TUESDAY
T5
Handling Computer and Network Security Incidents
Who should attend: System and network administrators, security staff, and their management who have responsibility for the security of networks and connected systems. Basic knowledge of modern operating systems and networking is recommended because it will help in understanding the example incidents, procedures, and countermeasures. Are you prepared to handle a security incident at your site? Responding to computer security incidents is a requirement for any organization in which computers and networks are an important part of the infrastructure. This course provides the knowledge necessary to prepare for and handle computer and network security incidents with step-by-step information and examples from real-world incidents. Incident handling ranges from the mundane, yet critical, details of preparing your management and modifying policy to working with an incident in progress and correctly handling evidence. The instructors will explain the types of incidents and how to gain management support in building an incident response team. This course provides examples of actual incident handling and the steps involved in recovering from an incident, since incident handling impinges on all aspects of effective system administration. You will learn about the need for comprehensive computer security incident handling capability, how to communicate that need to management and the user community, how to investigate an incident (as a handler, not as law enforcement), and how to build and maintain that capability. You will also learn how to adapt policy and the incident handling capability to each other, how to staff an incident response team, and how to establish links and communicate with other teams and law enforcement agencies. Even if you are the only person tasked with security, this tutorial will help you prepare yourself and your organization for an inevitable computer security incident. Jim Duncan is Manager of Network and Information Systems and Principal Systems Administrator for The Pennsylvania State University's Applied Research Laboratory, a multi-disciplinary research facility for the U.S. Navy and other sponsors. He is a contributor to RFC 1244, The Site Security Policy Handbook, and has developed numerous policies, guidelines, and presentations on systems and network administration, computer security, incident handling, and ethics. He has over ten years experience in UNIX systems administration and TCP/IP. Jim is an active member of the Penn State CERT team and has primary responsibility for incident handling at the Applied Research Lab. Rik Farrow (M5, T5) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Securityand System Administrator's Guide to System V. Farrow writes columns for ;login: and Network Magazine. |
| ||
|
Conference Index Events Calendar USENIX home |