MONDAY, AUGUST 14, 2000
M1 Intrusion Detection and Network Forensics
Marcus J. Ranum, Network Flight Recorder, Inc.
Who should attend: Network and system managers, security managers, and auditors. This tutorial assumes some knowledge of TCP/IP networking and client/server computing.
Intrusion detection systems are designed to alert network managers to unusual or possibly hostile events within the network. This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered.
Marcus J. Ranum is CEO and founder of Network Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker.
M2 Windows 2000 Security
Who should attend: System and network administrators who will need to implement or maintain Windows 2000based systems and networks, and site managers charged with selecting and setting site security requirements.
The security implications of a large Windows 2000 (Win2K) deployment are not yet well understood. This tutorial presents the problems and solutions surrounding Win2K and the security of the networks it runs on. It will cover the design of Win2K from a security standpoint and outline what Win2K has "out of the box" for security, along with Win2K-related risks and appropriate countermeasures. It will conclude with specific recommendations on firewalling Win2K and offer pointers on how to "harden" the system.
Phil Cox is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management. Phil is a featured columnist in ;login:, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.
Paul B. Hill, a programmer/analyst at the Massachusetts Institute of Technology, has been involved with the development of MIT's Kerberos implementation since 1991. Paul is the senior programmer on MIT's Project Pismere, a project to provide an academic computing environment on Windows 2000 that is integrated into MIT's existing Athena computing environment. Paul also consults on system security.
M3 Security from the Inside Out: System Engineering for
Who should attend: Consultants, systems architects, information security professionals, system administrators, and anyone responsible for planning, implementing, or evaluating security systems.
Firewalls, IDS, VPNs, authentication devices, and various servers all provide tactical point solutions that address various security issues. How do we pull them together to form a security system? How do we properly engineer this system and avoid the pitfalls of over-engineering?
You will learn how to quantify values in your networked environment, giving you the information to determine how much security is needed and where.
Topics include the following systems engineering areas as they relate to network security:
We will discuss the vision of a security architecture and how to handle all phases of this process, how to engineer the multiple layers of security, and how to navigate politically and technically to create the best solution for your environment.
Char Sample, a senior systems engineer at L-3 Network Security, has over fourteen years of experience in the industry. One of the original five engineers on the Gauntlet project at Trusted Information Systems, Char has installed and integrated over 200 firewalls and has experience deploying e-commerce solutions. She has developed and delivered training for a number of organizations and has been an invited speaker for various industry security conferences.
Ian Poynter is president of Jerboa Inc., a strategic Internet security consultancy he founded in 1994. He has over 14 years in the technology industry, focusing on networking and human/computer interfaces. He has delivered firewall and Internet security training to key IS personnel and has appeared as an expert speaker at professional meetings and industry conferences. Mr. Poynter holds a B.Sc. First Class in computer science from University College, London.
M4 Cryptography: From the Basics Through PKI
in 23,400 Seconds
Who should attend: Corporate security officers, Webmasters, IT planners, and all those who want to augment their self-taught knowledge of modern security technology with an up-to-date, sophisticated look at what they have to work with.
We approach cryptography as a tool, not a calling and we see a Public Key Infrastructure as an investment you may or may not choose to make. If we do our job, you'll be in a position to buy with confidence.
Daniel E. Geer, Jr., Sc.D., is Chief Technologist Officer for @stake, Inc., a privately held confidential security consulting firm. Current Treasurer of the USENIX Board of Directors, he is President-Elect of the Board. He currently serves as a member of the Federal Trade Commission's Advisory Committee on Access and Security. Dr. Geer, co-author of the Web Security Sourcebook, is the inventor of record on a number of security patents pending.
Avi Rubin is a Senior Technical Staff Member at AT&T Labs, Research, in the secure systems research department, and an Adjunct Professor of Computer Science at New York University, where he teaches cryptography and computer security. He is the co-author of the Web Security Sourcebook. Avi has served on several program committees for major security conferences and as the program chair of the USENIX Security '98, the USENIX Annual Technical '99, and the SOC NDSS 2000 conferences.
TUESDAY, AUGUST 15, 2000
T1 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Phil Cox, SystemExperts Corporation
This course will be useful for anyone with any TCP/IP-based system--a UNIX, Windows NT, or mainframe operating system, or a router, firewall, or gateway network host.
