I think this conference would be interesting to many of the readers of
this list; my apologies if not.
--
John P. Wack
Computer Scientist
National Institute of Standards and Technology
Technology A-216
Gaithersburg, Md. 20899
301-975-3411
301-948-0279 (Fax)
JWack @
nist .
gov
john @
alsace .
germantown .
md .
us
Preliminary Program
Sixth Annual
Computer Security
Incident Handling
Workshop
Boston Park Plaza Hotel
Boston, Mass.
July 25 - 29, 1994
Sponsored by:
Forum of Incident Response and Security Teams (FIRST)
Sponsored by:
Forum of Incident Response and Security Teams
CERT Coordination Center, Software Engineering
Institute, Carnegie Mellon University
Department of Defense
Digital Equipment Corporation
National Institute of Standards and Technology
Forum of Incident Response and Security Teams
(FIRST)
Members
-------
Sponsoring Organization
U.S. Air Force Cryptologic Support Center
Boeing Company
The Government Centre for Information Systems, United Kingdom
Defense Advanced Research Projects Agency (DARPA), Software
Engineering Institute, Carnegie Mellon University
Defense Information Systems Agency/Defense Data Network
(DISA/DDN) Agency
Department of Defense
Department of Energy, Lawrence Livermore National Laboratory
Digital Equipment Corporation
University of Hamburg
General Electric Company
NASA Goddard Space Flight Center
University of Karlsruhe, Germany
Motorola
NASA Ames Research Center
U.S. Department of the Navy
National Institute of Standards and Technology (NIST)
NORDUnet
Perdue University
GIP Renater, France
University of Queensland
Small Business Administration
U.S. Sprint
Sun Microsystems, Inc.
Unisys Corporation
Liaisons
--------
Apple Computer's Computer Response Squad
Defence Research Agency Malvern
DOW USA
Electronic Data Systems (EDS)
Goldman, Sachs and Company
Pennsylvania State University
Westinghouse Electric Corporation
Woolwich Centre for Computer Crime Research, Exeter University
What is FIRST?
--------------
Since November of 1988 an almost continuous stream of
security-related incidents has affected thousands of computer
systems and networks throughout the world. To address this
threat, a growing number of government and private sector
organizations in North America, Europe, and Australia have worked
together to exchange information and coordinate response
activities.
This coalition, known as the Forum of Incident Response and
Security Teams (FIRST), brings together a variety of computer
security incident response teams from government, commercial, and
academic organizations. FIRST aims to foster cooperation and
coordination in incident prevention, to prompt rapid reaction to
incidents, and to promote information sharing among members and
the community at large. Currently FIRST has more than 30
members.
FIRST Steering Committee
------------------------
Richard W. Carr, National Aeronautics and Space Administration
(NASA)
Christoph Fischer, Micro-Bit Virus Center, University of
Karlsruhe, Germany
Michael R. Higgins, Defense Information Systems Agency (DISA)
Thomas A. Longstaff, Ph.D., Software Engineering Institute,
Carnegie Mellon University, Computer Emergency Response Team
Coordination Center (CERT/CC)
David J. Proulx, Department of the Navy, Navy Computer Incident
Response Team (NAVCIRT)
Todd A. Shell, Department of the Air Force
Sandy Sparks, Lawrence Livermore National Laboratory, University
of California
Dennis D. Steinauer, National Institute of Standards and
Technology (NIST)
Ronald D. Tencati, NASA Automated Systems Incident Response
Capability (NASIRC), Hughes/STX Corporation
Victor E. Thuotte, Digital Equipment Corporation
About the Workshop
------------------
The focus of this year's workshop is on tools for incident
handling in an international arena. The workshop is being
conducted as a series of tutorials, seminars, and hands-on
sessions on related topics. The diverse program and small
conference atmosphere provide ample opportunity for audiences and
speakers to interact and share their experiences. Participants
bring their own wealth of knowledge, and interchanges among
industry, government agencies, and academia provide unique
opportunities to discuss current requirements and future needs.
Agenda
------
Sunday, July 24
6-8 p.m.-Advanced Registration, The Boston Park Plaza Hotel
Monday, July 25
8:00 a.m.-Registration Opens
8:30 a.m. - 5:00 pm.-Tutorials (Parallel Sessions)
1. "Incident Handling for Techies"
Computer Incident Advisory Capability (CIAC)
The Computer Incident Advisory Capability (CIAC) is the U. S.
Department of Energy's incident response team. Established in
February, 1989, it is one of the two oldest response teams, the
other being ARPA's CERT. CIAC's workshop captures years of
incident handling experience. Incident Handling for Techies will
focus on today's challenging reality of sites with greater
connectivity, shrinking resources available to computer security
professionals, and a growing cracker community.
Who should attend: Anyone who is new to or considering
involvement in a computer emergency response team (CERT) or
experienced security professionals interested in incident
response techniques.
