Home Events News Membership Links Sponsors Contact Sitemap

Welcome


Upstate SC ISSA
The Global Voice of Information Security

Why Upstate SC ISSA?
  • Involved Local Information Security Professionals
  • Learning Opportunities for All Members
  • Monthly Chapter Meetings for Learning & Sharing
  • Real World Resources with Practical Experience
  • Exciting "Hack the Flag" Learning Sessions
  • Continuing Professional Education (CPE) Credits for CISSP Certification
Next Chapter Meeting - Friday, Sept 6th, 2013 - 11:00AM to 12:30PM
Come join us for our next Upstate SC ISSA meeting held at the ECPI location in Greenville, just off the I-385 and Roper Mountain exit. The meeting will cover:
  • *Network Security Monitoring with Security Onion

    Network Security Monitoring with Security Onion
    Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network.  Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what's happening on your network. This presentation will demonstrate how you can use a free Linux distro called Security Onion to peel back the layers of your network in just a few minutes.

    *About the Speaker*
    Doug Burks has over 10 years experience in Information Security. He has worked in many organizations over the years, including government facilities, chemical plants, and the media industry. Doug is currently the Deputy CSO for Mandiant and a SANS Community Instructor.  He is one of the few people in the world to have passed the SANS GSE exam and also holds a Bachelor's degree in Computer Science and the GCFA, GPEN, GCIA Gold, GCIH, GSEC, and CISSP certifications. Doug created and is the lead developer of Security Onion, a free Linux distribution for Intrusion Detection, Network Security Monitoring, and more. You can read more about Doug by visiting his blog at http://securityonion.blogspot.com/.


  • Bootable Live DVD versions of Kali Linux (formerly known as BackTrack) will be made available to attendees.
  • Lunch is free to ISSA Chapter members or $5 for non-members.  If you'd like to eat lunch with us, please RSVP to webmaster@upstatesc.issa.org at least 24 hours prior to the meeting and mention you would like lunch ordered.
  • DIRECTIONS
Past Events  (20120925- reconstructing past events list)

12/01/11 - Security Jeopardy!

10/07/11 - October Meeting - Web Access Management & Data Loss Prevention
- CA Principal Consultant Dale Huggins will be present to speak on the following:
Web Access Management: Challenge of the proliferation of web based applications (old content but builds on the current trends); Challenge of bringing on a company’s resources after an acquisition; Importance of a centralized authentication engine; Why username/password isn’t really enough strength any longer; How strong authentication supplements access management
Data Loss Prevention: Importance of know what data exists in the environment; Knowing who has access to said data; What avenues does data have to get outside the environment; Cost of what happens when data leaks occur; How DLP protects organizations from leaked data

09/02/11 - Advanced Evasion Techniques - From Past to Current - Stonesoft
This presentation will provide a brief history of evasions, examples of common and not-so-common examples, discuss how they've evolved. This session will provide an overview of previous and current research papers, including those from H.D. Moore and thoughts on some of Gartner's research notes. There will also be a live demonstration of some R&D tools used to show Advanced Evasions targeting many of the known IPS vendors in the marketplace. We will also touch on some best-practices to protect against AETs

08/05/11 - Understanding Risk and Vulnerability Assessments - Mike Holcomb, Information Security Manager at Fluor and President of the Upstate SC ISSA Chapter, will be talking about how IT and Security professionals must understand various types of risks and how to reduce and eliminate these risks. Additionally, the Vulnerability Assessment process will be examined as a tool for eliminating risk.

07/01/11 - Verifying the Performance and Effectiveness of Next-Generation Security Devices -
Bob Usher from BreakingPoint and our sister Chapter in Charlotte, NC, will be on hand to discuss issues with current security systems such as firewalls and how they can "leak" unauthorized traffic.  Additionally, Bob
will look at the "Next Generation" of security controls and how to effectively evaluate  their security as well to address vulnerabilities and associated risk.

05/05/11 - Stuxnet: How to Hack a Nuclear Power Plant -
Ali Alwan, Check Point Software Technologies
A deep dive into just how Stuxnet works, what propagation vectors are used, which vulnerabilities are taken advantage of, and the end game for the Stuxnet authors.There is no arguing about the success of Stuxnet...
Malware writers are no different than other software authors - they use good code. With the decompiled source code for Stuxnet now freely downloadable on the Internet the threat of Stuxnet is far from over. You simply cannot protect yourself from current generation threats like Stuxnet with yesterday's defenses.

04/01/11 - Mining Sensitive Data From Images -
Dennis Kuntz, co-organizer of BSidesGSO
Most tools today expect sensitive data to reside in string-based data. However, that leaves many types of image-based documents (again faxes and scans are notable examples) that may contain the same type of data, but that do not avail themselves to the same type of searching/analysis. Enter command-line OCR.

