Merit Member Conference logo

2010 Merit Member Conference Sets New Attendance Record

Brian Warkoczeski 2010 News, News, News - Events

ANN ARBOR – For the second consecutive year, the Merit Member Conference established an attendance record, hosting over 225 technology professionals from across Michigan and the United States. The 2010 Merit Member Conference was held at the Four Points by Sheraton in Ann Arbor and featured presentations and discussions covering a wide spectrum of topics related to information technology, security, networking, hardware and cutting-edge applications.

Featured Speakers

  • Hal Varian, chief economist for Google, returned to Ann Arbor where he spent several years teaching at the University of Michigan (U-M). He noted that it was during his stay at U-M when he first became interested the Internet and email. In the subsequent years, waves of innovation have occurred on the Internet, including web pages, search engines, wikis, videos and much more.
    Hal Varian
    Varian stated his belief that it is the combinatorial innovation of the web—where code snippets and other components are melded together to form something new—that has helped spur the rapid progress of Internet developments. While manufacturing requires parts and material resources to create new products, software development and computer transactions rely on a continual supply of code development and new applications to create Internet innovations.

    Part of the evolution of the Internet has included computer-mediated transactions, and while the original motivation for their creation may have been for accounting purposes, Varian noted that computer-mediated transactions enable better monitoring and enforcement of contracts. Transaction records produced by computers can be used to optimize the buying process, measure advertising performance, and easily track results over time.

    The barrier to entry for online businesses is falling fast, according to Varian, and small organizations can now have better communication capabilities than large corporations had 10 years ago. Small organizations that cross geographic boundaries can have improved efficiency, and with data center space and infrastructure being available for rent, small organizations can scale their businesses to meet customer demands.

  • Deviant Ollam, a penetration testing consultant and a board member for The Open Organization of Lockpickers, demonstrated how fragile physical security can be when relying on inferior locks. Using a variety of lockpicking tools, Ollam demonstrated how simple it can be to open pin-tumbler locks, wafer locks, and warded locks—many of the locks used in door knobs, desks, cabinets, padlocks, and other everyday items.

    Ollam noted that there are many locks that are pick resistant. Higher-grade locks that incorporate side bars, rotating disks, and/or magnets provide better security. Ollam stated that good locks are not just about preventing intrusion, they’re useful for intrusion detection since a criminal that can’t pick a lock will need to use a different and more obvious method, such as breaking a window.

    Educating security staff and other employees on social engineering tactics can also reduce the risk of a physical security breach. Ollam relayed a story involving two individuals who gained access to a data center by being nice to a security guard and providing the guard with a free chicken sandwich and a soft drink. To prevent similar incidents, employers should teach their staff members to stop an unauthorized guest, challenge an authorization request, and then authenticate the person’s request later by talking to management or other staff members later.

    “Security is only as effective as the people behind it,” according to Ollam.

    Ollam stated that the best locks currently available that have not been breached in a known attack are the Mul-T-Lok MT5 lock, the EVVA MCS lock, and the Abloy Protec lock.

  • Tracy Mitrano, director of IT policy and the computer policy and law program at Cornell University, described the evolution of federal regulation on various industries and presented her belief that the United States government should adapt to the changing Internet practices to better protect consumers.

    Mitrano stated that the United States lags behind many other countries in terms of broadband deployment and to improve Internet connectivity across the country, the federal government may need to pay the cost of last-mile broadband deployment. She gave the example of the Rural Electrification Administration’s deployment of electricity across the United State in the 1930s and said that the federal government could improve broadband in the United States by taking a simi liar approach today.

    The U.S. government relies on multiple departments for monitoring security, privacy and commerce involving the Internet, and Mitrano said that a single federal agency that handles Internet policy and regulation would better serve and protect consumers.

  • Merit Advanced Networking Symposium

    Researchers from across Michigan were invited to share details about their academic projects during the Merit Advanced Networking Symposium. Security, authentication and mobile devices were among the topics discussed during the four sessions at the 2010 Merit Member Conference.

