Sandia employees and former SIG-SECers Jason Trent and Will Atkins will be in town for our next meeting so make sure to swing by for an excellent presentation and a chance to talk with Sandia employees about employment opportunities.

Traditional cyber security typically focuses on best practices, intrusion detection, and penetration testing. As cyber security becomes more critical, a more appropriate approach may be to focus on measurable security enhancements that can be derived using scientific approaches.  Transitioning to quantifiable and certifiable cyber security is extremely challenging. This talk will discuss several primary problems that must be overcome to make this transition and some of the work being done at Sandia in this area.

Jason Trent has been a Member of Technical Staff at Sandia National Laboratories since 2006. He works in Sandia’s Critical Infrastructure Systems Department, where he conducts research and red teaming exercises. Jason’s primary role focuses on systems software development and assessment, low-level hardware/software interaction, malware analysis and reverse engineering. Jason received his Bachelors of Science degrees in Computer Science and Computer Engineering in 2004 and his Masters in Computer Science in 2006 each from the University of Missouri-Rolla, now the Missouri University of Science and Technology.

William D. Atkins joined Sandia National Laboratories as an intern in 2005 and later as a Member of Technical Staff in 2007. He works in Sandia’s Critical Infrastructure Systems Department, where he conducts research and red teaming exercises to secure critical information and control systems against attack. Atkins received both Masters and Bachelors of Science degrees in Computer Engineering from the University of Missouri-Rolla, now the Missouri University of Science and Technology, in 2007 and 2005, respectively. His interests include wireless networks and communications, control systems communications architectures, embedded systems design, and reverse engineering.

It’s that time of year, security auditin time with your most favourite group of people, SIG-SECURITY!

Join us on Wednesday, September 16th at 7:00pm in CS209A to put those cantennas from our last meeting to use. We will split up into groups and then everyone will have 1 hour to basically find as many APs as possible.

Scoring and prizes for the top team will be announced at this meeting too. The WSA is an annual event where SIG-SEC evaluates the wireless security of Rolla. The AP information gathered during it is compared with past audit’s. This allows us to see the change in percent of secured access points vs unsecured. We use this data to complement a news article on how users can protect their wireless networks.

ACM SIG-SEC’s first meeting of the semester will be Wednesday, September 2nd at 7:00 in CS209A.

We will teach you how to build a cantenna, a directional antenna build using of can, which you can use to better pick up wireless signals. This is the precursor to our annual Wireless Security Audit which will take place at the following meeting, September 16th. Teams form to build cantennas and compete with each other to gather statistics on wireless access points throughout Rolla.

Bring along a can (pringles, coffee, pirouette, or anything else bigger than a soda one), preferably clean and we will provide the hardware to build the antenna.

For those of you still interested in building your own but had to jet early or just interested in cantennas in general, here are some fine resources available online for you to use.

• http://turnpoint.net/wireless/cantennahowto.html
• http://www.saunalahti.fi/elepal/antenna2.html

The main things you need to know are that the placement of the n-connector should be (lambda g) / 4 away from the BACK of the can and the height of the wire from the n-connector should be (lambda o) / 4 tall. There are some nice calculators on the websites above that take the effort out of finding those values.

At our next SIG Sec meeting, thursday April 30th, Colonel Tooke of the United States Air Force will talk about the United States Air Force’s project Cyber Command. She will talk about understanding cyberspace and the challenges posed to the military, as well as various cyber threats. She will also cover the overlay in military and civilian rights. Colonel Tooke will also cover the challenges that must be overcome in order to prepare an adequate system for cyber defense.

Its 7:00pm in CS 209A, as usual, and there will be free pizza for all attendees.

This Thursday, SIG Sec will have the results of our red team competition.   The vulnerable machines will be going down after tomorrow, so get in your last attempts.

Be sure to document and email Mike Collins your results.

Imporant! We will also be having Officer Elections for the 2009-2010 school year, so if you or anyone you know would like to be involved, please attend.

Food will be provided, pot luck style. All of the officers will be bringing something, but feel free to show us up with your cooking skills.

As stated in the previous post, our next meeting is this Thursday, April 2nd at 7:00pm in CS 209A.
We will lay out the rules and all the information for our Red Team Competition,
as well as a demo by Mike Collins on the different kinds of exploits, which you can use in the competition.

There will be all levels of difficulty, so don’t be afraid to try.
And there will be free pizza.

At our next meeting, SIG Sec will be announcing our Red Team Competition, a computer penetration testing challenge. The event will be hosted by Brown Smith Wallace.
In this two week event, open to any S&T student, we will provide information on systems (provided by Michael Collins) that are vulnerable to cyber attacks. The goal is to gain access and figure out the weak points of a computer system. You do not need to have security experience to participate.
The first meeting is April 2nd, where we will announce the rules, and the basics of the competition. During the following two weeks, participants will be able to access the machines and points will be scored. Then, on April 16th, we will announce the winners.

There will be multiple levels of difficulty, so everyone will be able to try. Multiple prizes will be awarded.

More information to come in the next few weeks,
currently the systems we are planning (roughly listed in increasing difficulty):
• Windows XP
• Windows 2003 Server
• Ubuntu Server
• FreeBSD

Want to know what security classes are offered next semester? Have an opening that you need to fill?
Or are you just trying to find a class to get your adviser to remove your hold?
Well, why not make it a class you’ll find interesting?

Come to the next SIG Sec meeting (note the day) and learn about what courses will be offered.
Tuesday March 17th 7:00pm CS 209A
Classes discussed will include those taught by: Karl Lutzen, Tim Doty, Dr. Jiang, Dr. Miller, and Dr. McMillin

Wireless Security Auditing Presentation

On Feburary 19th, 7:00 pm in CS 209A, William Atkins, the illustrious former SIG Sec co-chair, will be presenting on his work at Sandia National Laboratories, on the topic of Wireless Security Auditing.

Free pizza and more information to come.

Also, Will will be attending the ACM Career Fair Dinner at Alex’s Pizza. Be sure to rsvp to acm@mst.edu

Social Engineering Presentation (26 MB)

Student speaker AJ McDonald will be talking about Social Engineering at our next meeting on
Thursday, February 5th at 7:00 in CS209A.

His talk will cover all the important qualities of a social engineer.