Events

Thursday, November 29, 2007

SPSU Information Security Lecture Series 2007

Subjects: Animated Database Courseware (ADbC) with Security Topics
Speakers: Dr. Mario Guimaraes and Dr. Meg Murray
Time: 6:00 PM – 7:20 PM
Place: J-161

Abstract

This presentation will focus on a set of database security and integrity software animations recently developed to enhance an Animated Database Courseware (ADbC) tool developed at Kennesaw State University and made freely available at http://coffee.kennesaw.edu. ADbC is an on going project funded by NSF-CCLI [grant # 0717707]. The project includes the development of several animations covering a wide variety of database concepts including database design, SQL, transactions processing with more advanced topics such as database security being added.
Prototypes which have been developed are freely available at the website: http://coffee.kennesaw.edu. The ADbC has been designed to be fairly intuitive to use. Further, the animations have been designed to supplement currently available database course materials but are not tailored to any specific product or textbook.

Biographical Sketches

Dr. Mario Guimaraes is an associate professor of Kennesaw State University. His main areas of interests are databases and instructional systems. He has over 10 years of experience teaching Databases, Database Security, Videogame Design, System Analysis, Programming, Software Engineering and Project Management. Dr. Guimaraes has been a PI of multiple NSF grants as well as Eisenhower, RTA and Foundation grants. He was the recipient of the first place award at the 1995 International ACM Student Research Competition. Dr. Guimaraes is currently completing an NSF post-doctorate fellowship in Information Assurance at UMUC.

Dr. Meg Murray, an Associate Professor of Information Systems at Kennesaw State University has extensive experience in academe and industry. Her current work is in the area of web services and using XML as a medium for data exchange. She also has experience in curriculum development in the areas of XML, web services and database technologies.

Saturday, November 10, 2007

SPSU Network Security Challenge

Think you can defend and secure your computer?

Come out and test your network skills in a competition where teams of three students are set against a team of professional security testers.

When: November 10 11:00 am -6 pm
Hosted by: Southern Polytechnic Information Security Association (SPISA)
Sponsored: Information Technology Department, School of Computing and Software Engineering

Fore more information please email spisaadmin@gmail.com or it@spsu.edu

Thursday, November 8, 2007

SPSU Information Security Lecture Series 2007

Subjects: Passive Vulnerability Detection & Web Application Vulnerability Assessment
Speakers: John Lampe and Associates, Information Security Researchers
Time: 6:00 PM – 7:20 PM
Place: J-102

Abstract

I. Passive Vulnerability Detection: What can an attacker find out about you without ever having to send a single packet to your machine? How can you use search engines to detect vulnerabilities on a Corporate (or any other) web server? How can attackers gain access to your confidential information without ever gaining access to your computer? What sort of corporate secrets might malicious 'insiders' be sending out on the Internet?
The passive detection of vulnerabilities or private information is a popular way that many attackers gather their information. How can you see if you are vulnerable? How can you prevent yourself from becoming a victim?

II. Web Application Vulnerability Assessment: This part of the presentation will discuss the what, why, and how of Web Application Vulnerability Assessment. In addition, commonly found web vulnerabilities, common fixes for and prevention of these types of vulnerabilities will be explored.

Biographical Sketch

John Lampe is currently a senior Security Researcher at Tenable Network Security. He has been working in information security since 1996 and has performed security audits of many Fortune 500 companies and various government agencies. His interests include passive vulnerability scanning, Intrusion Detection, software fault injection, and application vulnerability assessments.

