Revolutionizing the password, and other musings from the Infragard Day of Learning

In Philadelphia, the Infragard Day of Learning provided a peek at a new SIEM tool, suggestions for password practices, and, for some, career opportunities.

On Friday, June 8, 2012, Philadelphia Infragard Day of Learning was held at a beautiful conference center owned by Pfizer. The multitude of FBI agents, local and not-so-local LEO's (Law Enforcement Officers), Digital Forensics people, and, well, suits, was pretty impressive in a "Where'd all the black t-shirts go?" kind of way. The talks, however, were great.

One presentation I really liked was HECTOR, a roll-your-own SIEM (Security Incident and Event Management) system from the University of Pennsylvania. A seriously overgrown asset management system, now outfitted with plugins for OSSEC, Nessus, NMAP, and more, it is newly open-sourced and available with API access for all.

RELATED: How to determine if your LinkedIn password has been compromised

The Best Tweets in Response to LinkedIn's Password Leak

Justin Klein Keane, the principal masochist/programmer behind HECTOR, discussed how to use security intelligence. How do you know what patch cycle you need to be on if you don’t know the lag time in which attackers will try to hit you with an exploit? Why do we change passwords every 30 days? Is it really necessary?

According to Justin, not so much. It used to be a good idea, when passwords were sent in the clear and it would be easy for someone to replay a password, so changing them regularly was good practice. But now? Just about everything (Linkedin excluded) is hashed, salted, and encrypted, in some form or fashion. But we don’t think about that, because changing passwords is the “way it’s always been done!”

So HECTOR was designed to collect as much actual security intelligence as possible, and make it intelligible to Layer 8 beings. Since Archer is a cool million or better, and even Arcsight isn’t cheap, it’s nice to see a FOSS SIEM with built-in honeypots, darknets, and Big Data analysis tools, and available right now.

Back at the conference, the hallway track was productive as well. While talking to a couple of gentlemen near the food (where you can reliably find me), it turns out that one of them was looking for employment, and I was able to help direct him to some resources. If you didn't catch that, he made an effort to come out to local InfoSec conferences, and it will hopefully pay off.

Come out to the ECTF, Infragard, ISSA, ISACA, OWASP, Derbycon, Shmoocon, Security B-Sides cons, or your local meetings. Meet other people, meet other potential employers, and learn about the industry we all share.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

IT Salary Survey: The results are in