We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security

Presented at DEF CON 19 (2011), Aug. 7, 2011, noon (50 minutes)

Many standards, especially those provided by the government, are often viewed as more trouble the actual help. The goal of this talk is to shed a new light onto onesuch standard (FIPS 140) and show what it is inteded for and how is can sometimes help ensure good design practices for security products. But everything is not roses and there are certain things that these standards cannot help with or may even inhibit. By examining these strengths and potential weakness, the hope is everyone will have a new opinion of this and similar standards and how they are used.

Presenters:

• Joey Maresca
  Joey Maresca is a security analyst/engineer with a background in computer hardware and software, including a BS in Electrical and Computer Engineering from The Ohio State University. In a past life, he worked at the US Patent Office, while not the most exciting job it was an informative experience. Over the past five years he has worked in the security field with a primary focus on FIPS 140 testing and validations. This has allowed him inside access to dozens of commercial products. Twitter: @l0stkn0wledge

Links:

• https://defcon.org/html/defcon-19/dc-19-speakers.html#Maresca
• https://infocon.org/cons/DEF CON/DEF CON 19/DEF CON 19 video and slides/DEF CON 19 - Joey Maresca - Were Here To Help A Look At How FIPS 140 Helps And Hurts Security - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=wtl5NxM0J3Q

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Can not See the Wood for the Trees - Too Many Security Standards for Automation Industry
• AppSec USA 2017 / How To Approach InfoSec Like a Fed(eral Auditor)
• HOPE X (2014) / The Web Strikes Back - Fighting Mass Surveillance with Open Standards