03/04/11 - Introduction to Wireshark - Jimmy Caldwell will be providing the Chapter with an introduction to Wireshark, including the basics of installing and using Wireshark as well as functional concepts such as capturing data on a switched network and working with display filters.

11/19/10 - Information Security and Lean Six Sigma - In this presentation, Bob Usher from Breaking Point Systems, will introduce attendees to the various business management strategies of Lean Six Sigma and how they apply to implementing Information Security within each of our environments.  IT and InfoSec professional alike will find valuable information in this presenation in making their own IT and security practices more efficient while reducing costs in this "lean" way of thinking that focuses on reducing waste wherever possible.  Areas to be covered include securing infrastructure components such as routers, firewalls, IDS/IPS and load balancers.

08/20/10 - The Anatomy of a Web Attack - Dennis Pike,
Data Network Solutions, Chapin SC
Learn about the "State of the Web" including the past years top web categories and attacks as well as how these top attacks work and how new Dynamic Link Analysis tools can help you stop them.

3/24,27/10 - Ethical Hacking Workshop

02/19/10 - Tasting Poisons:Safely Testing the WiFi HotSpot - Please join us and Matthew Gardenghi, the Computer Security Coordinator for Bob Jones University, for this presentation which will discuss the threats posed by a WiFi hotspot and techniques to safely test the environment for threats.

01/15/10 - Ethical Hacking - From Basics to Advanced Techniques
Join us for a newly updated version of one of our most popular presentations which covers the various phases of penetration testing along with a discussion on what "Ethical Hacking" means in the Information Security industry today. From Information Gathering to taking complete control over a remote system, the presentation will not only provide an overview of each of the Penetration Testing phases, but also present real-world examples of recently conducted Ethical Hacking exercises. Additionally, we'll spend time looking at the latest BackTrack 4 Pre-release candidate with the finalized BackTrack 4 version to be released soon.

12/18/09 - Security Jeopardy!

11/20/09 - Securing your Network with PCI Compliance Guidelines - Join us and Qualys (www.qualys.com) for this month's presentation on PCI Compliance and keeping your network secure.  While organizations that process and store credit card information must adhere to the PCI Compliance Regulations, every organization that is looking to secure their organization or is currently maintaining a secure environment can learn various aspects of network security from the same Compliance guidelines. Every network, system and security administrator is guaranteed to take away valuable information in helping to secure their environments from this presentation.

10/16/09 - Focusing on Your InfoSec Career - Jeff Busby, branch manager for Sapphire
Technogies in Greenville SC.
Whether you are new to the industry or an experienced InfoSec veteran, it is now more important than ever to examine (or re-examine) your current career path with today's current economic environment and job markets.
Please join Sapphire Technologies' Jeff Busby in a look at the current job landscape and certification discussion to how to sharpen your skills and your resume at the same time.  With over 50% of Information Security professionals today unsatisfied with their current roles and responsiblities, make sure that you aren't one of the unlucky ones!

09/18/09 - Security Logging, Event Detection and Event Correlation -
ArcSight’s Trevor Welsh discussed the importance of system logging as a detective AND proactive security tool within your environment.
Even in today's IT environments, many system and security administrators find they don't have the time to review system logs, only using such information in the event that a compromise has already occurred.  But what if these events could be used proactively to address existing security concerns and prevent future security issues?

07/17/09 - Tokenless Two-Factor Authentication -
PhoneFactor’s Greg Valenstein lead a discussion, presentation and demonstration about Two-Factor Authentication.
For most companies, information security is a top priority. Demand for protecting data and employee confidentiality is only continuing to grow, especially in industries that require a regulatory-compliant environment. However, applying user names and passwords for authentication is insufficient.  While two-factor authentication is an effective security solution, traditional token-based systems have been difficult to implement and administer, leading to limited adoption.

06/19/09 - June Meeting - Securing Internet Availability from MPLS to BGP & VPN's
Over the years, many different communication technology's have evolved for office to office connectivity ranging drastically from costs, performance and complexity. From MPLS-to-BGP-to-VPN, there are numerous options to weigh  - all while trying to still provide simple security and easy high availability. In addition, investing in additional connections for HA can also help increase network performance for no additional cost - if you know how. With today's economy, companies are looking at more cost effective ways to provide connectivity, while not compromising security or costs.

This discussion will review each of the options, weighing options but also highlighted cost effective approaches to deliver enterprise performance, availability and security for smaller organizations via VPN.

