RSA USA 2008 – Probably not in 2009

Well.  RSA USA 2008 was an interesting experience.  It was certainly well organized.  The online tool for making your session schedule simply rocked.  I was even able to export it to iCal so I could just use my iPod touch as a pocket schedule.  

I ran into Martin McKeay the on Monday and he pulled me into a round table with Symantec at the point they were covering Data Loss Protection.  If was a fun time and thanks again to Martin.  Symantec acquired the Vontu product.  Certainly I agree that DLP is a fundamental shift change and method for controlling data loss that can only benefit us as professionals.  The problem is that it is so expensive to implement that only the largest of companies can afford it for now.  I did contribute one good question to the discussion.  I pointed out that their “quarantine” function of replacing data that might not be where it should be was not doing a secure overwrite. Data could still leak in the file slack space.  Michael Santarcangelo was fun to watch questioning the presenter and asking some hard but to the point questions.

The thing I was not overly impressed with was the normal sessions.   There certainly were some gems.  But a large number of sessions I attended the speakers just did not send me out with anything so new it excited me.  More than one session the speaker took 30-40 of the 50 minutes just to reach the topic of the session. Too much time was spent on basics.  Even some keynote speakers took time to define basic information security terms like: separation of duties.  Come on, don’t speakers at this level know to research and speak to the level of the audience?  

At least some speakers like Joshua Wright of Sans wireless training fame gave a well paced and informative talk on 802.11N security issues.  I also attended a real good session on metrics.  This is something I have already used to make some project dashboards for the big bosses at work.  It also forced me to learn more excel than I had previously.  Oh well a price for everything.  *grin*

I think one of the talks I most loved was Malcom Gladwell.  I read his book Blink over a year ago and loved it.  He was a very engaging speaker and his take on decision making is really interesting.

Most likely I won’t be going next year.  I think I can find other conferences with more consistent value to me.  I wasn’t the only one wondering where the good sessions went either.


Cisco – AAA Exclude Console Port for Local Backup access

Man. Today I was putting a core 4507R switch onto our Tacacs AAA controls. The main IT admin for that site got all fussy about what if my tacacs account is locked out and its an emergency? Did not like the answer well call the Corporate helpdesk to have it unlocked. So I had to figure out how to make only the console port ignore tacacs AAA and use the local login database instead. Here is what I had to add to the aaa commands.

  1. Create a local user account under global config mode.
    username local-MYNAMEHERE privilege 15 password MYPASSWORDHERE
  2. Next under global config mode
    aaa authentication login console local
    aaa authorization exec console local
    aaa authorization commands 0 console local
    aaa authorization commands 1 console local
    aaa authorization commands 15 console local
    aaa authorization console
  3. Then under the console line interface
    authorization commands 0 console
    authorization commands 1 console
    authorization commands 15 console
    authorization exec console
    login authentication console