It was wonderful to receive such an enthusiastic welcome at the University of Glamorgan yesterday. It's VERY rare that I get chance to speak at Universities.
I thoroughly enjoyed lecturing students on the wonders of information security. The room was packed and questions abounded. The audience didn't need much encouagement from me to discuss and debate different approaches to information security.
You can find my slides here in PPTX format (Powerpoint 2007). You can download a free Powerpoint 2007 viewer here and/or a plug in that will enable you to view the latest file formats from older versions of Microsoft Office here.
Here are links to many of the external websites I quoted:
- Port25.com - a great source of information about how to integrate all kinds ofd LINUXes with Microsoft platforms.
- Rootkit.com - a security research site - do not visit such websites whilst logged in as Administrator or equivalent otherwise you MAY get more than you'd bargined for!
- SysInternals - I recommended Process Explorer, Rootkit Revealer and Sigcheck
- TechNet - a leading resource for IT Professionals
- The Imagine Cup - a global competition where students compete against each other - I left brochures with your lecturer
- The Network Access Protection area of the Microsoft website
I explained in detail why it's a BAD idea to use excessive privilege - specifically why browsing the web and reading email whilst logged in as "Administrator", "root" or equivalent - you are MUCH more likely to pick up nasty malicious software if you ignore this recommendation
Feel free to email me if you'd like to discuss anything to do with information security.
The abstract for the session was as follows:
"Abstract: Effective Security – how to do more with less risk.
Windows Vista and Server 2008 provide the means to implement a wide range of security controls. Which ones make sense for you? Measuring, managing and mitigating risk is a tricky challenge. Balancing the need to “get the job done” with the need to “stop the bad guys from stealing our stuff” is an art. During the talk we’ll take a look at root kits, hyperjacking, bitlocker, IPsec and mandatory integrity control."