W2
Brenda Langedijk & Hans Van de Looy

How to use Open Source Security
A REAL Hands-on Tutorial

Computer and network security has been in the spotlights ever since the Morris worm made a mess of the Internet. However it has always been the work of
specialists.Then again, with some basic knowledge of computer architectures, internetworking protocols and the use of ever evolving software tools, general computer and network specialists can also provide insight in what is going on during an attack or provide valuable information after an (successful) attack took place. This tutorial is all about the tools that are available in the open source community with an emphasis on how to really use them. We will focus on a couple of scenarios to build a basic skill set. It covers material that computer and network specialists can use to study (potential) security problems, find answers and produce more secure hard- and software configurations.
Topics include:
- Introduction The only theory we will present to the audience. All other items on this list are Do It Yourself and very hands-on.
- Network Traffic Analysis The anatomy of a network security breach. Using tools presented in the introduction the audience can now experience first hand what it takes to analyze some network traffic.
- Forensic research of a file system A CDROM containing several naughty items is delivered to the forensic analysts, no clues attached. Now the audience has to figure out what possible problems it contains.
- Hack Me – DIY
The audience will have the opportunity to do some auditing (“penetration testing”) of two systems connected to the Local Area Network. The best way to learn how to secure your systems is still to learn how to break into them in the first place and then close all the gaps.
Instructors:
Brenda Langedijk & Hans Van de Looy. Brenda is currently employed as a Security Consultant at Le Reseau. Since her graduation she has worked for several companies and at most of them in a security oriented role. After becoming a full time member of the RISC team at one of the largest computer centers in the Netherlands she really became interested in testing ICT security. Her private home-based network contains several servers running both windows and BSD operating systems. Having a broad knowledge on such diverse subjects as PKI, penetration testing and windows security, she assists organizations with the implementation of their ICT security and has both developed and presented training courses on PKI and penetration testing using Open Source software. Her interests include lock picking, reading and sailing. Brenda can also be contacted at: brenda@blackhats.org.
Hans has been hacking operating systems since 1979 and has not stopped since. His private homebased network contains several computers running
all kind of neat stuff using mostly BSD and windows flavored operating systems. Since his graduation he has worked for several companies in various functions, ranging from senior software developer at a nuclear science development site, development manager for a telecommunications company, product marketing manager for a high-end computer manufacturer and ethical hacker for one of the largest computer centers in the Netherlands. He has presented lectures, workshops and tutorials at universities and conferences like SANE, H2K, DefCON, ITSMF and HAL2001. A couple of years ago he decided to start his own business and founded Madison
Gurkha BV (http://www.madison-gurkha.com). A privately held company providing technical securitysecurity oriented consultancy services like penetration testing and training. His interests include but are not limited to security in its broadest sense, reading, music and sailing. Hans can be also be contacted at: hans@blackhats.org.
Who should attend:
Prerequisites: basic network and computer
architecture knowledge and some
knowledge of their operating system of
choice. A personal computer with a
working connection to the LAN (and the
Internet) is needed for the hands-on part
(3/4) of this day!