  • Jonathan R. Engelsma from Grand Valley State University described the GVSU Laker Mobile Project, which involved students, graduate students and volunteers who developed an application for iPhone and the Android mobile phone. The project involved students from various disciplines, including art and design, anthropology, and computer science.

    Engelsma stated that the Mac platform is much more rigid in terms of application development than the Android, which is much more open and less-constrained. He noted that students were able to complete applications on the Mac more efficiently than on Android.

    For professors considering a mobile application project for their campus, Engelsma recommended use of a Mac to develop applications for the iPhone over Android development.

  • Andrea Pellegrini from the University of Michigan described how the RSA algorithm is used to provide encrypting in a variety of devices, electronic documents and Internet applications. RSA uses two number pairs, called keys, to provide encryption.

    Pellegrini stated that it’s very difficult to break RSA encryption when long passwords are used. You can attack RSA encryption by spoofing the two keys used, but the increased complexity of the keys used in the encryption process decreases the likelihood of a security breach. Longer encryption keys take a lot longer to break, and generally discourage hackers from wasting their time.

    He stated that a decrease in voltage at a data center can lead to a compromise in security by weakening the strength of an encryption signal, thus exposing the key to a side-channel attack. Not only should an organization protect its code base to prevent a security breach, the physical infrastructure that houses the servers should also be adequately secured.

  • Jon Oberheide from the University of Michigan and Scio Security, Inc. provided an overview of multifactor authentication and gave examples of how it can be used to provide better security for computer applications. Multifactor authentication can use a combination of web-based forms, mobile applications, eye-scanners, out-of-band voice/SMS device call-back, smart cards, USB tokens and other methods to determine whether an individual is authorized to have access to a secure location.

  • Elliot Soloway from the University of Michigan described how cell phone computers can be used for education in a K-12 setting.
  • Break-Out Sessions

    The 2010 Merit Member Conference offered a wide array of presentation topics over two days. Individuals from Merit Member organizations, vendors, and information technology organizations shared their knowledge, demonstrated new applications and offered expert advice on ways to improve efficiency, security and organizational practices.

  • Paul Amaranth of Merit Network provided a thorough presentation on Advanced Persistent Threats (APT), which use a full spectrum of intelligence techniques to gather information about targeted organizations and individuals. While standard malware is motivated by money, an APT performs a goal-oriented attack, which could be after intellectual property, organizational secrets, or other items of value, and does not cease until its objectives have been reached. Amaranth described how Google and many other organizations were breached through a targeted attack that used tailored malware and techniques to steal information using the Aurora Exploit. Amaranth demonstrated how the exploit works and described how organizations should prepare themselves to avoid a breach from an APT. Also mentioned was the targeted attacks on institutional online banking.

  • Joshua Hiner and Doug Jarvi from REMC 1 described how the eight Marquette-Alger school districts are sharing IT resources and equipment to save money. Spam filtering, packet shaping, firewall, and video conferencing equipment are just a some of the hardware that REMC 1 and its districts are sharing to reduce expenses. REMC 1 is also using Merit Network’s On-Net/Off-Net service and bandwidth partitioning to provide the appropriate amount of network bandwidth to each school district on its network.

  • Kurt VanderWal and Marvin Sauer of Plante & Moran gave an overview of credit card security, which is governed by the Payment Card Industry (PCI) Security Council. The PCI Security Council contains representatives from the five major credit card companies and is responsible for investigating credit card breaches. Organizations that wish to process credit cards are facing increased pressure and requirements to become PCI security compliant, which requires an organization to complete a complex three-step process in order to be certified as security compliant. Non-compliant organizations that encounter a credit card breach are subject to stiff fines, such as $500,000 for each incident.

  • MaryBeth Stuenkel from the University of Michigan told attendees about ways that their organizations can implement “Green IT” initiatives by using motion-activated powerstrips, purchasing Energy Star-rated electronics, using laser printers instead of inkjet printers, and educating end users. She summarized the University’s Climate Savers Computing Initiative, which has worked to reduce the power consumption of desktop computers and data centers on campus. Stuenkel also described how the University of Michigan repurposes hardware—including printers, computers, monitors, fax machines and copiers—across campus rather than simply disposing of it.

