Last updated: 
2 months 3 weeks ago
Blog Manager
We are the Computer Security and Incident Response Team (CSIRT) for the Janet network. Part of Jisc's Security Operations Centre, our mission is to safeguard the current and future network security of Janet (steering the security policies for all Janet connections) and of our customers, creating a secure environment to conduct your online activities. Our primary function is monitor and resolve any security incidents that occur on the Janet network, with specialists tracking a range of platforms, including Unix, Linux and Windows.

AusCERT 2014

Saturday, May 17, 2014 - 00:16

Thanks to the generosity of my host, AusCERT, I’ve been able to spend this week in Queensland at AusCERT’s annual conference. Whilst not part of the Australian NREN AARNet, AusCERT fulfils a similar role to Janet CSIRT and provides incident response services to the Higher Education sector in Australia.

 It’s reassuring to find that institutions here facing similar pressures as the ones back home. Tighter budgets mean that greater efficiency needs to be found and more people are turning to the cloud to provide services to their staff and students. I’m also delighted to report that eduroam is just as popular here and that there was no shortage of coverage at the University of Queensland campus and at the conference.

 The theme of the conference this year was Trusting Security with many talks looking at security post-Edward Snowden, the privacy concerns of big data, and the quality of security critical software – especially in light of Heartbleed.

 elix Lindner opened the conference with a discussion about nation states as threat actors and whether the developers of white-hat security tools should ethically consider themselves to be arms dealers in the current political landscape. I think the key questions here are how should organisations defend themselves in the light of a powerful adversary with almost unlimited budgets? And what should we as citizens be doing to ensure that intelligence agencies are run with appropriate oversight?

 Xeno Kovah balanced this with a more technical presentation on tools to check the integrity of BIOS and other firmware used on modern PC hardware – these seem to provide the ideal hiding places for the most persistent attackers. An overview of his tools are available from MITRE.

 The second day saw Peter Gutmann of University of Auckland cover some of the many historical examples in which cryptosystems weren’t broken but simply bypassed by attackers. The title of the talk, crypto won’t save you, should be a warning to those that believe that simply using cryptography makes a system secure (and in particular I’m thinking of PGP, Truecrypt and Tor here). My favourite talk of that afternoon was a presentation by Jason Masters on how information security professionals need to learn to work with and talk to the board, understanding and sharing their concerns about what’s really important in corporate governance and risk management. I think this is something that will become ever increasingly important.

 Today was largely filled with a series of highly technical talks, and the talent that this conference attracts reinforces its position as the premier information security event in Australia. Watch this space for more content from the conference once I return to the UK.

Some coverage of the event by The Register and SC Magainze:

http://www.theregister.co.uk/2014/05/16/kiwi_prof_calls_bunk_on_nsaproof_tech_says_crypto_is_enough/
http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/
http://www.itnews.com.au/Gallery/385558,photos-auscert-2014.aspx