Whether network-based host intrusions come from the Internet, an extranet, or an intranet, they typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the tools and techniques hackers (determined intruders) use to perform these activities. You will learn what types of protocols and tools they use, and you will become familiar with a number of current methods and exploits. The course will show how you can generate vulnerability profiles of your own systems. Additionally, it will review some of the important management policies and issues related to these network-based probes.
The course will focus primarily on tools that exploit many of the common TCP/IP based protocols, such as WWW, SSL, DNS, ICMP, and SNMP, that underlie virtually all Internet applications, including Web technologies, network management, and remote file systems. Some topics will be addressed at a detailed technical level. This course will concentrate on examples drawn from public domain tools, because these tools are widely available and commonly used by hackers (and are free for you to use).
Topics not covered:
Phil Cox is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login:, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.
T2 Handling Computer and Network Security
Who should attend: System and network administrators, information system security officers, and managers who have responsibility for the security of networks and computing systems. Basic knowledge of modern operating systems and networking is recommended because it will help in understanding the incidents, procedures, and countermeasures given as examples.
Are you prepared to handle a security incident at your company or organization? The recent spate of distributed denial of service (DDoS) attacks was resolved most effectively by sites that could field coordinated incident handling capabilities. The ability to respond to computer security incidents is a requirement of rapidly increasing importance for any organization in which computers and networks are an essential part of the infrastructure. This course provides the knowledge necessary to prepare for and handle computer and network security incidents with step-by-step information and examples from real-world incidents.
Jim Duncan is the Lead Product Security Incident Manager for the Product Security Incident Response Team (PSIRT) at Cisco Systems, Inc., where he is responsible for assisting customers with computer and network security incidents. Jim was a card-carrying member of the Penn State CERT. He is a contributor to the original Site Security Policy Handbook (RFC 1244), and he has composed or rewritten many security advisories, policies, and guidelines on systems and network administration, computer security, incident handling, and ethics.
Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many U.S. and European user groups. Farrow recently licensed his Survey of Intrusion Techniques and Defense Measures five-day class to the NSA for internal use. He is the author of UNIX System Security and System Administrator's Guide to System V. Farrow writes columns for ;login: and Network Magazine.
T3 Cryptographic Algorithms Revealed
Who should attend: Anyone interested in a fairly detailed overview of what makes cryptographic algorithms work, and, when they don't work, how they are broken. The tutorial will be as up-to-the-minute as possible with respect to the development of the Advanced Encryption Standard.
Some mathematical background is required--at the very least, familiarity with common mathematical notation and polynomials, and some elementary statistical knowledge. You've been warned.
Topics include (unless time runs out):
Greg Rose graduated from the University of New South Wales with a B.Sc. (honours) in computer science and was awarded the University Medal in 1977. A member of the Board of Directors of the USENIX Association, he served as program chair of the 1996 USENIX Security Symposium. As Principal Engineer at QUALCOMM, he focuses on cryptographic security and authentication for wireless communications, and on setting up the office of QUALCOMM Australia. He has written a number of public tools using cryptography, and he holds generic cryptographic export licenses for two countries.
T4 Secure Networking: An Introduction to VPN Architecture and
Who should attend: System administrators and network managers responsible for remote access and wide-area networks within their organization. Participants should be familiar with TCP/IP networking and fundamental network security, although some review is provided. The purpose of this tutorial is to provide a step-by-step guide to evaluating an organization's VPN requirements, selecting the appropriate VPN architecture, and implementing it within a preexisting security infrastructure.
Virtual private networking technology provides a flexible mechanism for addressing connectivity needs within many organizations. This class focuses on assessing business and technical requirements for remote access and extranet connections; evaluating VPN technology; integrating VPNs within an existing network infrastructure; common implementation difficulties; and VPN security issues.
After completing this course, attendees should be ready to evaluate their requirements for remote access and begin testing commercial VPN implementations.
Tina Bird is a senior security analyst at Counterpane Internet Security.
She has implemented and managed a variety of wide-area-network security
technologies and has developed, implemented, and enforced corporate IS security
policies. She is the moderator of the VPN mailing list and the owner of "VPN
Resources on the World Wide Web," a vendor-neutral source of information about
VPN technology. Tina has a B.S. in physics from Notre Dame and an M.S. and Ph.D.
in astrophysics from the University of Minnesota.