ISSA September Kickoff Meeting

Hello, and Welcome to a new year of the ISSA Portland chapter. We have an exciting year planned, with a number of fun and informative events. It all starts on Thursday, September 16th, at 3:00 PM. This is a great opportunity to meet the new incoming ISSA board and network with your fellow security folks. The meeting starts at 3:00 PM on the Portland State University (PSU) campus. We are fortunate enough to have Sharon Blanton (CIO of PSU) and Craig Shiller (CISO of PSU) to share their experiences regarding how and when to notify people of a breach. This talk will be held in room 236 of the Smith Memorial Student Union building.

We will then adjourn the meeting to the Viking game room which is located in the same building. The ISSA Portland chapter has reserved this room from 3:30 until 6:30 PM. We have the use of the 7 Brunswick pool tables, 6 regulation length bowling lanes, and the 4 big screen LCD’s with a wide variety of game titles on XBOX 360 Live! and Wii. Refreshments will be provided (pizza and drinks).

Be sure to mark your calendars and I look forward to seeing you at the kickoff event and the rest of the year.

David Stauffer
ISSA Portland Chapter President

Mark Your Calendar for SecureWorld!

We are pleased to announce our support of the Seattle SecureWorld Expo, October 27th & 28th at the Meydenbauer Conference Center in Bellevue.

There are three great options to take advantage of our partnership with SecureWorld:

1.    CONFERENCE PASS

Portland ISSA Chapter Members are offered a $100 discount off the $265 two day conference pass which includes access to the Conference Sessions, Keynotes, Lunch, Exhibits, Open Sessions and 12 CPE Certificate of Attendance. Register at www.secureworldexpo.com using code – PortISSA10

2.    SECUREWORLD+ TRAINING PASS

Portland ISSA Chapter Members receive a special $200 discount off the $695 SecureWorld+ which includes access to the Conference Sessions, Keynotes, Lunch, Exhibits, Open Sessions and 16 CPE Certificate of Attendance.  This also includes 4 ? hours of extended training.  Register at www.secureworldexpo.com using code – PortISSA10

3.    EXHIBITS PASS

Portland ISSA Chapter Members can also receive complimentary admission to Keynotes, Exhibits and Open Sessions. Register at www.secureworldexpo.com using code -PortISSA10

I look forward to seeing you all at this affordable conference.

David Stauffer, President, Portland Chapter of ISSA

NW Security Conference in Portland – Registration is Open

NW ISSA Security Conference @ InnoTech
Thursday, May 6, Oregon Convention Center
www.innotechconference.com/pdx/Event/NW_ISSA_Security_Conference.php for information and registration
Price is only $50 for ISSA & ISACA Members – Use Discount Code ISSA2MBR for lower price

$65 for non-ISSA members.

Fee includes full day of the summit, luncheon presentation, all InnoTech Conferences, expo & receptions.     

** Important Note – 7-8 CPE Contact Hours are available through this conference

This annual ISSA Security Conference meets in Portland, OR this year, and brings together over 100 security minded professionals.

This Year Topics Include:

-          Hack to the Future

-          Software Initiatives: How Do You Get Management Buy-in?

-          Web Application Security

-          Look Before You Leap – Is Your Data Safe in the Cloud

-          FTC and Recent Privacy Enforcement Actions

-          Forensics OS Tools and What to Expect

-          The Collision of Privacy and e-Discovery

-          Where is IT Going Next & What is it Taking with it?

-          Local is the New Organic: A Bottom-up Model for Information Sharing

** Important Note – 7-8 CPE Contact Hours are available through this conference

Register today at www.innotechoregon.com and see you on May 6 for the NW ISSA Security Conference @ InnoTech

Wireless Security Myths & Realities

Wireless LANs have exploded in popularity over the past several years.

Once confined to specialized applications and to consumer equipment, 802.11 wireless LANs are now increasingly making their way into the enterprise space.  But with much more at stake, how can network managers ensure that wireless doesn’t weaken security?  Many recommended security techniques for residential wireless LANs are inappropriate or ineffective for enterprise deployments.  This presentation explores what works and what doesn’t, with an emphasis on explaining the newest wireless security standard, 802.11i.

Jon Green - Director of Product Marketing for Aruba Networks.

Jon Green first used a wireless LAN in 1997 while working for Bay Networks, and immediately fell in love with the idea.  No longer chained to a desk, he experienced the joy of accessing his home’s ISDN line over a blazing fast 1Mbps wireless link while sitting in front of the TV.
Since that time, he has done work for a number of other networking companies including Nortel and Foundry Networks.  He is currently the Director of Product Marketing for Aruba Networks in Sunnyvale, California.  Jon earned a BS in IT Security from Western Governor’s University and holds CISSP certification.  When not playing with technology, he enjoys flying planes, making wine, and cooking in barbecue competitions.

Compliance 2010 –Local Security Leaders Discuss “What Works”

Be a part of the conversation!  Panelists representing several industry sectors will discuss challenges, the changing landscape, and “what works” in security compliance.   This promises to be a highly informative discussion with real world issues and ideas you can put to use in your organization.

See the ISSA-Portland training page for details!

Network Device Trust/NAC -  Network Admission Control

This presentation will provide an overview of Network Access Control (NAC); the problems it can potentially solve, the technologies involved, and the landscape of available NAC solutions. Tom Harpham, Senior Network and Security Consultant with Network Computing Architects, will expand on the technical components of various NAC solutions, including Juniper Networks, McAfee, and Cisco implementations. The presentation will include a live demonstration of NAC solutions from 2 OEM vendors to highlight the similarities and differences in approach.

Tom Harpham, has over 18 years of experience in Networking & Converged Technologies focusing on solution design, secured network architecture and deployment strategies. Tom has extensive experience implementing network controls such as firewalls & VPN solutions, IDS / IPS systems, SEIM’s, Network Access Controls, DSU’s, routers, switches, multiplexers, terminal servers and complex IP Telephony systems completing his core strengths in LAN / WAN troubleshooting, analyzing security risks and recommending mitigation strategies. Additionally, Tom specializes in network segmentation and compliance related business initiatives; and has performed class room style training to customers on a variety of platforms and protocols.

Special Meeting–Thursday Dec. 17th, 2009 4:00–7:00 PM at Paragon (1309 NW Hoyt Street, Portland)

The ISSA Portland meeting for December is taking place at Paragon. There will be catered Hors D’oeuvres, wine, beer, and more time to socialize than typical meetings (the holidays are coming after all).

The presentation on SQL Injection comes highly recommended from a few of our members.

See you on the 17th!

Presentation

SQL Injection

This talk provides a brief introduction to SQL injection and continues with a discussion of advanced exploitation methods.
The presentation concludes with coverage of various prevention and mitigation strategies.

Outline

- History & Background

- Basic Examples

- Common Exploitation Methods

* Exfiltration

* Escalation

- Prevention, Avoidance & Mitigaiton

* Encoding

* Data Validation

* Deployment Configuration

Speaker
Timothy D. Morgan taught himself BASIC programming when he was twelve years of age and has been studying computers ever since.  After earning his computer science degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim joined VSR to work as an application security consultant.  While at VSR, Tim has helped clients secure their computing infrastructures through application penetration testing, security code reviews, software and systems architecture assessments, and security policy reviews.

Tim has conducted dozens of digital investigations over the past several years and recently co-founded VSR Investigations, LLC where he leads the digital forensics practice.  He is also the author and maintainer of several open source forensics tools, namely GrokEVT, RegLookup, and tableau-parm.

Audits and Auditors