Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Tuesday, August 2, 2005

T1 Solaris 10 Security Features Workshop Peter Baer Galvin, Corporate Technologies 9:00 a.m.–5:00 p.m. Who should attend: Solaris systems managers and administrators interested in the new security features in Solaris 10 (and features in previous Solaris releases that they may not be using). This course covers a variety of topics surrounding Solaris 10 and security. Solaris 10 includes many new features, and there are new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Each student should have a laptop with wireless access for remote access into a Solaris 10 machine. Topics include: Solaris cryptographic framework NFSv4 Solaris privileges Solaris Flash archives and live upgrade Moving from NIS to LDAP Dtrace WBEM Smartcard interfaces and APIs Kerberos enhancements Zones FTP client and server enhancements PAM enhancements Auditing enhancements Password history checking ipfilters Peter Baer Galvin (T1) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability. T2 DDoS for Fun and Profit Sven Dietrich, CERT Research, Carnegie Mellon University; David Dittrich, University of Washington 9:00 a.m.–5:00 p.m. Who should attend: System administrators, network administrators, and computer security practitioners. A basic understanding of IP networking, network protocols, and routing as well as an understanding of computer security fundamentals is required. The tutorial will trace the development of denial of service attacks from early, machine-crashing exploits to the present day distributed denial of service (DDoS) attacks. A substantial portion of the tutorial will be devoted to understanding DDoS attacks and developing appropriate responses. Among the issues to be addressed are preparing for a DDoS attack, recognizing the attack type and probable attack pattern, designing appropriate filter rules to mitigate the attack, and working with upstream providers. We will also survey current research that may lead to ways of thwarting such attacks in the future. Topics include: Fundamentals: Basic networking and routing protocols Denial of Service: Basic concepts Vulnerabilities and pathologies OS support The jump from DoS to DDoS Evolution of attack tools Classes of DDoS tools: What they do Choices in the attack space How they work Currently available tools and bots Diagnosis of the problem: How do you know you are under attack? Symptoms in your own operational and system monitoring data Differentiating between flash crowds and attacks Advances in research Inspecting a compromised system Building a monitoring/traffic capture facility Mitigation: Recognition of the attack Attack signatures and attack tool identification DoS vs. DDoS Indications of single and multiple sources Creating countermeasures Techniques for limiting the damage Characterizing the attacked resources Infrastructure changes Traceback Filtering Active response Strikeback Political hurdles: Dealing with your ISP Dealing with management The bright road ahead DDoS and beyond Prospects for future advances in attacker tools Technical, legal, and political mitigation strategies Sven Dietrich (T2) is a senior member of the technical staff at CERT Research at Carnegie Mellon University and also holds an appointment at the Carnegie Mellon University CyLab, a university-wide cybersecurity research and education initiative. Previously he was a senior security architect at the NASA Goddard Space Flight Center, where he observed and analyzed the first distributed denial-of-service attacks aainst the University of Minnesota in 1999. He taught Mathematics and Computer Science as adjunct faculty at Adelphi University, his alma mater, from 1991 to 1997. His research interests include survivability, computer and network security, anonymity, cryptoraphic protocols, and cryptography. His previous work has included a formal analysis of the secure sockets layer protocol (SSL), intrusion detection, analysis of distributed denial-of-service tools, and the security of IP communications in space. His publications include the recent book Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, 2004), as well as the articles "Analyzing Distributed Denial of Service Tools: The Shaft Case" (2000) and "The 'mstream' Distributed Denial of Service Tool" (2000), and others on Active Network Defense, DDoS tool analysis, and survivability. David Dittrich (T2) is a Senior Security Engineer and Researcher for the UW Center for Information Assurance and Cybersecurity and the Information School at the University of Washington, where he has worked since 1990. Dave is also a member of the Honeynet Project and Seattle's "Agora" security group. He is most widely known for his research into Distributed Denial of Service (DDoS) attack tools and host & network forensics. He has presented talks and courses at dozens of computer security conferences, workshops, and government/private organizations worldwide. He has been a prolific self-publisher of white papers, FAQs, and malware tool analyses, all intended to make his (and everyone else's) life easier in dealing with computer intrusions. Dave has contributed to the books Know Your Enemy, by the Honeynet Project (Addison-Wesley, 2001), The Hacker's Challenge, edited by Mike Schiffman (McGraw Hill, 2001), and two articles in the Handbook of Information Security, edited by Hossein Bidoli (John Wiley & Sons, 2005), and was another co-author of Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, 2004). T3 Organizing a Cybersecurity Exercise Ron Dodge and Dan Ragsdale, United States Military Academy 9:00 a.m.