  • Brad Woodberg of Juniper Networks educated attendees on the kinds of Denial of Service (DoS) attacks, which are used to disrupt or bring down a web site. Flood-based and exploit-based DOS attacks have evolved over the years to include botnets and advanced techniques to create Distributed Denial of Service (DDoS) attacks, with Application Layer DDoS attacks being the most recent method. Rather than simply flooding a web site with traffic, an Application Layer DDoS attack tries to disguise itself as legitimate Internet traffic, targeting a web site’s online applications with botnets that make persistant periodic requests. The antagonist machines pinpoint a web site’s server-intensive processes, such as adding items to a shopping cart or using a search form, and then each offending machine makes approximately 10 requests per second. The results of the cumulative server requests can slow or take down a web site that is not equipped to fight off such an attack. Woodberg demonstrated the effects of an Application Layer DDoS attack on an unprotected web application and how IPS packet processing technology can be used to detect and thwart an incoming attack. Utilizing IPS packet processing a network monitoring device can detect anomalous traffic, check the web application request rate, identify any offending IP addresses, and then silently drop or block future inappropriate connections to shutdown an attack.

  • Brandon Williams of Motorola described how Northern Michigan University has effectively used WiMAX on its campus.

  • Charles J. Antonelli from the University of Michigan provided an overview of security-enhanced Linux (SE Linux). The benefits of SE Linux include an internal warning service that informs users of improper security certificates on visited web sites, mandatory access control for allocating the appropriate credentials to users, and configurable modes for labeling and logging server objects.

  • Joseph Sawasky from Wayne State University (WSU) presented an overview of how consolidating utility IT resources can lead to significant budget savings for a university. He stated that WSU took a “build it, and they will come” approach toward consolidation, and rather than mandating participation, departments were encouraged to voluntarily participate in the IT consolidation effort. That approach has worked well. As part of the utility IT consolidation effort, the information technology department now offers data center server hosting, email messaging, virtualization, disaster recovery services, web site hardware hosting, and file server hosting to the WSU campus community. After two years, the program has saved the University $338,000 annually.
  • The Merit Awards

    Prior to the conclusion, Don Welch, Merit Network’s CEO and president, hosted the 2010 Merit Awards ceremony to recognize individuals and organizations that have shown leadership in networking and information technology, engaged in community building, and shown strong involvement in the Merit community. The following individuals were honored during the ceremony:

    Merit Award for Innovation in Networking and Information Technology
    Dave Maki, Northern Michigan University (NMU)

    Merit Award for Community Building
    Ken Chinavare, Director of Technology, Clare-Gladwin RESD
    Matthew McMahon, Coordinator of Technology Resources, Gratiot-Isabella RESD

    Meritorious Service Award
    Dennis Buckmaster, St. Clair County RESA
    Travis Bussler, Chippewa River District Library
    Mike Zimmerman, Macomb Community College

    Merit, The Year Ahead

    To conclude the 2010 Merit Member Conference, Don Welch described Merit’s mission, goals, and strategy for the upcoming year.

    Welch stated that Merit’s long-term goals included building more fiber-optic network infrastructure in the Upper and Lower Peninsulas of Michigan and that Merit has been pursuing stimulus funding to make the goal a reality. The REACH-3MC project in the Lower Peninsula will dramatically improve connectivity in many communities. Merit’s efforts during Round II of the stimulus funding are designing to improve broadband in the Upper Peninsula and the Northern Lower Peninsula.

    Welch also described the organization’s research activities, which are working to improve Merit’s services and network. He noted a collaborative research project that Merit conducted with Arbor Networks, which documented a shift in Internet traffic.

    “Last year saw the first decline in Tier 1 (backbone) traffic ever,” he said. “About 13 percent of traffic leaving Merit’s Members goes to the Tier 1 Internet. The rest of the traffic goes to other Members, caching services, peers and Internet2.”

    MMC 2011

    Work on next year’s Merit Member Conference is in the initial planning phase, but the event is tentatively scheduled for spring 2011.