Tuesday, October 9, 2007

SPSU Information Security Lecture Series 2007

Subjects: Detecting Vulnerabilities with Open-Source Code Auditing Tools & Firewall Design & Policy
Speakers: John Lampe and Associates, Information Security Researchers
Time: 6:00 PM – 7:20 PM
Place: J-102

Abstract

I. Detecting vulnerabilities with open-source code auditing tools: Flaws in software are becoming more and more prevalent as companies move their 'mission critical' applications to the Internet. What was once only available to internal or trusted users is now available to the general public. The majority of system intrusions are due to buffer overflows, format string flaws, SQL injection, and other remote attack vectors. The root cause of all of these flaws lies in software programming errors. There are several popular ways of testing for software flaws: remote penetration testing, manual source code auditing, Fuzzing, run-time analysis, and static source code analysis. Static source code analyzers have been available to developers and QA groups for many years. These tools check for common programming mistakes which often lead to a system compromise. Despite their prevalence, many companies opt to test their software without analyzing the source code. Whether you are a developer, QA engineer, or professional penetration tester, static source code analysis tools are a great way to quickly identify flaws in software.

II. Firewall Design and Policy: This part of the presentation will discuss the basic function of a firewall, the different types of firewalls, and the reasons for deploying a firewall. Part II will discuss how to design, place, and construct policies for a firewall specific to the devices it will protect.

Biographical Sketch

Wednesday, September 26, 2007

SPSU Information Security Lecture Series 2007

Subject: Computer Forensics within a Corporate Environment
Speaker: Mr. Scott Vincent, CISSP, Lockheed Martin Information Security
Time: 6:00 PM – 7:20 PM
Place: J-217

Abstract

Computer forensics within a corporate environment is similar to computer forensics within a law enforcement environment in many ways, but without many of the limitations. Choosing a career in computer forensics is a difficult one to make; it is even more difficult to choose a career within a corporate or a law enforcement environment. There are many positives and negatives with each one. We will discuss real-life events and processes within the corporate environment and compare those with the law enforcement process. This session should help make the career choice easier for most undecided students.

Biographical Sketch

Mr. Scott Vincent is a security expert from the Lockheed Martin Information Security Department. Mr. Vincent served in the military for a total of 12 years and received an honorable discharge from both the US Army and the US Air Force. He has over 22 years of computer experience, 10+ years of which was as a hard-core ex-computer gamer (more than 350 hours per month). He is a self-taught SQL and PLSQL software developer and has worked as a software development project manager and a corporate computer forensic investigator. Mr. Vincent was once a law enforcement officer and a private investigator for the State of Georgia. During this time, he was responsible for arresting the first computer hacker who hacked the Southern College of Technology admissions system in 1990.

SPSU Team Won The Third Place Award

in SECCDC

From left: Chris Colyar, Yuta Kitabayashi, Dave Bachtel, Fred Gutierrez, Ryan Cambell, Eric John, Mason Cleaveland

Making Presentation after the Competition

The Southeast Collegiate Cyber Defense Competition (SECCDC) focuses on the operational aspect of managing and protecting an existing network infrastructure. Teams involved in this competition include:

Academic teams – student teams consisting of graduate and undergraduate students from regional institutions:
- Chattahoochee Technical College, Georgia
- Kennesaw State University, Georgia
- Southern Polytechnic State University, Georgia
- University of Alabama, Birmingham
- University of Louisville, Kentucky
- University of North Carolina, Charlotte
- University of South Florida
Red team – a group of information security professionals from volunteer commercial organizations who have offered their skills to assess the abilities of the teams to defend their networks and systems. The Red team conducted periodic probes, scans and attempted penetrations of the academic teams. Internet Security Systems (ISS) and Price Waterhouse Coopers (PWC) were contributing independent red teams.
White team – a group of information technology and information security academics and professionals who served as judges and referees.
Gold team – the administrative faculty and professionals who conducted the exercise, control the flow and timing of the events and injections, and served as mediators for disputes and challenges.

The competition was designed to test each academic team’s ability to secure a networked computer system while maintaining standard business functionality. The scenario involved team members simulating a group of new employees that had been brought in to manage and protect the IT infrastructure at a small to medium sized IT services company/reseller. The teams were expected to manage the computer network, keep it operational, and control/prevent any unauthorized access. Each team was expected to maintain and provide public services: a web site, an email server, a database server, an application server, and a workstation used by simulated sales, marketing, and research staff. Each team started the competition with a set of identically configured systems.

