Introduction

Cyber espionage is different than traditional cybercrime in that the attackers aren't interested in commodity data such as credit card numbers and social security numbers that they can quickly convert to cash. Cyber espionage is interested in more strategic information, the type of information that is most valuable to an organization. Often this information is kept on a seperate network air gapped from the rest of the Internet. The presentation shows that attackers can still bridge these air gaps and move data out of the network and push new software into the network, and they can largely do this undetected. This presentation also shows how to look for this type of activity.

A fictional story inspired by the latest headlines, "The Case of the Swift" shows how an organization can quickly track down how sensitive information is being secreted out of their organization. In this story, a picture of The Swift is stolen from a Window 7 machine in the briefing room. Can the Windows audit trail save the day?

Do you worry about "Bad People" getting into your system? One of our characters in this animated tale has them. Like Humpty Dumpty, all the king's horses and all the king's men, or in this case all the frickin money this guy has already spent on security, can't make his site secure again. But his friend explains how he can start to solve his problem.

This is an abridged version of the presentation "A Few More Flags". We look at the audit flags recommended for Mac OS 10.6 (Snow Leopard) in order to meet the National Industrial Security Program Operating Manual (NISPOM) guidelines for securing computers that contain classified information. We begin by showing how little information this configuration provides, and then we show that adding a few more audit control flags we can actually get useful information from the auditing system. Running time 3:55.

We look at the audit flags recommended for Mac OS 10.6 (Snow Leopard) in order to meet the National Industrial Security Program Operating Manual (NISPOM) guidelines for securing computers that contain classified information. We begin by showing how little information this configuration provides, and then we show that by adding a few more audit control flags we can actually get useful information from the auditing system. Running time 21:48.

Audit Control Manager, or ACManager, is a Mac application that to manage audit_control configurations for the BSM audit system. audit_control is the primary file for managing BSM audit trails, which is the system used by by Mac OS X, Solaris, and FreeBSD. ACManager lets you create, share, and apply audit_control configurations. This video shows you how to use this free application by Net Squared, Inc. Running time 7:26.

This presentation begins a series on why you should run auditing on your computer systems. We begin by looking at the types of adversaries you face. Then we look at some of the reasons network-based auditing and intrusion detection are not up to the job of defending your site against these adversaries. Finally, we briefly introduce host auditing and set the stage for the following podcasts.