Level: Technical
Abstract:
This talk will be in the first part about some of the attributes around HTTP/2, TLS 1.3 and QUIC. The talk will start with HTTP/2, where I want to outline how HTTP/2 is working and what attributes HTTP/2 is bringing to make the web faster and more secure.
The second part will give a quick introduction to TLS 1.3 and the impact of TLS encryption, especially around the fact that the handshake of TLS 1.3 is now encrypting more information than with previous versions.
The third part will talk about QUIC, how it is used today and what the attributes of QUIC are.
After each section we will do a quick sanity check on how a security gateway would potentially deal with the encrypted traffic. This talk will be vendor neutral as most security gateways deal with those protocols in the same way.
Bio:
Tobias Mayer joined Cisco in 1999 where he started to focus on network security. He is currently working as a Technical Solution Architect in the EMEAR Security Consulting Team, specialized on content security. Beside content security, he has a very special eye on IPv6 and new protocols like HTTP/2, QUIC and TLS. He likes cats and boats.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on The network security impact of encrypted protocols (Tobias Mayer)
Level: Technical
Abstract:
Hospitals can be attractive places for hackers. With access to critical medical records and personally identifiable information, there is great opportunity to exploit patients. Health care workers are very busy and, more often than not, there is not a lot of interest in computer security. Privacy and the protection of computer records sometimes gets put on the back burner, and caring for the devices used in hospitals is an after-thought, meaning that computers and other devices are not updated in a timely manner and are prone to vulnerabilities.
I see vulnerabilities on all levels and in all roles and locations in the hospital – in software, devices, and with humans. The consequences of bad security and bad privacy are huge and can cause harm both to the patient and to employees.
Criminal behaviour can go unnoticed for long periods. Without proper security controls patient records can be manipulated. You can imagine the consequences; they can happen.
Security needs to be built from the ground up so that employees understand the risks at all levels and can do all they can to protect the patient. We must build awareness programmes and develop processes and procedures that are possible to follow, thereby creating a higher level of security to ensure that our patients are not in danger.
This presentation will expose the risks and vulnerabilities in hospitals and aims to start driving the discussion and generation of ideas for procedures to avoid the dangerous pitfalls that put lives in peril. My goal is to ensure that we create a safe and secure environment for our patients and employees.
Bio:
Jelena Milosevic – A pediatrician and ICU nurse with a lot of experience, working at many different hospitals in the Netherlands. Over the past 3 years active in the infosec community and applying the knowledge of infosec into the healthcare world to improve the security of the environment for patients and the medical staff. A member of the I Am The Cavalry group and a part of the network of Women in Cyber.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on The consequences of bad security and privacy in health care (Jelena Milosevic)
Level: Advanced Subject Matter
Abstract:
I’m working on experimental project called Reggae: https://github.com/cbsd/reggae. Once stable enough, most of it will be merged in CBSD, so this is a peek into the future of CBSD as more than just jail/bhyve/xen manager in production and test labs. What we already use it for is daily development with the little help of Reggae: https://meka.rs/blog/2017/11/20/cbsd-reggae/. What I’m currently working on is adding a testing feature to Reggae, which means jails have to be secured. Besides jail options, there are other technologies to restrict or grant access to processes. With the VNET coming in FreeBSD 12, there will be new ways of dealing with processes and network filtering.
In short, I’ll present what are CBSD, jails and bhyve able to achieve now, and what are CBSD plans for the future, with an overview of what new is coming to FreeBSD that caught our eye (hint: VNET and Ceph).
Bio:
Goran Mekić (@meka_floss)
FreeBSD and Linux sys admin for 11 years and huge automation addict. For the past few years I’ve been trying to run FreeBSD on all machines I can lay my hands on, running anything from hosting software to art. In my “replace by FreeBSD” endeavor I came up with which make that task easier.
As a hacker, WEB developer, sys admin, video/audio producer and novice embedded and kernel C developer, I have huge demands when it comes to operating systems: real-time for audio recording/production, availability of software, stability and decent storage solution, support for audio/video hardware, etc. For now, only FreeBSD can cope with such diverse tasks in a way that mature software should, so I tend to talk about (from my perspective) the only true general purpose operating system whenever I can.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]
Posted in talks | Comments Off on Modern and secure DevOps on FreeBSD (Goran Mekić)