Network Computingwww.networkcomputing.com

Companies buy electrical appliances that are UL approved because if they don't, and someone is injured by a non-UL-approved electrical appliance, they are liable. UL tests electrical devices and provides a stamp or approval. So like most business drivers, the road to better security will be paved with greenbacks. Look, I can't do his presentation justice. Grab the slides and see for yourself.

Next I attended "Biometrics and Token Technologies - Attack Overview." OK, this wasn't a how-to-break-biometrics tutorial. Instead it was a broad overview of the technologies out there and some practical statements about how they may be used, where they are appropriately used and some comments on how they might be fooled.

Rounding out the morning was a talk on "The New RFC 2527 CP/CPS Framework." Let's face it. Very few of us read the EULAs for the software we buy, the text in the myriad pop-up windows on our PCs -- or for that matter, the text right below the US Federal Reserve System seal on a 20-dollar bill. Who is going to (1) know what a CP or CPS is (certificate policy and certification practice statement); and (2) read one of these buggers before buying a book at Amazon? If your organization is serious about PKI, either as a deployer or as a consumer, you need to bone up on this topic. The talk covered some proposed changes to RFC 2527, including a section to help attorneys with legal reviews.

So, with my head swimming with sessions, it's off to the floor to talk with vendors.

Sourcefire brings us the power of Snort, the open-source intrusion detection system, with the ease of use of a GUI-managed appliance. Oh, and Martin Roesch, the author and lead developer of Snort, is building OpenSnort -- not some third party trying to capitalize on another's work. What's really cool about OpenSnort is not the slick GUI or the ease in building IDS signatures. It's the data mining features that are both powerful and intuitive. You can drill into data in a multitude of ways depending on what you need to see. Watch these guys. They are on the right track.

Lunch with Ubizen. Ubizen focuses on managed services for the financial sector. It has a Web security product called DMZ Shield, which is a reverse proxy and enforces policy at the HTTP and HTML level. Pretty much anything passed in the HTTP stream is available for policy enforcement. On the managed services side, the big story is providing resilient security operation centers and SLAs to end organizations.

SecurityFocus, the company that brings you one of the best security portals, has a new version of its Aris product, a subscription service. SecurityFocus receives IDS logs from a large number of organizations across the globe, consolidates the events and provides a variety of graphs, charts and other visual representations of the attack landscape. The real value, however, comes with the expert analysis about the threats, vulnerabilities and anomalous traffic patters on a global scale and the threat alerts about malicious activity.

3Com. Everyone knows a desktop firewall is a must-have item. But, not everyone knows that desktop firewalls can be shut down via malicious code. To combat this, 3Com and SecureComputing have partnered to provide an embedded firewall on the 3CR990-TX-95/97 NICs. The embedded firewall is a packet filter firewall that is centrally managed and is resistant to shutdown-style attacks, because none of management or policies are resident on the host OS. It's a little pricey at the moment. You need to buy the NIC, the Firewall Policy Server ($999) and licenses for the NIC (I didn't ask about the price). That's pretty steep for onesy, twosey installs, but you might be able to get economies of scale. If 3Com can bring the price per NIC down from Mount Olympus, then this product may become a cost-effective tool.

Guidance Software makes digital forensics software for data gathering and analysis of storage media. If you are not in law enforcement you probably haven't even heard of the company. There are three products, EnCase which is a stand-alone application; EnCase Enterprise Edition, which works over the network; and FastBloc, a write-protected hardware device that interfaces with disk drives and transfers data from the target to the EnCase product.

Encase takes a sector-by-sector snapshot of the a hard drive, either off a drive or over the network, and stores it as a virtual disk, which exposes all the data on the disk at the sector level for examination. It recreates the disk drive virtually and supports the common file systems used today such as FAT 12/16/32, NTFS, UFS, HFS and HFS+, EXT2, PDAs and RAID arrays. The entire disk can be searched using simple text searches or regex expressions. It provides a number of tools for viewing the media types and managing the data that might be used as evidence. While I can't speak about this product's value in court, it would be a useful tool for internal investigations.

There were a number of booths set up by consultancies such as @Stake, Foundstone, KPMG and PricewaterhouseCoopers. Even the NSA (No Such Agency) had a manned booth. It seemed like user management and event management were pretty hot and, of course, products. Something for everyone for sure.