Meetings and Events [RSS]

Upcoming

2014

Past

2014

2013

2012

2011

2010

2009

2008

2007

  • 2007-12-13 - 2007 NYTC Holiday Party,
  • 2007-11-07 - IPv6 Workshop, Open forum
  • 2007-10-03 - IPv6 Implementation, Gene Cronk
  • 2007-09-05 - Cryptography in Web Apps, Nick Galbreath
  • 2007-08-23 - NYCBUG-NYPHP Social,
  • 2007-08-01 - Nagios, Marc Spitzer
  • 2007-07-05 - The Real Unix Tradition, Isaac (.ike) Levy
  • 2007-06-06 - DOS Mitigation, Steven Kreuzer
  • 2007-05-02 - pkgsrcCon, Amitai Schlair
  • 2007-04-04 - OpenCVS, Ray Lai

  • 2007-03-07 - Enterprise Security Mgmt, Matthew Burnside
    18:30, Apple Store (SoHo)

    Abstract

    Security policies are a key component in protecting enterprise networks. But, while there are many diverse defensive options available, current models and mechanisms for mechanically-enforced security policies are limited to traditional admission-based access control. Defensive capabilities include among others logging, firewalls, honeypots, rollback/recovery, and intrusion detection systems, while policy enforcement is essentially limited to one-off access control. Furthermore, access-control mechanisms operate independently on each service, which can (and often does) lead to inconsistent or incorrect application of the intended system-wide policy. We propose a new scheme for global security policies. Every policy decision is made with near-global knowledge, and re-evaluated as global knowledge changes. Using a variety of actuators, we make the full array of defensive capabilities available to the global policy. Our goal is a coherent, enterprise-wide response to any network threat.

    Media

    • [Event Audio] (Generously recorded and processed by Nikolai Fetissov)

    Speaker Bio

    Matthew Burnside is a Ph.D. student in the Computer Science department at Columbia University, in New York. He works for Professor Angelos Keromytis in the Network Security Lab. He received his B.A and M.Eng from MIT in 2000, and 2002, respectively. His main research interests are in computer security, trust management, and network anonymity.



  • 2007-02-07 - Subversion, Ivan Ivanov
  • 2007-01-03 - pf(4), Okan Demirmen

2006

2005

2004