Defending against DDoS and Advanced Attacks on Critical Infrastructure (3 Sep 11)

In the past year, DDoS and advanced attacks targeting critical infrastructure become more and more vigorous. Governments (US, Malaysia , Korea …), stock exchanges ( Hong Kong , New York and London ) and nuclear plants in Iran all fell in prey to large scale attacks. The recent attack to Hong Kong has impacted our economy’s reputation and well being. Hong Kong needs to step up our awareness and response. ISOC-HK (Internet Security and Privacy Working Group) would like to reply to the call with prominent InfoSec associations to organize a seminar on 3-Sep-2011 to discuss the topic.

___________________________________________________________________

Event Photos Slideshow:   Event Video:  Coming Soon   Agenda 1. What is DDoS and the Mitigation Strategies? Presentation Mr. Frank Tse Research Manager, Nexusguard Mr. Frank Tse is the Research Manager of Nexusguard, a premium DDoS mitigation provider. He is an experienced network security specialist in DDoS mitigation, responsible for understanding the most current DDoS attacks and developing pre-emptive mitigation strategies. He is also in charge of maintaining the mitigation provider’s knowledge base and internal training. Frank has been on the frontline of combating DDoS for Nexusguard for the past three years, analysing and mitigating hundreds of attacks per month. He provides first hand and in-depth insight on attacks and effective application of countermeasures.  He is also the coordinator for external communications with academic and research bodies like Team Cymru, DEFCON, Blackhat, WIDE project, Arbor Atlas etc, on DDoS related matters.  Mr. Tse is a CCIE holder with a degree in Computing Mathematics. 2. Web Servers – the Sure Targets? Presentation   Anthony Lai (right) and Alan Ho Anthony Lai & Alan Ho are Security Researchers of Valkyrie-X Security Research Group, a group of passionate security researcher who are keen to connect with prominent and respectable hackers and researchers worldwide. Alan and Anthony have published their research Webapp Secuirty Fengshui in Macau and Hong Kong in July 2011 to arouse the security awareness in web application.  Mr. Anthony Lai Security Researcher, Valkyrie-X Security Research Group (VXRL)   Anthony founded Valkyrie-X Security Research Group in Hong Kong.He was with various MNCs as security consultant, working on code audit, penetration test, crime investigation and threat analysis. He had spoken in Blackhat 2010 and DEFCON 18 on Chinese malware and Internet censorship. He and other researchers Birdman, Benson and PK created the APT DNA Clustering Project (http://aptdeezer.xecure-lab. com) and presented it in DEFCON 19 and Hack In Taiwan 2011. Anthony had also provided tactical exploitation training with Val Smith and Colin Ames at Blackhat USA 2011.     Mr. Alan Ho Security Researcher, Valkyrie-X Security Research Group (VXRL)  Alan is currently working as a software engineer with a focus on web application. He has been working on web programming for several years, realizing that web security is one of the most significant topics we should be aware of. Alan  is a GIAC Web Application Penetration Tester and is with a MSc in Information System Management.

3. Panel Discussion: The Lessons Learnt in the Recent Attacks

  Moderator:

  Mr. SC Leung, Internet Security & Privacy Working Group, ISOC-HK

  Panelists:

  Mr. Frank
Tse, Research Manager, Nexusguard
  Mr. Anthony Lai, Researcher, VXRL
  Mr. Roy Ko, Centre Manager, HKCERT
  Mr. Michael Chan, Committee Member, HKCS-ISSIG
  Mr. Michael Yung, President, ISACA
Mr. Ricci Ieong, Secretary, ISFS
Mr. Frank Chow, Vice Chairperson, PISA