Well recently I put together the Inaugural Security Camp Oz (SCO) 07.  It is a community driven event for the IT Security community.   We held it in Wagga Wagga at the Charles Sturt University campus. SCO is a FREE two day event for IT Security Professionals of all platforms.  Even though a Microsoft guy put it together, it wasn't a "Microsoft" event. We invited speakers from all areas to present.

We had great speakers and some great sessions over the two days.  Here's the list (also available at http://www.securitycampoz.com )

Grant Holliday (Readify) - Securing your development environment with TFS
David Griffiths (NSW Dept of Lands) - Case Study: Secure Remote Access as a Tool for Business Continuity
Jamie Sharp (Microsoft) - Your Data Centre of the Future
Orin Thomas (Security MVP)- Pushing the limits of EFS in Windows Vista and Windows Server 2008
Rocky Heckman (Microsoft)- Technical Compliance Management
Jason Howarth (Charles Sturt University) - The Principals Of Cryptography
Christian Heinrich (Self) - CVSS and the MS Severity Matrix
Dave Lemphers (Microsoft) - Identity in Social Networks in Web 2.0
Rocky Heckman (Microsoft) - UAC Revealed
Michael Kleef (Microsoft) - Windows Server 2008 Security
Sandi Hardmeier (IE MVP) - Real World Risks
Michael Kleef (Microsoft) - Getting the Security Message Across
Matt Jonkman (Bleeding Edge Threats) - Writing SNORT Rules

Overall it was a very successful event. 140+ Pizzas, and 600+ bottles of drinks. Plus a lto fo education, networking, and general story swapping. All of the attendees I spoke with agreed that they learned a lot and they'd come back next year with friends. 

There were some eye opening moments for a few people, and some panic attacks as well.  You just never know what little things people can think of to break your systems. 

Next year though I hope to get more presenters from the Linux and Open Source community. Security isn't a Microsoft, or Sun thing, it's an industry thing.  It doesn't matter what platform you are using, we are all at risk, and we all have the same duty of care to protect those that use our products, whatever they may be.

Some key takeaways from the presentations:

  • Intrusion detection can't stop application level attacks, but with the proper application of rules in an IDS like SNORT, it can go a long way towards slowing them down.
  • A lot of IT Pros, should find out more about their developers.  Work with them to create a secure development environment, don't just fight them.
  • There are quite a few little 'gotchas' in EFS that need some advanced planning like Key Escrow
  • With the advent of new IP technologies, and protection from the ground up, there are a lot of ways that our new data centres will change...start planning now!
  • Compliance management is one of the hardest things to get a handle on, but with a good plan and good support tooling, it's easy to manage.
  • The boundaries between virtual and real worlds are blurring, and legal matters are spilling across. We need to be ready to respond to new threats and litigations in the digital age.
  • There is still a long way to go in order to get a common way to address vulnerability ratings, but at least there are people working on it and there are plans to have a standardized method for describing them.
  • UAC is a very misunderstood, and perhaps misrepresented feature in Vista. There is a lot more behind it than you may think, and it's always better to leave it on and work smarter, than to turn it off and work ignorantly.
  • Malware writers are getting crafty and using seemingly innocent web sites to sneak their malware onto your machines through banner ads.  Pay attention, and dont' click blindly.
  • Many people don't understand just how they can be attacked.  They don't realise just how easy it is to learn how to be a better Internet user.  Talk to them, share your knowledge and experience. Keep it simple and use terms they know.

Stay tuned for next year's camp. I'm sure you'll find it's worth it.  Lots of people turned up, and they all got something out of it. So tell your friends! ;-)