Security Day NIT Trichy Speaker Profiles Abstracts 2008
Security Day @ NIT Trichy Speaker Profiles & Abstracts © 2008 Mc. Afee, Inc.
List of Topics and Speakers 1. 2. 3. 4. 5. Overview of Applied Security - Senthilnathan Chandrasekharan Malware - Senthilnathan Chandrasekharan and Dipankar Roy Intrusion Prevention - Kamal Bisht Data Protection - Dipankar Roy Secure Coding and Testing - Apurv Anand 1/24/2022 2
TOPIC 1: Overview of Applied Security ABSTRACT From the time that the first computer virus was made to the modern day scams, attack and defense in the computer world has changed many forms. From old and simple Anti Virus products to proactive Behavioral tracking mechanisms, the good guys have quickly adapted to the scheming ways of the bad guys. This session will set the context for the whole seminar by defining and then explaining some commonly used terminologies in the world of Computer Security, explain the anatomy of an “attack” and also touch upon some commonly used Security Tools. It will also cover how and attack happens and how a layman can defend against it. 1/24/2022 3
TOPIC 2: Malware ABSTRACT In the past three decades people have found ingenious ways to harm computers. The world of harmful software has different identities and every attack is devised to exploit vulnerabilities (whether its within the computer or in people’s minds). This session will try to identify and differentiate different forms of malicious software, known as “Malware”, their techniques and how Security Companies try to fight them. This will deal with concepts such as Virus, Worms, Trojan, Spam, Phish, Spyware, etc. We will also explain how Anti Virus, Anti Spam and Anti Spyware products work. 1/24/2022 4
TOPIC 3: Intrusion Prevention ABSTRACT As hacker attacks and network worms began to appear in the late 1990 s, Intrusion Detection systems were developed to identify and report attacks to corporate Security personnel for manual remediation. Traditional Intrusion Detection technologies do nothing to stop an attack—they simply detect hostile traffic and send alerts. As the level of threats and the size of IDS deployments increased, it was found that the amount of time needed to analyze and respond to the IDS systems was becoming prohibitively large. The evolution of new hybrid attacks that use multiple vectors to breech the security infrastructure highlighted the need for the enterprise to defend itself against a constantly shifting threat. A solution that proactively protects vital information assets in a timely manner, without waiting for new signature creation and distribution was needed. The inadequacies inherent in current defenses has driven the development of a new breed of security products known as Intrusion Prevention Systems. This discussion will talk about the different technologies available in the market, their future and challenges lying ahead. We will talk about the intrusion categories, actions possible over them, signature and anomaly based approaches, technology behind Host IPS and Network IPS and how other security solutions can be complimented with the presence of IPS solution. 1/24/2022 5
TOPIC 4: Data Protection ABSTRACT Every year millions of dollars are lost in various ways by companies losing confidential data either by mistake or by a planned attempt. It has also been found that a majority of loss of Intellectual Property is actually caused by insiders. Since loss of confidential data can cause can have simple to far reaching effects, industries and governments are now focusing on taking proactive steps to protect sensitive information from falling into the wrong hands. With the vastness of the Internet and the camouflage of the little pen drive, Security Administrators are finding it difficult to contain the loss of sensitive information. This session will explain the need and technologies of protecting data at rest and data in motion. 1/24/2022 6
TOPIC 5: Secure Coding and Testing ABSTRACT Application security is one of the key focus areas in the present security scenario. Producing an application that is reliable is an important demand in the industry. Security is one of the integral aspects of reliability and has to be built into the application rather than an after thought. Building a secure application is irrespective of the functionality of the application and takes conscious engineering efforts. The security aspect of software development starts from the initial phase of Software Development Lifecycle (SDLC) and may involve steps like security requirements (requirements phase), secure design (design phase), secure implementation (coding phase) and confirming to the secure development (testing phase). In our talk, we would focus on the coding and the testing phase of SDLC and look at how security is implemented in these two phases of SDLC. Secure coding is an effort by coders to use the language and the underlying technology in a way that an attacker does not manipulate the implementation and achieve an un-desired result from the application. Once the efforts to develop the application in a secure way is put in place, security testing can confirm if any of the security issues exist in the application. The efforts are put in testing the application with security as the fault focus area. 1/24/2022 7
Speaker Profiles © 2008 Mc. Afee, Inc.
Senthilnathan C Senthil has been with Mc. Afee since January 2003. He has been working in the Security domain for more than 8 years out of a total of 10+ years of experience in the IT industry. He has worked on several Security technologies including Host and Network based IPS, Firewalls, Content Filtering, Application Gateway Security (Mail and Web) among other things. Reading, driving and listening to music are his passions. 1/24/2022 9
Dipankar Roy Dipankar is a Senior QA Manager with Mc. Afee and has worked on various technologies including Centralized Security Management, Security for Small Businesses and Data Protection. In his more than 6 years with Mc. Afee Dipankar has formed and setup multiple testing teams. Dipankar is a MBA and a certified Project Management Professional and currently pursuing a Post Graduate Diploma in Cyberlaw. When he gets time Dipankar likes to fly paragliders. 1/24/2022 10
Kamal Bisht Kamal is associated with Mc. Afee India (Software) Ltd for more than 5 years and has been involved with host based Intrusion Prevention System (IPS) since the last 4 years. Mc. Afee's host based IPS involves Host IPS, Network IPS, Firewall and Application Access Control (whitelist). While leading the QA team for IPS Kamal was involved in functional testing and automation. Kamal also specializes in Application Security testing ( which involves vulnerability assessment and penetration testing). Kamal is an ECC Certified Ethical Hacker. Kamal relaxes by watching movies or sleeping. 1/24/2022 11
Apurv Anand Apurv is a software professional and research scientist with over 9 years of experience in the software industry, in areas of application and network security and software quality assurance. He has proven his ability to implement secure development lifecycle and mentor various team engineers for the same. An able representative of Mc. Afee Inc. , he understands Mc. Afee security product lines in depth with 6 years of work experience here. He has been pivotal in pioneering software security awareness in the Mc. Afee by starting a various initiatives like software security club with the mission of providing expertise and consultancy to other teams. He has been also involved in engineering response team (ERT) for Mc. Afee Bangalore office, dedicated for handling virus outbreaks on engineering network. Apurv has written engineering tools such as fuzz testing tools, OS imaging tools, MS patch management tools that help in software testing. Apurv has been awarded with prestigious awards in Mc. Afee like Club. Geek and Employee of the Quarter. Apurv holds a Bachelor of Engineering degree in Computer Science, from Karnataka University. Apurv in his leisure likes to run and participates in full marathons. He also likes to spend time traveling, doing photography and performing in professional theaters & plays. 1/24/2022 12
Vivek S Mathur Vivek is the Director of Quality at Mc. Afee India Center. He has over 15 years of varied experience in IT and non IT fields. He has been with Mc. Afee for the past 4 months, before which he was with Intelligroup where he established the independent test and validation group. Prior to that, at Infosys, he handled multiple roles in Dev, QA, and Account Management. Vivek completed his MBA from IIM Ahmedabad in 1997 after which he started his IT career. Prior to his IT career Vivek worked for 3 years in the prestigious Indian Railways Service of Mechanical Engineering. 1/24/2022 13
Thank You © 2008 Mc. Afee, Inc.
- Slides: 14