September 2020: How VPNs Work- The Ins and Outs

Click here to view and download the presentation slides

Presented by Daniel Lenski, PhD

Abstract

Virtual private network (VPN) software creates a connection between peers across a wide-area network (normally, the Internet!) and builds an encrypted tunnel that behaves like a direct connection to the same local, private network. VPNs have become a pervasive feature of modern workplaces, and even more indispensable in this era of COVID-19 and widespread remote work.

The most widely-deployed VPN client and server software in workplace environments — including Cisco AnyConnect, Juniper/Pulse Networks, PAN GlobalProtect, and others  — is all proprietary and closed-source. These VPNs differ in idiosyncratic ways, ranging from authentication to security requirements imposed on the client computers. Combined with bugs, missing features, and often mystifyingly vague error reporting, they can be very difficult to use, especially for those who need to access multiple VPNs. Under the hood, however, they all work in extremely similar ways.

Continue reading “September 2020: How VPNs Work- The Ins and Outs”

July 2019: Data Management From A Penetration Tester’s Perspective

Click here to download the presentation slides

Presented by John Stephens, CISSP

Managing Partner, Luminant Digital Security

Data Management from a Penetration Tester’s Perspective – Zero Trust and Compliance

It’s pretty much a daily occurrence where we hear some vulnerability or hack or about this or that breach, resulting in information disclosure on what seems increasingly to be hundreds of thousands or millions of records. And if that wasn’t enough, it’s become a regular occurrence where we hear about how some city opted to pay hundreds of thousands of dollars in ransom. Now, we could spend all day talking about all the things that went wrong to get to this point. That could include security patching, application development, system configuration, etc. One item that’s often overlooked is Data Management and its impact on security. In nearly every hack or breach, the ultimate goal of the attacker is to get to the data so it can be monetized. So how you manage the data is critical.

This presentation is designed to give you insight into how attacks are executed, the tools and tricks the attackers use, and how data management can play a role in minimizing the damage when a breach occurs, or perhaps stopping it altogether. This effort can be significantly enhanced by adopting a zero trust approach with data access and backups. It can be significantly hindered by checklist “compliance” efforts that are not grounded in secure best practices. We’ll talk about these items based on observations and experience during actual Penetration Tests, so you can hear firsthand how data management can play a role in securing your data.

Continue reading “July 2019: Data Management From A Penetration Tester’s Perspective”