04/17/09 - April Meeting - eDiscovery & Digital Forensics, The New Corporate Tools - As a follow-up to our February meeting discussion which began to address Data Forensics, Clay Boswell, Information Security Director at Sealed Air & our Chapter Vice President, will be looking at the wide variety of tools used in an enterprise's eDisovery and Digital Forensics program. Also, we'll be providing a preview of the new BackTrack 4 Beta penetration testing platform.

03/20/09 - March Meeting - Cyber Threat - Underground Economy
- The Symantec Report on the Underground Economy is a survey of cybercrime activity in the underground economy. It includes a discussion of some of the more notable groups involved, as well as an examination of some of the major advertisers and the most popular goods and services available. It also includes an overview of the servers and channels that have been identified as hosts for trading, and a snapshot of software piracy using a file-sharing protocol in the public domain.

03/17/09 - 03/18/09 - - ATLANTA SECUREWORLD Conference
- Conference topics include, Security Policy Conmpliance, Defense Against Dark Bots, Risk Assessment, and Informatin Risk Leadership.

01/14/09 - January Meeting - Hack the Flag!
- Each four hour session is designed for both the experienced security professional and those new to the field of penetration testing. We'll cover performing network reconnaissance, along with a wide variety of pen testing techniques and ultimately gaining control over resources in a typical Windows & Cisco based environment seen implemented in most SMB environments today.

12/20/08 - Ethical Hacking Workshop

10/17/08 - October Meeting - You're Compliant - But Are You Secure?
- Dan Ramaswami, Senior Security Engineer with Sourcefire (www.sourcefire.com), will discuss the importance of creating a security program that protects your enterprise and produces compliance as a by-product. Any compliance effort that focuses strictly on a given set of requirements to check off will not produce long-lasting success. If security is built into your operations, and your mindset, you will be better able to handle changes in existing rules and new regulations that come up. As we know they will.

09/19/08 - September Meeting
- Web Application Hacking for Web Developers How safe are your web applications? You’ll think twice after seeing how Foundstone security experts dig into their hacker's toolbox and rip open web applications by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery. Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections. As a finale, the holy grail of web security will be broken with a Man-In-The-Middle attack on SSL. Countermeasures to prevent mistakes will then be shared. Join us for this guaranteed informative discussion with Dean Saxe, Managing Consultant with Foundstone Professional Services (www.foundstone.com).

08/18/08 - August Meeting
- Jeff Busby from Sapphire Technologies will be discussing successful strategies for new and established members of the Information Security field. What value do security certifications truly hold? How do certifications compare to degrees? What's the overall outlook on the job market place today for InfoSec professionals? Bring all of your career questions for Jeff for what should be a lively discussion!

07/18/08 - July Meeting
- IBM's Information Security Systems (ISS)
Linda from ISS presented on the various threats that present risk against environments today and explained how the current threat environment has evolved over the years.


06/20/08 - June Meeting
- Chris Knox, Stalwart Systems
Chris Knox, Security Engineer for Stalwary Systems, provided an overview of conducting a vulnerability assessment for a company. Chris also shared various penetration testing techniques along with his interesting experiences.


05/16/08 - May Meeting
- Robert Hamod, Federal Bureau of Investigation
Robert Hamod of the FBI came to discuss Information Security today with special "Notes from the Field". We'll also discussed how the private sector can work more closely with government agencies like the Federal Bureau of Investigation in cyber security matters, taking advantage of great resources like the Infragard organization
(http://www.infragard.net/).

04/18/08 - April Meeting
- Uncovering Secret Botnet Communication and Evil Botnet Herders 
John Fraizer, Network Security Engineer for NuVox, presented an overview of some of the law enforcement online and private individual efforts in infiltrating botnets in an effort to identity their creators and eliminate the risks presented by these individuals and their zombie networks.


03/28/08 - March Meeting
- Penetration Testing with the Metasploit Framework
Mike Holcomb, Chapter President and Network Security Engineer for NuVox, presented an overview of the Metasploit Framework and it's unique features in aiding penetration efforts and validating discovered vulnerabilities.


02/22/08 - February Meeting
- Vulnerability Assessment Process with BackTrack
Mike Holcomb, Network Security Engineer for NuVox, presented an overview of the Penetration Testing process and introduced the BackTrack Live CD with its collection of security testing tools.

SLIDES




 



 
Licensing Information

This website was built solely with original graphic work from the designers at i3dTHEMES.com.
Please review the image licensing information here: LICENSING

Valid HTML 4.01 Transitional

 

 




Sponsored in part by:
Sapphire
 
ECPI Logo  

GSATC  

Greenville Tech Logo

MDI Group 

Qualys Logo  
TechnoSecurity 2013 Logo  
Microsoft Logo  
Home  |  Events  |  News  |  Membership  |  Links  |  Sponsors  |  Contact  |  About