Skip to the content

Kansas State University

  1. K-State home >
  2. Information Technology Services >
  3. Security >
  4. Events and Training >
  5. October 2009 IT Security Training Event

April 2011 IT Security Training Event

In Sprint of 2011 K-State's Office of Information Security and Compliance hosted a full day IT security training event at the K-State Stuedent Union.

General sessions and breakout sessions were presented on a variety of non-technical and technical topics to teach attendees how to ensure their computers can remain more secure. Most of the presentations are available in PDF below.

The Spring 2011 theme was a birthday salute to the great president Thomas Jefferson and the great chess master Garry Kasparov. These well-respected greats deserved a salute, and what better way to say happy birthday than with a cyber-security training event?

Program Schedule

Time Sessions
8:00-8:30am Registration - Donuts, Coffee, and free smiles will be provided!
Outside The Big 12 Room, K-State Student Union
8:30-9:00am

Keynote -- Emerging Threats, and the Chess game that ensues
Presenter: Harvard Townsend
Chief Information Security Officer
Presentation: Click here
Abstract:
1,089 IT security incidents; 456 stolen eID passwords; 560,518 instances of malware detected by Trend Micro; 83 instances of malware that steals financial account information; 83 DMCA violations; 20+ stolen laptops; 10 defaced K-State websites - 2010 was active year for security incidents at K-State. This presentation will set the stage for the rest of the day's sessions by providing a brief overview of statistics and trends for security incidents over the past four years and describe how the threats have changed. The attacks are considerably more sophisticated and numerous, but also more furtive and cunning so we cannot let down our guard. In fact, we must bolster our defenses or we will lose the battle to protect K-State's information and people.

9:00-9:15am Break
9:15-10:15am
(select one of these concurrent sessions)

SecureIT Live!
It's not your forefathers' security!
Presenters: Neil Sindicich
Presentation: Click here.
Abstract:
The State of Kansas has mandated all state employees to receive cyber-security awareness training. For most, K-State security training will be offered online, but if you would prefer to take it in person so that you can ask questions, provide feedback, or just get a free donut out of the deal, you should take advantage of this opportunity. This session will cover the basics of online security that K-Staters need to know in order to stay prepared to handle any threat. Attendance at this session will be recorded so that your HR file can be updated to indicate that you have met the state requirement.


Mobile Device Security:
My cell phone beat Garry Kasparov!
Presenter: Austin Polley
Presentation: Click here.
Abstract:
iPods, iPads, smartphones, laptops and netbooks! Mobile devices are taking over! New innovations and improved functionality have made mobile devices a part of everyday life for many people, but these wondrous devices can come with greater risks if not taken serious. Come learn some tips and tricks on how to stay safe and secure with mobile devices.

Dissecting a Phishing Scam:
It's just another game of Chess
Presenter: Harvard Townsend
Presentation: Click here.
Abstract:
Since January 2008, K-State has been plagued by spear phishing scams that attempt to steal users' eIDs and passwords. Unfortunately, this has proven to be a particularly effective form of social engineering with over 1,000 K-Staters falling victim to these scams in the last three years. This presentation will provide detailed statistics about these scams, demographics of the victims (it's not just naive freshmen!), how to recognize a phishing scam, examples that were particularly effective at tricking people, how a few compromised accounts can affect the entire campus, and what K-State is doing to defend against these attacks.


A Breakdown of Malicious Software:
Beating Deep Blue in 3 easy steps
Presenter: Josh McCune
Presentation: Click here.
Abstract:
Computers are integral to nearly all parts of our modern lives. Consequently, modern malware has evolved beyond just targeting our personal information to targeting control systems for complex systems like centrifuges used for uranium enrichment. Next generation malware like Stuxnet has made the threat of a physical or "kinetic" attack using computers a very real possibility. In this session we'll discuss some current events like the Wikileaks and HBGary incidents as they relate to this changing threat landscape, and what we're doing at K-State to protect ourselves.