–5:00 p.m. Who should attend: System administrators and security professionals involved in the design and management and security of information systems. A general familiarity with security tools, network fundamentals, and operating systems is assumed. Students will leave this tutorial with a framework that can be used to conduct a local cyber exercise. The security of our information systems is constantly under attack. We propose that to make them safer, they should be attacked even more. A competition where teams defend a network against skilled adversaries provides an excellent means to develop the skills necessary to defend real networks. In addition, such a competition provides a safe environment to test and evaluate new and emerging defensive techniques and technologies. Similar events that have been publicized recently are the DEFCON "Capture the Flag" (CTF) competition, the military Cyber Defense Exercise, and the Collegiate Cyber Defense Competition. These competitions follow different paradigms. The DEFCON event set all teams to be both attackers and defenders, while the latter two focus the teams on defensive operations only. This tutorial explores the various organizational and administrative options available when organizing an exercise. Representative exercise schemes will be discussed in detail. An example network will be demonstrated and available for experimentation. Topics include: Exercise scope Hardware and software Scoring Legal considerations Organizational structure Ron Dodge (T3) is the director of the Information Technology Operations Center and an assistant professor in the Department of Electrical Engineering and Computer Science at the US Military Academy. His research interests include information warfare, security protocols, Internet technologies, and performance planning and capacity management. Dodge received a PhD in computer science from George Mason University. Contact him at ronald.dodge@usma.edu. Dan Ragsdale (T3) is the director of the Information Technology Program and an associate professor at the US Military Academy. His research interests include information assurance, network security, intrusion detection, and artificial intelligence. Ragsdale received a PhD in computer science from Texas A&M. Contact him at daniel.ragsdale@usma.edu. T4 Security Standards and Why You Need to Understand Them Brad C. Johnson and Richard E. Mackey, Jr., SystemExperts Corporation 9:00 a.m.–5:00 p.m. Who should attend: Administrators, technicians, and managers at any level who need to understand the gist of the key security standards and the laws and industry trends that are making these standards critical to doing business. Organizations are turning to security standards both to measure and to document the completeness and adequacy of their security program. You may need to simply put a check in the box that says you "substantially comply" with a particular standard or you may need to prove to yourself, customers, and partners that you follow acceptable security practices. Unfortunately, organizations do not have a widely accepted method to prove they are secure. We look to security standards to meet this need. Computer security has seen a number of standards, compliance specifications, and certification authorities. Today, a few are beginning to gain acceptance by industry groups, but it is still difficult to tell which of these will stand the test of time and practicality. Consequently, it's important to understand, at least at a high level, what the most popular initiatives are attempting to do, what problems these standards address, and the value they provide. Topics include: Security standards review Why: The motivations Laws: Sarbanes-Oxley, Gramm-Leach-Bliley Partnerships and mergers Internal and external audits What: The standards ISO 17799 COBIT SAS 70 Information Criticality Assessment (e.g., NSA IAM) How: The mechanisms ISO 17799 reviews and certifications Security audits Security assessments Penetration and application testing Practicum and Drill Downs Standards motivation: Intrusion preparation Homeland security Intrusion awareness Common intrusion areas Intrusion example Security assessments: Drill Down exercises ISO 17799 Drill Down IAM Drill Down COBIT Drill Down Risk analysis Drill Downs Brad C. Johnson (T4) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has been published in such journals as Digital Technical Journal, IEEE Computer Society Press, Information Security Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University. Richard E. Mackey, Jr. (T4) is principal of SystemExperts Corporation. Dick Mackey is regarded as one of the industry's foremost authorities on distributed computing infrastructure and security. Before joining SystemExperts, he worked in leading technical and director positions at The Open Group, The Open Software Foundation (DCE), and BBN Corporation (Cronus Distributed Computing Environment). He has been published often in security magazines such as ISSA Password, .NET, Information Security, and SC Secure Computing. He is a regular speaker on computer security topics at various industry conferences. Dick has a B.S. and an M.S. in Electrical and Computer Engineering from the University of Massachusetts at Amherst.