RSA post number 1
I finally arrived at San Francisco. Luckly, in time for the Cryptographers panel. Some interesting thoughts from the big brains. Shamir said that security losses are concentrated in low and high level attacks. Media, however, only shows the high level ones.Schneier presentation was also very good. He blogged about it. From his talk I could conclude that buyers should to start pushing vendors to use their models instead of providing their own.After Schneier, Dan Kaminski. As always, Black Ops is always fun and good (in fact, very good) content. Dan mentioned that OpenDNS deployed a very nice feature to block DNS responses with internal addresses. Glad to know that, I'm using OpenDNS at home.About DNS rebinding attacks, what about Snort signatures? Did anybody write rules for detecting those attacks? It seems to be simple and an effective way to do that.I also watched the panel about DLP, with Amrit Williams. He mentioned that DLP won't help against determined attackers, it is aimed against acidental leaks. Are the DLP vendors really saying that to their potential clients?During the panel, Shu Huang mentioned that companies don't know where the data to be protected is: blind spots! Exactly what I said on my article in this month's ISSA Journal.There was a discussion between Amrit and Malte Pollmann, who manages the DLP tool inside an organization? I understand that the DLP tool has as one of the most important features a way to define the management roles that can adapt to different models from diferent companies. It will depend on how the organization deals with security and IT infrastructure.About DLP: The technology can bring a lot of value through IT environment awareness. It's about knowing what is happening on your network. However, the deployment of tools like that will identify several cases that need skilled people to properly assess risks and support the Business on the remediation process.Amrit says that almost no organization has an effective information classification process. I agree with that, I had a discussion about it here in a Brazilian securiy forum some months ago when defending the same argument. Good to know that I'm not alone.And I didn't find anybody from the Bloggers network nor twitter. Where are they?