Check out the new USENIX Web site.
In this issueUSENIX

  farrow_
rik

by Rik Farrow

Special Issue Editor

<rik@spirit.com>


Welcome to the second Security Special Edition of ;login:. Ellie Young initiated these special editions, and this is the fourth that I have had the honor of editing.

Being editor means, among other things. that you get to read through everything in the magazine several times. Once or more when you first get a submission (depending on whether the article needs revisions), and then again for the page proofs (to be certain that nothing strange has crept in during the editing/typesetting process). I am happy to say that I enjoyed reading through this issue again.

The summaries were the hardest part for me to reread, because I had already read them several times before they were turned in. In this case, I encouraged the summarizers to feel free to write longer summaries than usual as we had enough space for them. What you will find in the summaries are descriptions of the paper presentations of the Eighth USENIX Security Symposium, which took place in Washington, D.C., this past August 23-26, during a spell of surprisingly mild Washington weather.

USENIX conferences are places for learning. The summaries not only outline the contents of each paper presented but also attempt to depict the atmosphere during the presentation, as well as information that is not contained in the papers themselves—for example, questions from the audience, comments that induced laughter (or snickering), as well as the impressions of the summarizers themselves. If you are really interested in absorbing the contents of a USENIX session, writing the summaries is a good opportunity to do so.

The Invited Talks track was both educational and interesting. Ed Felton was not able to speak because of a sudden flu, but I expect that he would have shared insights that were released in a press release the following week. New tricks for exploiting ActiveX were the topic of Richard Smith's talk, and those very exploits were released the following week by his friend Georgi Guniski (see the acknowledgment to him in Microsoft Security Advisory MS99-040).

Steve Bellovin's talk about why cryptography has become important in the Internet covers both the strengths and the failures of the uses of cryptography. In the features section, Steve's paper about distributed firewalls builds on features of IPSec to create a new generation of firewall.

Susan Landau's talk about US crypto policy turned out to be prophetic indeed: a few weeks later, a presidential edict loosened the restrictions on export policy. This change may affect SENSS Bruce, a freely distributable Sun tool for distributing patches and security scripts as well as collecting output from these scripts in a hierarchical manner (see Alec Muffett's article). Both Steve Bellovin and Alec Muffett presented WIPs that turned into articles in this issue.

On the practical side, David Brumley, a member of the Stanford University Network Security Team, explains the importance of IRC in tracking down hackers. Setting up bots and relays is an important goal for hackers, and David clearly explains what you can look for in eggdrop (a popular UNIX bot) configuration files, as well as how IRC can be used to collect information about hackers.

No, the article about configuring a Linux firewall was not written by the Juan Matus; it's just that its author prefers to remain anonymous. There are, of course, other ways of setting up UNIX systems as firewalls. I am interested in receiving proposals for articles about setting up firewalls for laptops and on other Linux tricks, as well as for doing this with BSD.

Opinion

Then there is opinion. In this arena, we have Marcus Ranum, Jeremy Rauch, and Jeffrey Carpenter of CERT. Marcus writes about a different sort of intrusion detection (Marcus presented an IT about burglar alarms that you will find in the summaries and on his Web site). When someone sends out a press release about a new security problem, is that a service, or is it marketing hype? Jeremy Rauch, of SecurityFocus, takes an orthogonal tack on a similar subject by defending full disclosure. SecurityFocus has taken over archiving of Bugtraq from geek-girl and plans to become an important security information resource. From what I have seen so far, this site will be one to bookmark whether you are trying to configure IIS or a Cisco router.

Jeff Carpenter has written a position piece, describing a bit of the history of CERT as well as its current mission. CERT/CC's job is not to help handle incidents, but, rather, to be a single point for collecting trends about current incidents, as well as a reporting point for advisories about attacks that have become common enough to warrant such attention. I know that CERT's mission has often been misunderstood, which is why I offered this chance to clear up CERT's role in the world of Internet security.

Being There

My intent is that this edition is the next best thing to having been at the Symposium. Of course, you can catch only glimpses of what actually went on there, and perforce you miss the hall action.

Wiestse Venema was there. Wietse and Dan Farmer had just given another of their free seminars on UNIX security, this time at IBM's Watson Research Labs in New Jersey. All you had to do was send him email, get permission, then try to find a nearby hotel in a part of New Jersey where there are almost no hotels. I was unable to convince Wietse to write for this edition, but he did mention that he would put the slides of the class (about UNIX forensics) up on his Web site (<https://www.porcupine.org>).

Peter Neumann, who replaced the keynote speaker at the last minute, gave a wonderful talk about the base problem with computer and network security. But he also revealed himself as an expert on Tom Lehrer songs, playing on a grand piano for members of the Program Committee and getting quite a number of people to sing along.

And Peter Honeyman again revealed his Socratic soul. As anyone who has attended a number of USENIX conferences can tell you, Peter often demonstrates his ability to ask truly penetrating questions about a paper. Seeing Peter standing at the microphone can send premonitory chills down a speaker's back.

At the Symposium, Peter's most astonishing feat was to leap up to the microphone at the end of a paper that he himself had co-written and begin grilling his own co-author. He later explained that these questions had just occurred to him as he heard the paper presented.

Of course, the best thing would have been to be there. I hope that you will find this edition full of useful information, and I welcome your comments and suggestions for future articles about security that can appear in ;login:.

 

?Need help? Use our Contacts page.
Last changed: 3 Dec. 1999 jr
Issue index
;login: index
USENIX home