Did you know that Halifax, the capital of Nova Scotia, is considered the “economic capital of Atlantic Canada” and is home to many impressive firsts?Halifax was the first public school in Canada. Founded the first law school. It was also the first place in North America to have all-electric street lighting. This spirit of innovation continues to shine today, and this year, Atlantic Canada's largest cybersecurity conference, the Atlantic Security Conference, better known as ATLSECCON 2024, will be held in this city.
This Atlantic time zone-based event attracted more than 1,200 attendees who watched sessions from more than 50 speakers over two session-packed days. Along the way, there was the capture of a flag village, many networking breaks, a snowstorm, and one social event: halifax donaire. Here are some highlights from the conference.
A journey of mindfulness and security
Chris Gates, RobinHood Senior Offensive Security Manager, set the tone for the conference with his keynote, “F*ck It – Just Get Your Feet Wet!” Chris shared a personal story of her own transformation and emphasized the importance of combining a hacker mindset and mindfulness to enrich her life experiences. The title comes from an anecdote about how he feared getting his shoes wet while hiking, but inevitably did. But once I did, the path became much easier to follow. We have to accept that life, like security, is a messy business and we just have to step into it.
Throughout the talk, he explained how to run tests and implement observability in our lives. Mindfulness is a way to achieve this, allowing you to stop and consider how you would react as a first step to improving the situation. He emphasized the importance of intentionality in our actions and the need to challenge our core programming. Just as we need to re-evaluate the best approach to cybersecurity, we also need to be mindful of what approach we will take for the rest of our lives. Bad programming can be counteracted by reevaluating how we came to believe what we believe.
Balancing the risk management equation
In a talk on “Demystifying the risks associated with vulnerabilities.'' Brian Beard, Grant Thornton Cyber Security Manager, we delved into the complex world of translating threat scores into potential real-world consequences. He spoke about flipper devices, which were recently banned in Canada based on the misconception that hacking devices can be used to steal cars. Can not do that. Similarly, we spend too much time on things like CVEs that are marked “high risk” even though they are very difficult to execute in our environment.
Brian emphasized the importance of understanding the context of each vulnerability. He challenged us to go beyond standard metrics such as the Common Vulnerability Scoring System, CVSS, and scores to consider the unique aspects of our networks. By focusing on the root cause, most commonly unpatched systems, you can develop more targeted and effective mitigation strategies. Brian also provided a five-level scale of difficulty for remediating vulnerabilities, from easiest to most difficult.
- Flip the switch – If you can easily turn on a security setting, you should.
- Flip the switch and test it – Some security settings can simply be turned on, but you need to ensure that no unexpected behavior occurs.
- Updates – Applying patches is supposed to be normal maintenance, but it takes more effort than just adjusting settings.
- Upgrade – This level requires a completely new version of a service or software to remediate a security threat. Vendors need to discuss this.
- Rewrite – In some cases, the only way to protect your organization is to completely replace your application with a different approach. Of course, this requires the most effort.
Brian concluded that you can balance the severity of specific threats in your environment with the level of remediation needed to prioritize efforts to protect your organization.
Thinking like an attacker means understanding Active Directory
In his session “The Silent Cry of Every Network: The Horror of Active Directory,'' he said: Tim Oroszi, Principal Security Engineer, TenableWe've discussed the various ways adversaries can exploit Active Directory (often abbreviated as “AD”). AD is attractive to attackers due to its widespread use, common misconfigurations, and inherent vulnerabilities. Tim said that AD security is like a leaky basement, invisible and unmanaged, yet critical to the foundation of his organization's IT infrastructure. One of the big problems is that no group within most organizations fully owns AD, making it very difficult to secure it.
Tim explained some important steps to secure AD.
Improve security by understanding why containers are not VMs
In his very practical talk, “Building Containment Fields: How to Keep Your Containers Safe,” he says: Eric Conrad, SANS Institute Fellow, CTO, Backshore Communications We explained that one of the biggest problems with container security is that it doesn't meet the basics. Virtual machines all have their own kernels, often with built-in system-level logging and security tools, whereas containers all share the same host kernel. This means it is much easier to take control of the host machine without leaving any obvious traces.
Containers are primarily created by developers. Developers have an incentive to “save pennies” and create workloads that are lightweight and fast whenever possible. Built-in logging or double-checking root access isn't really a consideration, especially if it's from the background of his VM. Many of these issues are managed at the OS level.
Luckily, Eric shared a free, open-source tool that makes finding and fixing problems very easy. CIS Docker Benchmark, from the Internet Security Center. This text-based tool quickly identifies common issues and provides guidance on how to implement necessary changes. This tool allows anyone to surface issues and start improving security within the first 30 minutes of use, without having any knowledge of how containers work. Best of all, it teaches users the basics of containers along the way.
Paving the way to collaborative cybersecurity
A common message of unity and cooperation in the face of cybersecurity challenges resonated at ATLSECCON 2024. Sessions ranged from highly technical explorations of exploits to conversations about broader security improvements.Your author could do the following Premiere new talks in the latter categorywhere I shared the power of leveraging principles from to empower colleagues as security advocates. OWASP program guide. Part of this program was to raise awareness through “Lunch and Learns,” which many companies like GitGuardian offer to their customers as a free service.
I'm already looking forward to the next ATLSECCON. There we will come together again to advance the cause of a strong, free and secure Northeast.
*** This is a Security Bloggers Network syndicated blog on GitGuardian Blog. Code Security for His DevOps Generation, written by Dwayne McDaniel. Read the original post: https://blog.gitguardian.com/atlseccon-2024/
