Check out the new USENIX Web site.
12TH SYSTEMS ADMINISTRATION CONFERENCE (LISA '98) - Dec 6-11, 1998 - Marriott Copley Place Hotel, Boston, Massachusetts
 
Register for LISA 98! Program at-a-Glance Program Committee Table of Contents Questions? Contact the USENIX Conference Office
 - Full-day Class -   TUESDAY
 

T5   Handling Computer and Network Security Incidents
Jim Duncan, Penn State University; Rik Farrow, Consultant

Who should attend: System and network administrators, security staff, and their management who have responsibility for the security of networks and connected systems. Basic knowledge of modern operating systems and networking is recommended because it will help in understanding the example incidents, procedures, and countermeasures.

Are you prepared to handle a security incident at your site? Responding to computer security incidents is a requirement for any organization in which computers and networks are an important part of the infrastructure. This course provides the knowledge necessary to prepare for and handle computer and network security incidents with step-by-step information and examples from real-world incidents.

Incident handling ranges from the mundane, yet critical, details of preparing your management and modifying policy to working with an incident in progress and correctly handling evidence. The instructors will explain the types of incidents and how to gain management support in building an incident response team. This course provides examples of actual incident handling and the steps involved in recovering from an incident, since incident handling impinges on all aspects of effective system administration.

You will learn about the need for comprehensive computer security incident handling capability, how to communicate that need to management and the user community, how to investigate an incident (as a handler, not as law enforcement), and how to build and maintain that capability. You will also learn how to adapt policy and the incident handling capability to each other, how to staff an incident response team, and how to establish links and communicate with other teams and law enforcement agencies. Even if you are the only person tasked with security, this tutorial will help you prepare yourself and your organization for an inevitable computer security incident.  


 Jim Duncan   is Manager of Network and Information Systems and Principal Systems Administrator for The Pennsylvania State University's Applied Research Laboratory, a multi-disciplinary research facility for the U.S. Navy and other sponsors. He is a contributor to RFC 1244, The Site Security Policy Handbook, and has developed numerous policies, guidelines, and presentations on systems and network administration, computer security, incident handling, and ethics. He has over ten years experience in UNIX systems administration and TCP/IP. Jim is an active member of the Penn State CERT team and has primary responsibility for incident handling at the Applied Research Lab.

 Rik Farrow  (M5, T5)  provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Securityand System Administrator's Guide to System V. Farrow writes columns for ;login: and Network Magazine.

 


Program at-a-Glance - Tutorials - Technical Sessions - Registration -
Birds-of-a-Feather - Activities & Services - Hotel & Travel Info - Conference Home
Conference Index
Events Calendar
USENIX home