Check out the new USENIX Web site.
Networking '99 - NETA, Tutorials, and ID
Table of Contents
NETWORKING TUTORIAL PROGRAM
[Friday:  F1 - F2 - F3 - F4    Saturday: S1 - S2 - S3 - S4]
 

F3   Handling Computer and Network Security Incidents
Jim Duncan, Penn State University, and Rik Farrow, Consultant

Who should attend: System and network administrators, security staff, and their management who have responsibility for the security of networks and connected systems. Basic knowledge of modern operating systems and networking is recommended because it will help in understanding the example incidents, procedures, and countermeasures.

Are you prepared to handle a security incident at your site? Responding to computer security incidents is a requirement for any organization in which computers and networks are an important part of the infrastructure. This course provides the knowledge necessary to prepare for and handle computer and network security incidents with step-by-step information and examples from real-world incidents.

Incident handling ranges from the mundane, yet critical details of preparing your management and modifying policy to working with an incident in progress and correctly handling evidence. The instructors will explain the types of incidents and how to gain management support in building an incident response team. This course provides examples of actual incident handling and the steps involved in recovering from an incident, since incident handling impinges on all aspects of effective system administration.

You will learn about the need for comprehensive computer security incident handling capability, how to communicate that need to management and the user community, how to investigate an incident (as a handler, not as law enforcement), and how to build and maintain that capability. You will also learn how to adapt policy and the incident handling capability to each other, how to staff an incident response team, and how to establish links and communicate with other teams and law enforcement agencies. Even if you are the only person tasked with security, this tutorial will help you prepare yourself and your organization for an inevitable computer security incident.  

Jim Duncan is Manager of Network and Information Systems and Principal Systems Administrator for The Pennsylvania State University's Applied Research Laboratory, a multi-disciplinary research facility for the U.S. Navy and other sponsors. He is a contributor to RFC 1244, The Site Security Policy Handbook, and has developed numerous policies, guidelines, and presentations on systems and network administration, computer security, incident handling, and ethics. He has over ten years' experience in UNIX systems.

Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security and System Administrator's Guide to System V. Farrow writes columns for ;login: and Network Magazine.

 

Conference on Network Administration Networking Tutorials Workshop on Intrusion Detection and Networking Monitoring
Program at-a-Glance - Activities & Services - Hotel & Travel Info - Registration -
Networking '99
Events Calendar
USENIX home