They’Re Hacking Our Clients! Why Are We Focusing Only On The Servers? presented at ShmooCon 2008

by Jay Beale (InGuardians),

Tags: Security Web Firewall

Summary : In the face of far stronger firewall and IPS-protected perimeters, attackers are compromising far more systems by hacking our web browsers, e-mail clients, and office document tools. Unfortunately, vulnerability assessment practices still focus on checking listening services, even on workstations. Detecting vulnerable clients is left for patch management tools, which aren’t in consistent or wide enough use. Even when organizations are able to invest the time and money in a patch management system, a series of critical problems keeps the botnet builders in business. This talk, by Bastille UNIX creator and Intelguardians co-founder Jay Beale, introduces free tools to detect vulnerable clients and keep them out of the botnets.
Jay Beale created two well-known security tools, Bastille UNIX and the CIS Unix Scoring Tool, both of which are used throughout industry and government, and has served as an invited speaker at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and an author/editor on nine books, including those in his Open Source Security Series and the "Stealing the Network" series. Jay is a security consultant and managing partner at Intelguardians, where he gets to work with brilliant people on topics ranging from application penetration to virtual machine escape.