10:15-10:30am Break
10:30-11:30am
(select one of these concurrent sessions)

Lightning round:
It's not all Presidential
Presenter: Jeremiah Shirk, Richard Becker, and Audrey Hubbell
Abstract:
This presentation features three topics.
InCommon Certificates:
Presentation: Click here.
K-State's secure websites use hundreds of SSL certificates, and the number is growing every year. This year, K-State will be subscribing to the InCommon Certificate Service, which provides unlimited SSLcertificates to educational institutions. Obtaining certificates will be easier, faster, and less expensive for website administrators at K-State. This session will describe the changes that you can can expect as the service becomes available.
Virtual Private Networking:
Presentation: Click here.
Examining the state of VPN @ K-State. Why should our users care about VPN technology? Why are we transitioning to SSL VPN and how do we support our users through this transition? In this presentation, we will provide an overview of the VPN technologies available to K-Staters. We will discuss the differences between our current use of IPSec VPN and why we are moving towards an SSL-based implementation. We will demonstrate the features of the new AnyConnect client and highlight available resources that will provide VPN support to our user community.
IPv6:
Presentation: Click here.
We've heard for years that "IPv6 is coming so you better get ready." Well, IPv6 is enabled by default in Windows 7 and Mac OS X 10.6 so it's already here - you better get ready! This is exacerbated by the fact that the last blocks of available IPv4 addresses were allocated earlier in 2011. This session will provide an overview of IPv6, compare it to IPv4, describe the current state of IPv6 on the K-State campus, and explain why people should disable IPv6 on their computers until we can systematically deploy it across the campus.

Social Networking
How to be Garry Kasparov's friend
Presenter: Harvard Townsend
Presentation: Click here.
Abstract:
Social networks like Facebook, Twitter, YouTube, and MySpace are a fact of life and they have permanently altered the privacy landscape on many fronts. This session will focus on security risks of social networking, the ways hackers are using social networks to try to infect your computer and/or steal your personal information; the subtle and not-so-subtle threats to your privacy; and tips on how to navigate the social networking landscape safely.


Standard in Configuration:
A Security Constitution for Everyone
Presenter: Thomas Kuhn
Presentation: Click here.
Abstract: An important part of secure computing is securing your computer. While this sounds obvious successfully doing so is sometimes a bit of a challenge. In this presentation we’ll cover a few easy ways to secure your computer and a few ways to enable your computer to keep itself secure.


Secure Browsing on Removable Media:
How to play Chessmaster Online at work without getting caught
Presenter: Larry Havenstien
Presentation: Click here.
Abstract:
How to set up a secure browsing environment using Linux that can be used for banking or other clean browser needs. A bootable Linux can be set up to run from a CD or USB thumb drive for web browsing when needed. We will show how you can do this and give information on how to get one that is already set up.

11:30am-1:00pm Lunch
1:00-2:00pm
(select one of these concurrent sessions)

SecureIT Live!
It's not your forefathers' security!
Presenters: Neil Sindicich
Presentation: Click here.
Abstract:
The State of Kansas has mandated all state employees to receive cyber-security awareness training. For most, K-State security training will be offered online, but if you would prefer to take it in person so that you can ask questions, provide feedback, or just get a free donut out of the deal, you should take advantage of this opportunity. This session will cover the basics of online security that K-Staters need to know in order to stay prepared to handle any threat. Attendance at this session will be recorded so that your HR file can be updated to indicate that you have met the state requirement.


Mobile Device Security:
My cell phone beat Garry Kasparov!
Presenter: Austin Polley
Presentation: Click here.
Abstract:
iPods, iPads, smartphones, laptops and netbooks! Mobile devices are taking over! New innovations and improved functionality have made mobile devices a part of everyday life for many people, but these wondrous devices can come with greater risks if not taken serious. Come learn some tips and tricks on how to stay safe and secure with mobile devices.

Dissecting a Phishing Scam:
It's just another game of Chess
Presenter: Harvard Townsend
Presentation: Click here.
Abstract:
Since January 2008, K-State has been plagued by spear phishing scams that attempt to steal users' eIDs and passwords. Unfortunately, this has proven to be a particularly effective form of social engineering with over 1,000 K-Staters falling victim to these scams in the last three years. This presentation will provide detailed statistics about these scams, demographics of the victims (it's not just naive freshmen!), how to recognize a phishing scam, examples that were particularly effective at tricking people, how a few compromised accounts can affect the entire campus, and what K-State is doing to defend against these attacks.


A Breakdown of Malicious Software:
Beating Deep Blue in 3 easy steps
Presenter: Josh McCune
Presentation: Click here.
Abstract:
Computers are integral to nearly all parts of our modern lives. Consequently, modern malware has evolved beyond just targeting our personal information to targeting control systems for complex systems like centrifuges used for uranium enrichment. Next generation malware like Stuxnet has made the threat of a physical or "kinetic" attack using computers a very real possibility. In this session we'll discuss some current events like the Wikileaks and HBGary incidents as they relate to this changing threat landscape, and what we're doing at K-State to protect ourselves.

