Last week I attended SecureCon. Here are a few rough notes:
- At an attendance cost of $0 it was stunning value for money
- Damn Vulnerable Linux is a really useful sample of cracking tools and information for the professional
- Security attacks continue to get worse and there is serious money involved
- Defence in depth (firewalls, OS patches, bandwidth throttles, user education, VLANS to separate traffic types, security zones, policies and policy updating, continues testing, application architecture and design for security,....)
- Assume everything is evil, including traffic from your own network
- Protect the data
- New devices (e.g. mobile devices) and new services (in particular VOIP) increase the attack surface, sometimes by an order of magnitude.