attendance, it provided a sizable yet still intimate arena to learn about the secrets of computer security. >From the informative seminars to the interesting vendor area, we will give you glimpse into what was Toorcon 2004. You may just want to attend next year. Deep Knowledge Seminars About 20 people ponied up $300 to $500 (depending on when they registered) to attend the Deep Knowledge Seminars held on the Friday night just before the main Toorcon session. These talks were 75 minutes long and were very informative. One interesting seminar, Mobile Cyber Warfare Training, given by Scott Kennedy of SAIC, talked about training IT staff against cyber attack. SAIC conducts "Red versus Blue" training, where IT staff, called the Blue Team, must defend a network against a fictional group of Hackers called the Red Team. All the hardware necessary for the exercise is kept in a small rack that is easily transportable for on-site training. Training costs around $20,000 for a group of fifteen. Red versus Blue training is important as everyday network administrators don't usually get to practice against an insanely knowledgable and determined foe. SAIC officials acting as the hacker Red Team throw everything at the hapless Blue Team. In the battle, some innovative solutions surface. What is the craziest defense that Scott Kennedy has seen? In order to stop kernel exploits, one team actually deleted the OS kernel on their Sun box, which worked very well until they needed to reboot the machine. Servers don't boot too well when the kernel is missing. We all know that website defacements happen frequently. Hackers break into a webserver and change the index.html file so that the website displays some crazy and usually profane stuff. This is very embarassing for the IT staff and for the attacked company. One administrator, in act of simple genius, copied the index.html file to another folder and then ran a cron/scheduled tasks job to overwrite the original index.html file every second. While this doesn't stop the attack, it does ensure that your original website stays up. Even if the attackers change the index.html file, the next second the offending file will be overwritten with the correct copy. Some administrators go even farther by burning the file to a CD and then having it copied to the Apache folder every second. Since the CD is read-only, the attacker cannot deface the copy on the CD. [...] _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Fri Oct 01 2004 - 04:31:59 PDT