Invited Talks

Tuesday, August 1, 2000

9:00 am—10:30 am   Opening Remarks, Awards, and Keynote

May You Live in Overcomplex Times Marcus J. Ranum, President and CEO, Network Flight Recorder, Inc. My background in the industry is from a perspective of computer security: building secure systems, networks, and software. But the enemy of security is complexity--the more complicated something is, the harder it is to secure it properly. What are the implications of this simple observation for a future in which most software, systems, and networks are growing in size and complexity at a fantastic rate? What kinds of effects will we see from the growth of the Internet population versus the population of qualified system managers and network administrators? Can we actually build a secure (or even functional) global infrastructure on "internet time"? Marcus J. Ranum is CEO and founder of Network Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker.

10:30 am—11:00 am   Break

11:00 am—12:30 pm   Windows 2000 Networking and Integration

Session Chair: Aeleen Frisch, Exponential Consulting Providing Secure Access to Information Using the Internet John Holmwood, TransCanada; Kevin Reichert, Alterna; Blaine Feniak, TransCanada System Security Administration for NT Harlan Carvey, Network Solutions On Designing a Database for Integrated User Management: Pitfalls and Possibilities Amy LaMeyer, Shankaranarayanan Ganesan, and Jesper M. Johansson, Boston University

12:30 pm—2:00 pm   Conference Luncheon

2:00 pm—3:30 pm   Advanced Systems Management Topics

Session Chair: John Holmwood, TransCanada Remote Windows NT Administration Using Windows CE Handheld Devices Craig Stacey, Argonne National Laboratory Kerberos Interoperability Issues Paul B. Hill, Massachusetts Institute of Technology NT5 and Samba Integration Issues Luke K. C. Leighton, SAMBA Team

3:30 pm—4:00 pm   Break

4:00 pm—5:30 pm   Securing Windows 2000

Dave LeBlanc and Mike Howard, Microsoft Corporation Win2K is here, and you are using it. How do you ensure that it's secure? What will you do to utilize the new security features in Win2K? What will give you the most bang for the buck? This session will discuss the practical how-to's of securing Win2K both from the host and from the network point of view.

5:30 pm—6:00 pm   Break

6:00 pm—10:00 pm   Work in Progress Reports/Birds of a Feather Sessions

WiPs: Do you have interesting work you would like to share, or a cool idea that is not yet ready to be published? The USENIX/SAGE audience provides valuable discussion and feedback. Short, pithy, and fun, Work in Progress Reports (WiPs) introduce interesting new or ongoing work. We are particularly interested in presentation of student work. Prospective speakers should send a short one- or two-paragraph report to lisant2000wips@usenix.org. BoFs: Birds-of-a-Feather sessions are very informal gatherings of persons interested in a particular topic. BoFs may be scheduled during the conference at the registration desk or in advance by contacting the USENIX Conference Office, either by phone (1.949.588.8649) or by email (conference@usenix.org). Topics are announced at the conference.

Wednesday, August 2, 2000

9:00 am—10:30 am   Active Directory

Andreas Luther, Microsoft Corporation Implementing and using the Active Directory is the single most important issue in Win2K. This session will discuss deployment and will offer helpful tips on taking maximum advantage of the features of the Active Directory. A portion of the talk will concern the DNS requirements of the AD and how to integrate those requirements into your existing DNS hierarchy.

10:30 am—11:00 am   Break

11:00 am—12:30 pm   Panel Discussion: Windows 2000 Migration

Session Chair: Todd Needham, Microsoft Research Win2K is here, and you will be migrating, sooner or later. How will you do it? How have others done it? What are the pitfalls and gotcha's? Where do you start? These questions will be addressed in a lively panel discussion featuring several key technical leaders from academia, government, and business. In a format encouraging audience interaction, you'll have a chance to discover the critical technical issues involved in a Win2K migration.

12:30 pm—2:00 pm   Lunch (on your own)

2:00 pm—3:30 pm   Windows 2000 in the Enterprise

Session Chair: Martin Sjölin, UBS Enterprise Management of NT Services J. Nick Otto, Parikh Advanced Systems Monitor an Enterprise of SQL Servers--Automating Management by Exception with Perl Linchi Shea, Merrill Lynch & Co. Automated Generic Operating System Installation and Maintenance (JACAL) Joel D. Martin, Compaq Computer Corp. and Aaron D. Brooks, Taylor University

3:30 pm—4:00 pm   Break

4:00 pm—5:30 pm   Closing Remarks and Closing Keynote Address

Everything the Security Administrator Needs to Know About Security William Hugh Murray, CISSP, Information System Security Consultant to Deloitte & Touche Everything that business or government does with computers or communications becomes part of the social and economic infrastructure of the twenty-first century. Much of the configuration and operation of this novel and critical infrastructure will be in the hands of the system and network administrators. They are often the first to be called when the infrastructure is stressed or breaks, but their training is often on-the-job, remedial, and late. Although they understand the weaknesses and limitations of their materials all too well, they are rarely taught how to compensate for those weaknesses. Out of necessity, their security approach tends to be reactive and remedial. This presentation will provide system and network administrators with a set of broadly applicable strategies and proactive approaches they can use to protect systems from outside interference and contamination, provide appropriate application controls, and protect their networks from undesired traffic. Among other things, it will address policy and service-level agreements; when to plan and for what; effective use of access controls; strong network perimeters and how to compensate for leaks; and how to use weak materials to build strong systems.