The Internet is Evil (Louisville Infosec)

This is the video of the talk "The Internet is Evil" given at Louisville Infosec by John Strand.

Abstract: Back by popular demand!!  SANS professor and technical guru extraordinaire, John Strand, joined us again this year to share more of his in-depth technical knowledge and rock-n-roll personality.   John currently teaches the SANS GCIH and CISSP classes, and is a key player in their local mentor program.  His extensive experience in computer security and education encompasses the areas of intrusion detection, incident response, vulnerability assessment/penetration testing, specialized multi-level security solutions, security architectures, program certifications and accreditation.  Whew!  But that's not all.  He holds a Masters degree from Denver University, where he is also a professor.  Amazingly, he still finds 'spare time' to write loud rock music and make futile attempts at fly-fishing.

Paul Asadorian wrote on his blog -

"While all of the presentations got rave reviews, one of the keynote speeches was particularly interesting. John Strand gave a keynote speech titled "The Internet is Evil". Most of us know that the Internet is evil, but John wants us to do something about it. He challenges us to think differently about defense, question how much, if any, Internet access your users shouldJohn Strand have. He also brings up a good point about the perceptions of users. Many believe that the average user is not knowledgeable about computers, when in reality they are using anonymizing proxies to bypass corporate web filtering. John then went on to identify two areas of "security" that need improvement. I put "security" in quotes, because it's a false sense of security that the following provide:

    * Anti-virus - John points out a new service that allows you to upload your binary and have it encoded by several different programs, then review a report of which Anti-virus engines caught it, and which ones did not. You can find more information on the PolyPack web site.
    *
    * SSL - SSLStrip is a tool that tricks the user into running a connection over HTTP instead of HTTPS. You can watch a video demonstration of this tool in action to get a better idea how it works. John then goes on to show how this could be combined with attacks against BGP to intercept traffic without having to be on the same subnet as your victims.

John then went on to cover defensive techniques that work, such as using firewalls not only to restrict outgoing access, but also to enable the built-in firewall on all of your hosts (especially desktops). The other interesting idea he presented was to treat your user desktop subnets as hostile. I know this may sound like a radical idea, but if the users are accessing the Internet and exposing their systems to malicious code, it's best to treat them as if they are already infected with malware. I've used this tactic when developing security strategies for universities and it works quite well."

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net