...making Linux just a little more fun!

Away Mission - SecureWorld Expos

By Howard Dyckoff

The SecureWorld Expo series of regional conferences has become an annual event in many parts of the US. SecureWorld aims to foster communication between security professionals and technology leaders on issues of best practices, and to encourage a public/private partnership with government. These are vest-pocket security conferences, with many local speakers and a small vendor expo. They are held in multiple regions, one or two a month, organized by SecureWorldExpo.com in Portland, OR.

2009's Secure World was the fourth one held in the Bay Area. The first SecureWorld Expo was held in Seattle in 2001.

Close to 50% of conference attendees, not the expo attendees, hold a CISSP certification or a similar professional security credential.

The current list has 9 Expos in the spring and fall, and they will add another region to their calendar later this year:

The event is structured into keynotes, presentation sessions and panels, invitation-only sessions (see pricing section below), and Expo breaks with the afternoon snacks. Here are links to the agendas for 2008 and 2009:

2008: http://secureworldexpo.com/events/conference-agenda.php?id=255
2009: http://secureworldexpo.com/events/conference-agenda.php?id=269

These agendas have a good mix of topics, and some very qualified speakers. Unfortunately, presentation materials are hard to come by. The organizers at the conference say that presenters are not required to post their slides. They also do not commit to a schedule of posting materials, but say that attendees will eventually get an e-mail with the location of those materials they have. Although I could find several conference e-mail reminders from 2008, I did not find an e-mail with info on the 2008 conference slides. That was disappointing.

I actually wrote to JoAnna Cheshire, the Director of Content at Secure World Expos to get the scoop on this. She explained: "Due to our privacy policy with our speakers, we do not post any of the archived slides. If an attendee is interested in a slide presentation, we encourage them to e-mail us, and we will contact the presenter directly to obtain the slides for them. It is up to each individual presenter whether or not to provide the requested slides."

I did like the presentation this year on WiFi vulnerabilities and hacker/cracker attacks. It was actually titled "What hackers know that you don't" and presented by Matt Siddhu of Motorola's AirDefense group (purchased by Motorola in the past year), and I suspect you could e-mail him for a copy or search the AirDefense web site.

Siddhu gave a good summary of the problems with wireless access points, especially rogue APs with makeshift directional antennas having ranges of 100s to 1000s of feet. He also included a good summary of rogue AP detection. This includes traffic injection, SNMP look-up, and RF fingerprinting. A security professional may need to use a combination of wired, wireless, and forensic analysis plus the historical record of traffic when detecting rogue traffic. He recommended the use of wireless ACLs for both inside and outside access, including the possibility of jamming specific rogue APs with TCP resets and also jamming clients who use outside APs.

The closing session was a presentation by FBI Cyber Division Special Agent John Bennett on the work of Federal agencies in opposing cyber-crime. Federal agencies opposing cyber-crime and terrorism include the FBI, the Secret Service, ICE, and Inspectors General at varied agencies like NASA.

Bennett discussed botnets and national security attacks by state actors. (He was sorry that his slides could not be released without filling out dozens of forms.) He said that new targets now include smaller financial institutions and law firms that generally hold large amounts of confidential information in unsecured and unencrypted states.

Beside the normal attack vector list that includes cross-site scripting (XSS) and SQL injection, Bennett noted an increased use of steganography (hiding data in data), which is being seen more on VOIP streams as a means of leaking data invisibly.

2009's Bay Area event was significantly smaller than 2008's, both in attendance and in vendor participation. There also were fewer folks at the end of expo prize drawings - the so-called "Dash for Prizes" - during the afternoon break.

I saw fewer than 200 people at the lunch and AM keynotes. I think there were closer to 300 at the 2008 event. With 8 vendors and 10 prize items, chances seemed fairly good. So why didn't I win something?

As in 2008, there were several invitation-only sessions, some by professional associations or for industry verticals. In fact, local ISSA and Infragard chapters were local partners and held meetings. The sessions for "standard" attendees were fewer this year, and didn't run as late in the day.

The conference was still priced below $300 - in fact, $245 this year and $195 last year - except for "SecureWorld +" attendees, who had more in-depth sessions during both days' mornings. "SecureWorld +" attendees could go to the professional group events, and were charged $695 both this year and last year. They also could also receive 16 CPE credits.

There was a discount code sent by e-mail for $200 off the "plus" rate, making it $495. In any case, these are bargain conferences, especially considering the hot lunch buffets included.

As I've said, this is a small conference at a small price, so you have to accept the lack of certain amenities. To hold down costs, there are no conference bags, no CDs of presentation slides, and... no conference WiFi.

I think every other conference I've attended at the Santa Clara Convention Center has had free WiFi, and that goes back over a decade. Instead, there was a stack of 2"x4" papers explaining how to sign-up for a day pass on the paid network. That was $13.95 this year.

I also asked JoAnna Cheshire about the WiFi issue and got the following reply: "We find that the number of attendees who ask for wi-fi at our conference are a very small percentage, and for us to pay for WiFi to cover the entire conference would impose a significant cost on us."

I think it would have been better if the daily conference e-mail, preceding each of the two days of SecureWorld, had mentioned this fact. I could have printed out a list of nearby WiFi cafes and libraries. So I had to be resigned to not having an e-mail tether, which isn't all that bad. Of course, your situation may differ.

In summary, the conference is useful for security professionals, and should grow again after the economic downturn. I was a bit disappointed that there was little conference material on virtualization security, something I expect to change in the future. Cloud computing security was discussed in a keynote and a panel. However, if you attend an upcoming Secure World, be prepared to pay for WiFi or get a cellular card from your cellphone provider. I'd also recommend carrying business cards to request copies of any presentations you may want: They won't be archived after the conferences.

Talkback: Discuss this article with The Answer Gang

Bio picture

Howard Dyckoff is a long term IT professional with primary experience at Fortune 100 and 200 firms. Before his IT career, he worked for Aviation Week and Space Technology magazine and before that used to edit SkyCom, a newsletter for astronomers and rocketeers. He hails from the Republic of Brooklyn [and Polytechnic Institute] and now, after several trips to Himalayan mountain tops, resides in the SF Bay Area with a large book collection and several pet rocks.

Howard maintains the Technology-Events blog at blogspot.com from which he contributes the Events listing for Linux Gazette. Visit the blog to preview some of the next month's NewsBytes Events.

Copyright © 2009, Howard Dyckoff. Released under the Open Publication License unless otherwise noted in the body of the article. Linux Gazette is not produced, sponsored, or endorsed by its prior host, SSC, Inc.

Published in Issue 167 of Linux Gazette, October 2009