18 Feb 2016

Doubleheader

How secure is your connection to your bank account from a Starbucks WiFi network: Discover SSL/TLS
(1:10-1:50 pm ET)
and
Web Attack Threat Analysis - Experiences with Glastopf honeypot deployment
(2:00-2:40 pm ET)

Mark your calendars and come join your friends in the CAE community for a Tech Talk. We are a warm group that shares technical knowledge. CAE Tech Talks are free and conducted live in real-time over the Internet, so no travel is required. You can attend from just about anywhere (office, home, etc.) Capitol Technology University (CTU) hosts the presentations using their online delivery platform (Adobe Connect) which employs slides, VOIP, and chat for live interaction. Just log in as “Guest” and enjoy the presentation(s).
Below is a description of the presentation(s) and logistics of attendance:

Date: Thursday 18 Feb 2016
Time: 1:10 - 1:50 pm ET
Title/Topic: How secure is your connection to your bank account from a Starbucks WiFi network: Discover SSL/TLS
Audience Skill Level:  Beginner and Intermediate
Presenter: Joseph Vogtembing, Prince Georges County Community College
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Note: An overflow room is available at the address below:
http://capitol.adobeconnect.com/cae2/
Just login as “Guest” and enter your name. No password required.
Description:
SSL/TLS is by no means the only way to secure Web and email communications on the Internet, but millions of people use it every day, protecting credit card numbers, online banking sessions, emails, and more. For normal users, seeing the lock icon and "https" in URLs provides confidence that SSL/TLS is keeping us safe. But in reality how safe is it? In this presentation, we will build a physical Lab, implement remote access SSL, and demonstrate what is really happening on the back end of our laptop and the bank account server.

Date: Thursday 18 Feb 2016
Time: 2:00 pm – 2:40 pm ET
Title/Topic: Web Attack Threat Analysis - Experiences with Glastopf honeypot deployment
Audience Skill Level:  Beginner and Intermediate
Presenter: Dr. Safwan Omari, Lewis University
Location: https://capitol.adobeconnect.com/cae_tech_talk/
Note: An overflow room is available at the address below:
http://capitol.adobeconnect.com/cae2/
Just log in as “Guest” and enter your name. No password required.
Description:
We investigate the use of honeypot for collection and analysis of security cyber threats. Due to their popularity, we target web-based attacks in this work. Glastopf is a well-known web-based honeypot that exposes an attack surface with a few thousand vulnerabilities, which fall into multiple categories including Remote File Inclusion, Local File Inclusion and SQL injection. We deployed Glastopf on a Comcast business network for over a month, we collected a few thousands attacks and more than 80,000 malicious URLs from almost every corner of the world. In this presentation, we share our findings and present through analysis of type of attacks, where these attacks are coming from, and dig deeper into attacker behavior.

CAE Tech Talks are also recorded
CTU will post a recording of the live presentations on its website:
https://capitol.instructure.com/courses/sis_course_id:CAE_Tech_Talk/external_tools/4
Contact
Announcements for CAE Tech Talk events can be found in the news and calendar section of the CAE community website: www.caecommunity.org
For questions on CAE Tech Talk, please send email to CAETechTalk@nsa.gov