© 2008 mcafee, inc. security day @ nit trichy speaker profiles & abstracts
Post on 19-Dec-2015
227 views
TRANSCRIPT
© 2008 McAfee, Inc.
Security Day @ NIT Trichy
Speaker Profiles & Abstracts
2
04/18/23
List of Topics and Speakers
1. Overview of Applied Security - Senthilnathan Chandrasekharan
2. Malware - Senthilnathan Chandrasekharan and Dipankar Roy
3. Intrusion Prevention - Kamal Bisht
4. Data Protection - Dipankar Roy
5. Secure Coding and Testing - Apurv Anand
3
04/18/23
TOPIC 1: Overview of Applied SecurityABSTRACT
From the time that the first computer virus was made to the modern day scams, attack and defense in the
computer world has changed many forms. From old and simple Anti Virus products to proactive Behavioral
tracking mechanisms, the good guys have quickly adapted to the scheming ways of the bad guys.
This session will set the context for the whole seminar by defining and then explaining some commonly used
terminologies in the world of Computer Security, explain the anatomy of an “attack” and also touch upon some
commonly used Security Tools. It will also cover how and attack happens and how a layman can defend against it.
4
04/18/23
TOPIC 2: MalwareABSTRACT
In the past three decades people have found ingenious ways to harm computers. The world of harmful software
has different identities and every attack is devised to exploit vulnerabilities (whether its within the computer or in
people’s minds).
This session will try to identify and differentiate different forms of malicious software, known as “Malware”, their
techniques and how Security Companies try to fight them. This will deal with concepts such as Virus, Worms,
Trojan, Spam, Phish, Spyware, etc. We will also explain how Anti Virus, Anti Spam and Anti Spyware products
work.
5
04/18/23
TOPIC 3: Intrusion PreventionABSTRACT
As hacker attacks and network worms began to appear in the late 1990s, Intrusion Detection systems were
developed to identify and report attacks to corporate Security personnel for manual remediation. Traditional
Intrusion Detection technologies do nothing to stop an attack—they simply detect hostile traffic and send alerts.
As the level of threats and the size of IDS deployments increased, it was found that the amount of time needed to
analyze and respond to the IDS systems was becoming prohibitively large. The evolution of new hybrid attacks
that use multiple vectors to breech the security infrastructure highlighted the need for the enterprise to defend
itself against a constantly shifting threat. A solution that proactively protects vital information assets in a timely
manner, without waiting for new signature creation and distribution was needed. The inadequacies inherent in
current defenses has driven the development of a new breed of security products known as Intrusion Prevention
Systems.
This discussion will talk about the different technologies available in the market, their future and challenges lying
ahead. We will talk about the intrusion categories, actions possible over them, signature and anomaly based
approaches, technology behind Host IPS and Network IPS and how other security solutions can be complimented
with the presence of IPS solution.
6
04/18/23
TOPIC 4: Data ProtectionABSTRACT
Every year millions of dollars are lost in various ways by companies losing confidential data either by mistake or by
a planned attempt. It has also been found that a majority of loss of Intellectual Property is actually caused by
insiders. Since loss of confidential data can cause can have simple to far reaching effects, industries and
governments are now focusing on taking proactive steps to protect sensitive information from falling into the wrong
hands.
With the vastness of the Internet and the camouflage of the little pen drive, Security Administrators are finding it
difficult to contain the loss of sensitive information. This session will explain the need and technologies of
protecting data at rest and data in motion.
7
04/18/23
TOPIC 5: Secure Coding and TestingABSTRACT
Application security is one of the key focus areas in the present security scenario. Producing an
application that is reliable is an important demand in the industry. Security is one of the integral
aspects of reliability and has to be built into the application rather than an after thought. Building a
secure application is irrespective of the functionality of the application and takes conscious
engineering efforts. The security aspect of software development starts from the initial phase of
Software Development Lifecycle (SDLC) and may involve steps like security requirements
(requirements phase), secure design (design phase), secure implementation (coding phase) and
confirming to the secure development (testing phase). In our talk, we would focus on the coding
and the testing phase of SDLC and look at how security is implemented in these two phases of
SDLC.
Secure coding is an effort by coders to use the language and the underlying technology in a way
that an attacker does not manipulate the implementation and achieve an un-desired result from
the application. Once the efforts to develop the application in a secure way is put in place, security
testing can confirm if any of the security issues exist in the application. The efforts are put in
testing the application with security as the fault focus area.
© 2008 McAfee, Inc.
Speaker Profiles
9
04/18/23
Senthilnathan C
Senthil has been with McAfee since January 2003. He has been working in the Security domain for more than 8 years
out of a total of 10+ years of experience in the IT industry. He has worked on several Security technologies including
Host and Network based IPS, Firewalls, Content Filtering, Application Gateway Security (Mail and Web) among other
things.
Reading, driving and listening to music are his passions.
10
04/18/23
Dipankar Roy
Dipankar is a Senior QA Manager with McAfee and has worked on various technologies including Centralized Security
Management, Security for Small Businesses and Data Protection. In his more than 6 years with McAfee Dipankar has
formed and setup multiple testing teams.
Dipankar is a MBA and a certified Project Management Professional and currently pursuing a Post Graduate Diploma in
Cyberlaw. When he gets time Dipankar likes to fly paragliders.
11
04/18/23
Kamal Bisht
Kamal is associated with McAfee India (Software) Ltd for more than 5 years and has been involved with host based
Intrusion Prevention System (IPS) since the last 4 years. McAfee's host based IPS involves Host IPS, Network IPS,
Firewall and Application Access Control (whitelist).
While leading the QA team for IPS Kamal was involved in functional testing and automation. Kamal also specializes
in Application Security testing ( which involves vulnerability assessment and penetration testing). Kamal is an ECC
Certified Ethical Hacker.
Kamal relaxes by watching movies or sleeping.
12
04/18/23
Apurv AnandApurv is a software professional and research scientist with over 9 years of experience in the software industry, in
areas of application and network security and software quality assurance. He has proven his ability to implement secure
development lifecycle and mentor various team engineers for the same.
An able representative of McAfee Inc., he understands McAfee security product lines in depth with 6 years of work
experience here. He has been pivotal in pioneering software security awareness in the McAfee by starting a various
initiatives like software security club with the mission of providing expertise and consultancy to other teams. He has
been also involved in engineering response team (ERT) for McAfee Bangalore office, dedicated for handling virus
outbreaks on engineering network. Apurv has written engineering tools such as fuzz testing tools, OS imaging tools, MS
patch management tools that help in software testing. Apurv has been awarded with prestigious awards in McAfee like
ClubGeek and Employee of the Quarter.
Apurv holds a Bachelor of Engineering degree in Computer Science, from Karnataka University.
Apurv in his leisure likes to run and participates in full marathons. He also likes to spend time traveling, doing
photography and performing in professional theaters & plays.
13
04/18/23
Vivek S Mathur
Vivek is the Director of Quality at McAfee India Center. He has over 15 years of varied experience in IT and non IT fields. He has been with McAfee for the past 4 months, before which he was with Intelligroup where he established the independent test and validation group. Prior to that, at Infosys, he handled multiple roles in Dev, QA, and Account Management.
Vivek completed his MBA from IIM Ahmedabad in 1997 after which he started his IT career. Prior to his IT career Vivek worked for 3 years in the prestigious Indian Railways Service of Mechanical Engineering.
© 2008 McAfee, Inc.
Thank You