The winner was based on the highest score obtained during 12 total hours of competition time in one and a half days:

First Place Winner: University of North Carolina, Charlotte
Second Place Winner: University of South Florida
Third Place Winner: Southern Polytechnic State University

Information Security Career Day

The Metro Atlanta Chapter of the Information Systems Security Association (ISSA) will organize an "Information Security Career Day":

Date: Saturday, Feb. 25th
Time: 11:30 AM – 3:00 PM
Location:
Holiday Inn Select
Atlanta-Peachtree Corners
6050 Peachtree Industrial Blvd., NW
Norcross, GA 30071
Phone: (770) 448-4400

The Career Day will allow students and potential employees to meet with representatives of information security firms in Atlanta and the surrounding area. This is a great chance to learn about different companies in the information security sector, and the types of opportunities they provide. The event is free and open to ISSA members and non-members alike. If you are interested in attending, please follow this link and sign up for the event: http://www.acteva.com/booking.cfm?bevaID=103846

A Metro Atlanta ISSA business meeting and luncheon will be held from 11:30 to 1:00 PM. The networking and information session will start afterward, from 1:00 to 3:00 PM. You may attend the business meeting, the networking session, or both. Professional attire is recommended. Bring copies of your résumé and plenty of questions.

Directions:
The Holiday Inn Select Atlanta-Peachtree Corners

From I-75, I-85, I-20, or I-675:
Take I-285 to Exit 31-B (Northeast Atlanta) Peachtree Industrial Blvd.
Proceed 4 miles North on Peachtree Industrial Blvd.
The hotel will be on your right as you cross Holcomb Bridge Rd.

Top 3 Winning Teams in SPSU Information Security Challenge 2006 are:

Team Tiger: Dave Bachtel, Fred Guitierrez, C. J. Shiflett
Team Team_Eagle: Ryan M. Campbell
Team Untitled01: Lee Webster, Yuta Kitabayashi, Mason Cleaveland

Some photos were posted at this page, thanks going to Josh Zhang for taking these pictures.

SPSU Information Security Challenge 2006:

Wednesday January 11, 2006

When: 1pm -- 3pm, Wednesday January 11, 2006.
Where: J-211, Information Security Lab.
Who: Full-time SPSU students, undergraduate and graduate students.
What: Three students work in one team, performing a penetration testing (red team) and a cyber defensing competition (blue team). The network and server configuration will be sent to each team after December 8, 2005.
Registration Deadline: 5:00pm Monday January 9, 2006.
Awards: Top 3 teams will receive certifications, gifts, and will be sent to Southeast Collegiate Cyber Defense Competition (March 10-12, 2006).
Judges and Organization Committee: Prof. Bob Brown, Dr. Abdullah Faruque, Prof. Phillip Feibish, Dr. Orlando Karam, Mr. Micah Rowland, Mr. Ray Walker, and Dr. Andy Wang (Chair).

To register, please send email to Dr. Andy Wang (jwang@spsu.edu) with your team name and team members.

Logistics of the Competition

Schedule, Teams, Rules, Prizes, Judges and Organization Committee, etc.

How to Prepare for the Competition

Review questions for paper test only.

More information about this competition will be posted at http://it.spsu.edu/CISE/news.shtml.

STEM Workshop

Saturday, February 11, 2006

If you are a K-12 STEM (Science, Technology, Engineering, and Mathematics) teacher, school counselor, or supervisor, or if you are just interested in pursuing a STEM education re-training, this workshop will benefit you!

Keep your job skills current
Network with STEM teachers and experts
Find answers to your technology challenges
Be enlightened, inspired, and entertained
Follow up with web-based training and earn one PLU or PDU/CEU

Attend and enjoy informative sessions in information technology, computer science, software engineering, and mathematics. Also offered are demonstrations in intelligent robotics, wireless security, computer games, image processing, and more.

For more information please visit the STEM Workshop information page.