The morning material will focus on the Internet and Unix-based
intrusions:
o What's happening out there as we speak
o How to detect and respond to Unix intrusions
o Exercises that will give the participants a chance to
respond to simulated Unix-based incidents
The afternoon session will highlight the issues of the desktop:
o A "non-incident" can be an incident -- a case study
o An overview of desktop concerns including viruses, trojan
horses, configuration vulnerabilities, etc.
o How to detect and respond to desktop incidents
o Exercises that will give the participants a chance to
respond to simulated desktop incidents.
CIAC team members will discuss other topics such as resources
available to response teams, vendor relations, and legal
considerations. Attendees should leave with a greater confidence
in their ability to serve their constituent community.
2. Security for Managers
Dr. Eugene Schultz, ARCA Systems(founder and former manager of
the Department of Energy's Computer Incident advisory Capability)
This tutorial helps managers understand computer security: what
it is , and what management can do to promote cost-effective
computer security. Learn about the increasingly complex legal
considerations in today's computer security environments, as well
as, the logic of computer security policies and procedures and
how to develop both. A life cycle approach to computer security
is emphasized throughout this seminar.
Risk Analysis Computer Security Procedures
Legal Issues How to Make Programs Work
Computer Security Policy The Computer Security Life Cycle
Tuesday, July 26
----------------
8:00 a.m.-Registration Opens
8:30 a.m. - 12:00 noon (Parallel Sessions)
Three working group sessions sharing information, requirements,
and guidance in an informal interactive environment. All
conference participants are invited to attend.
1. Collecting Computer Crime Statistics
John Kinyon, Motorola and Scott Charney, Department of
Justice
Government and private organizations need an accurate count of
how much computer crime occurs and the related cost these crimes
inflict. The need for reliable statistics range from justifying
security expenditures within an organization to developing
national computer crime legislation. This working group will
explore the following:
o The type, quantity and extent of incidents
o Statistics that are useful, easily gathered, and which can
be rolled up from businesses/government and local
jurisdictions into national statistics
o Locating tools necessary to do the job
o Establishing working relationships between business and the
FBI
2. Internet Security/Insecurity
John Wack, National Institute of Standards and Technology
This session will deal with recent widespread problems on the
Internet and the ramifications of those problems to users, sites,
and organizations. Some of the recent problems to be discussed
will be:
o sendmail vulnerabilities
o problems with login bypassing authentication
o Internet sniffer
o attack scripts availability on the Internet
These problems and situations will be examined and approached
from the perspective of what sites can do to minimize exposure
and response time. The result of the session will be to arrive
at a working paper that describes a set of minimum controls and
policies for Internet host and network security.
3. FIRST Membership Responsibilities
Dennis Steinauer, National Institute of Standards and
Technology
The Secretariat of the Forum of Incident Response and Security
Teams (FIRST) will lead this working group in a discussion about
FIRST. An interactive exchange will be held on the following
topics:
o What FIRST is and is not
o What is needed
o How to join FIRST
o Policies and procedures
o Plans for the future
12:00 noon -Lunch
1-1:30 p.m.-Welcoming Remarks
Michael R. Higgins, Chair, Forum of Incident Response and
Security Teams
1:30 p.m.-Keynote Address
Dr. Eugene Spafford, Purdue University
3 p.m.-Break
3:30 p.m. - 5 p.m.-Incident Handling Teams Status and Update
Thomas A. Longstaff, Ph.D., Software Engineering Institute,
Carnegie Mellon University, Computer Emergency Response Team
Coordination Center (CERT/CC)
6:30 - 8:30 p.m.-Reception, The Boston Park Plaza Hotel
Wednesday, July 27
8:30 a.m. - 10 a.m.-Non-traditional and Public Domain
Network Servers
Edward DeHart, Software Engineering Institute, Carnegie Mellon
University, Computer Emergency Response Team Coordination Center
(CERT/CC)
10:00 a.m.-Break
10:30 a.m. - 12:00 noon-Vendor Panel on Incident Response Teams
Mark Graff, Sun Microsystems
12 noon - Lunch (Boston Park Plaza Hotel)
1:30 p.m. - 3 p.m.-Incident Handling Trends
Ken Van Wyk, Department of Defense, ASSIST
3 p.m.- Break
3:30 p.m. - 5 p.m.-Interoperability in the FIRST Community
Howard Lipson, Software Engineering Institute, Carnegie Mellon
University, Computer Emergency Response Team Coordination Center (CERT/CC)
7:30 p.m. - 10 p.m.-Birds of a Feather Sessions (five rooms
available)
Thursday July 28, 1994
8:30 a.m.- Security Tools
Todd Shell, Department of the Air Force
10 a.m.-Break
10:30 a.m.-Tools to Kill Systems
Karen Pichnarczyk, CIAC
12 noon-Lunch (Boston Park Plaza Hotel)
1:30 p.m.-Forming an Incident Response Team
Danny Smith, Security Emergency Response Team (AUSCERT)
3p.m.-Break
3:30 p.m.-FIRST General Meeting
Michael R. Higgins, Chair, Forum of Incident Response and
Security Teams (FIRST)
Friday July 29, 1994
8:30 a.m.-International Issues
Peter Kossakowski, DFN CERT
10:00 a.m.-Break
10:30-12:00 noon-Closing Keynote
"Do We Live In An Electronic Fish Bowl?"
