Now that I have all the important fun stuff out there for you on Why You Can’t Miss SecTor, I’ll tell you a little bit about my talk at the conference.
My talk this year is different- it’s different from my talk last year at SecTor (Network Security Stripped) and it’s actually a stark contrast to the majority of my past talks.
Event though I’ve spoken extensively on network security, 802.1X, wireless and NAC, my previous content was based on experience of actual implementations and extensive lab testing of these technologies over the years. THIS presentation, Retaliation, is a look into a set of standards and technologies not yet available in commercial products.
Personally, I believe these new sets of standards (to be ratified late 2009, early 2010) will change how we design networks, and not in a small way. I foresee restructuring and redesign of entire networks in the next 12-36 months; mostly to incorporate these newly-available security features.
After spending time recently working with high-security facilities, including DoE (you know what that means), financial and medical, I think the topic is timely and the content is relevant to all organizations planning to increase security in their networked environments. These new functions will give us the tools to secure networks in new ways and break most attack vectors currently used to compromise networks.
This is the FIRST time I’m presenting this topic (based on data not publicly available). Actually, I think it’s safe to say this is the first time any of this material has been presented in a public forum. I requested permission to use the information in the documents I have been provided with the caveat that I may not share any of the actual documents.
I’m actually in the process of reworking several pieces of it, since the data has changed just in the past week and I have about 200 new pages of specifications to review and include. Here’s to hoping I get it all done before the talk Monday!
SecTor 2009 Presentation
Monday, October 6th at 1:30pm
Retaliation: Breaking Attack Vectors in the Infrastructure – Jennifer Jabbusch
2010 will be the beginnings of a new world of network and infrastructure security as new IEEE standards change the landscape of threat models for wired, wireless and wide area networks. Learn how to use these features to stop spoofing, eavesdropping and a host of malicious activity. I’ll give you the knowledge and tools to fight back, secure the network, thwart attackers, prevent data leakage and more. Among other things, this session covers the new MACSec encryption, key exchange, network advertisements and unique device identity (IEEE 802.1X-REV, 802.1AE, .1af, 1AR).
Learn more about…
- How to authenticate with SECURE built-in device credentials instead of MAC-auth
- Delivering multiple networks to a single switch port
- Securing data and voice with built-in layer 2 encryption
- Offering secure (encrypted) and unsecured (authenticated but not encrypted) service on a single port
- Using key exchanges for fast mutual authentication of switches, routers and other devices
- Simplifying and securing wired and wireless data with built in PKI
- Securing your network through your service provider without firewalls
- Encryption, keys and credentials for devices
- Endpoint integrity and port security in virtualized environments