2:00-2:15pm Break
2:15-3:15pm
(select one of these concurrent sessions)

Lightning round:
It's not all Presidential
Presenter: Jeremiah Shirk, Richard Becker, and Audrey Hubbell
Location: Room 212
Abstract:
This presentation features three topics.
InCommon Certificates:
Presentation: Click here.
K-State's secure websites use hundreds of SSL certificates, and the number is growing every year. This year, K-State will be subscribing to the InCommon Certificate Service, which provides unlimited SSL certificates to educational institutions. Obtaining certificates will be easier, faster, and less expensive for website administrators at K-State. This session will describe the changes that you can can expect as the service becomes available.
Virtual Private Networking:
Presentation: Click here.
Examining the state of VPN @ K-State. Why should our users care about VPN technology? Why are we transitioning to SSL VPN and how do we support our users through this transition? In this presentation, we will provide an overview of the VPN technologies available to K-Staters. We will discuss the differences between our current use of IPSec VPN and why we are moving towards an SSL-based implementation. We will demonstrate the features of the new AnyConnect client and highlight available resources that will provide VPN support to our user community.
IPv6:
Presentation: Click here.
We've heard for years that "IPv6 is coming so you better get ready." Well, IPv6 is enabled by default in Windows 7 and Mac OS X 10.6 so it's already here - you better get ready! This is exacerbated by the fact that the last blocks of available IPv4 addresses were allocated earlier in 2011. This session will provide an overview of IPv6, compare it to IPv4, describe the current state of IPv6 on the K-State campus, and explain why people should disable IPv6 on their computers until we can systematically deploy it across the campus.

Social Networking
How to be Garry Kasparov's friend
Presenter: Harvard Townsend
Presentation: Click here.
Abstract:
Social networks like Facebook, Twitter, YouTube, and MySpace are a fact of life and they have permanently altered the privacy landscape on many fronts. This session will focus on security risks of social networking, the ways hackers are using social networks to try to infect your computer and/or steal your personal information; the subtle and not-so-subtle threats to your privacy; and tips on how to navigate the social networking landscape safely.


Copiers Meet the Network:
Why you shouldn’t copy 2 dollar bills
Presenter: Anthony Phillips
Presentation: Click here.
Abstract:
Today’s high-tech photocopiers do so much more than make copies. They have operating systems, web servers, e-mail engines, fax machines and scanners. All of which are accessible over the public network. All of which can pose a security threat to your data. Find out where your office might be vulnerable to sensitive data leakage and what to do about it. Learn the ins and outs of securely configuring your copier to prevent unauthorized access and how to securely connect it to the network so you can do your job without putting the University at risk.


Secure Browsing on Removable Media:
How to play Chessmaster Online at work without getting caught
Presenter: Larry Havenstien
Presentation: Click here.
Abstract: How to set up a secure browsing environment using Linux that can be used for banking or other clean browser needs. A bootable Linux can be set up to run from a CD or USB thumb drive for web browsing when needed. We will show how you can do this and give information on how to get one that is already set up.

3:15-3:30pm Break
3:30pm-4:00pm

Peering into the crystal ball - an open dialog about the future of IT security at K-State
Presenter: Harvard Townsend
Chief Information Security Officer
Abstract:
What does the future of IT security at K-State look like? The growing sophistication and frequency of attacks calls for more restrictive IT security controls, but at what point do these restrictions pose an unacceptable barrier to users, keeping them from getting their work done? On the other hand, if users push back against security mandates, how do we get them to accept responsibility for the critical role they play in security given the fact that social engineering is THE most common way targeted attacks infiltrate an organization's network? As one security practitioner put it, "There's no patch for users!" The highly distributed control and management of IT resources at K-State also poses a significant challenge to managing security. When does it make sense to centralize security versus leaving it up to the local system administrator, or in many cases, the user? Furthermore, increased security has implications for individuals' privacy. Join K-State's central IT security team in an open discussion of these challenging trade-offs as we contemplate together the bumpy, twisting road ahead that leads to cyber-Shangri-La (that mythical utopia of secure information and people).