Ohio Information Security Forum
Agenda




Agenda for February 9th, 2012

6:00pm:

Food Served

Introduction

A brief overview of the Ohio Information Security Forum

Presentation 1: Making Claims
Bill Sempf

Escalation of privilege is based on a model of security that is driven by roles and groups for a given application. I am in the Administrator role, the Accounting group contains your username. What if instead you carried a token with a verifiable set of claims about your identity? One that is encrypted, requires no round trip to an authorization server, and can be coded against in a native API? Would that bring more security to our government and medical applications? Or is it just as full of holes as everything else? Join Bill in checking out Claims Based Security via Windows Identity Foundation and OpenId, and see if it fixes problems or is the problem.

Bill Sempf is a software architect. His breadth of experience includes business and technical analysis, software design, development, testing, server management and maintenance, and security. In his 17 years of professional experience he has participated in the creation of well over 200 applications for large and small companies, managed the software infrastructure of two Internet service providers, coded complex software happily in every environment imaginable, and made mainframes talk to cell phones.

He is the author of C# 2010 All in One for Dummies; a coauthor of Effective Visual Studio.NET and many other books, a frequent contributor to industry magazines; and has recently been an invited speaker for the ACM and IEEE, CodeMash, DerbyCon, BSides, DevEssentials, the International XML Web Services Expo and the Association of Information Technology Professionals.

Presentation 2: HoneyPoint Security Server Demonstration
Phil Grimes

Abstract: In this session, see HPSS in action! Walk through installation, configuration & use of this innovative honeypot solution. We will talk about harnessing the power to emulate services within an environment, the view the tool provides us into the attacker culture, and the endless possibilities that come with our ability to interact with the data. Learn how to use the concept of 'Fake Stuff' as a highly customizable, granular, and effective means to supplement your current defense mechanisms. With HoneyPoint Security Server, attackers get stung before you do.

Phil Grimes is a Security Analyst for MicroSolved, Inc- a leading provider of application security assessments and penetration testing. Since 1992, they have been providing security services to organizations ranging from small businesses, financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations.

Mr. Grimes started learning networking and Internet security as a hobby from AOL in 1996, developing his technical skill set independently until joining the MicroSolved Team in 2009. Phil’s experience in application security, penetration testing, mobile/SmartPhone security, and social engineering have proven successvul in assessments for high profile customers both domestically and around the globe. An accomplished speaker and presenter, catch Phil engage on various topics for MSI’s “State of the Threat” webinars, CUISPA conferences, and at the Central Ohio ISSA InfoSec Summit in addition to various other speaking appearances to a wide range of audiences.