James C. Settle, I-NET
Technical Information
---------------------
John Wack
National Institute of Standards and Technology
Bldg. 225/Room A216
Gaithersburg, MD 20899
Telephone: (301) 975-3359
FAX: (301)948-0279
email:workshop-info @
first .
org .
Accommodations
--------------
A block of rooms has been reserved for workshop participants at
the Boston Park Plaza Hotel, 64 Arlington St., Boston, Mass.,
(617) 426-2000. The rate is $99 single or $109 double, plus 9.7%
tax. To reserve a room please call the hotel no later than June
25, 1994. After that date the rooms will be released for general
sale at the prevailing hotel rate.
Registration
------------
The registration fee is $275.00 per person. Registration
includes coffee breaks, two lunches, a reception, and workshop
materials. In order to be pre-registered and have your name
appear on a preliminary participants list, registration must be
received by July 11, 1994. Requests for cancellations or refunds
must be submitted, in writing, to Lori Phillips (see address and
fax below), by July 11, 1994. Attendees will receive a free CD-
ROM that includes, but is not limited to:
o Advisories
o Mailing list archives
o Security related papers and documents
o Password security software
o Network security software
o Firewalls software
o Authentication software
Registration Information
------------------------
Lori Phillips
National Institute of Standards and Technology
Bldg. 101, Room B116
Gaithersburg, MD 20899-0001
Telephone: (301)975-4513
FAX: (301)948-2067
Airport Limousines
------------------
>From Logan International Airport
City Transportation Limo can be picked-up outside the lower level
baggage claim area. Limos run from 7 a.m. to 7 p.m., 7 days a
week, at approximately 10 and 20 minutes past each hour. The
cost is $7.50 per person. Guests returning to the airport can
get a $1-off coupon from the bellman for the trip back to the
airport. The travel time is about 30-45 minutes (stops at all
major downtown hotels).
Taxis
-----
>From Logan International Airport
Taxis are approximately $14 to the Boston Park Plaza Hotel. The
travel time is about 20 minutes (longer at rush hour).
Public Transportation
---------------------
>From Logan International Airport
Take a shuttle bus (free) from the Airport Terminal to the Blue
Line, Airport Stop. Buy a token for 85 cents, take the Blue Line
to Government Center, change to the Green Line. Stay on Green
Line until you reach Arlington Street Stop. The Boston Park
Plaza will be located across the street. The travel time is 15-
20 minutes.
Driving Instructions
--------------------
(Note: Parking is limited at the Boston Park Plaza Hotel)
>From Logan International Airport
Follow signs to Sumner Tunnel. After exiting the tunnel, take
the second right onto 93 North. Exit at Cambridge/Storrow Drive.
Follow Storrow Drive signs to Back Bay, and exit at Copley
Square. Turn left at the first light onto Beacon Street, and
right at the next light onto Arlington Street. Go straight four
blocks, the Hotel is one block after Boylston Street.
>From 93-North
Take 93-South into Boston. Bear right onto Sorrow Drive and
follow signs to Back Bay. Exit at Copley Square and turn left at
the first light onto Beacon Street, and right at the next light
onto Arlington Street. Proceed straight for four blocks. The
Hotel will be on your left, one block after Boylston Street.
>From 93-South
Take 93-North and exit a Kneeland Street/Chinatown. At the stop
light, turn left onto Kneeland Street. Drive approximately 3
blocks until Kneeland turns into Stuart Street. Stay in the
right lane, bear right onto Charles Street South. Take an
immediate left onto Park Plaza. The Hotel is directly ahead.
Bear left to reach the motor entrance.
------------------- registration card -----------------------
Sixth Annual Computer Security
Incident Handling Workshop
July 25-29, 1994
Last Name_______________________________________________________
First Name______________________________________________________
Company_________________________________________________________
Street Address__________________________________________________
Rm. No./Mail Code_______________________________________________
City, State, Zip________________________________________________
Country_________________________________________________________
Business Telephone______________________________________________
Fax No._________________________________________________________
Handicap Services_______________________________________________
I am interested in attending the following:
Tutorials: Working Groups:
[ ] Security for Managers [ ] Collecting Computer
Crime Statistics
[ ] Incident Handling for Techies [ ] Internet
Security/Insecurity
[ ] FIRST Membership
Responsibilities
Registration Fee: $275.00
Form of Payment:
[ ] Check enclosed made payable to NIST/Incident Handling
Workshop.
[ ] Credit card used_______________________________________
(Mastercard or Visa Only)
Credit card no.__________________________ Exp._________
Authorized Signature___________________________________
[ ] Purchase Order no./Training Form (enclose a copy or provide
one on-site at registration; faxed copy unacceptable.)
Please return this form by July 11, 1994 to:
NIST Office of the Comptroller
Bldg. 101/Rm. A807
Gaithersburg, MD 20899-0001
Or fax by July 11, 1994 to:
Lori Phillips, NIST/PAD, (301) 948-2067
|
|
