Add to your conference experience by attending one of these outstanding technical workshops.

Securing Your Place On The Web

• Ken Cutler, MIS Training Institute/Information Security Institute

The World Wide Web (WWW) technology has been a major contributor to the exciting growth of the Internet. With the opportunity to globalize electronic commerce across the Web, in addition to having easy access to an attractive new vehicle for developing their own web of intranets for internal applications, many organizations are rushing to jump on the Web technology bandwagon. As with any new technology, the vast array of Web browsers, servers, and security protocols are still in their infancy which translates to many potential security pitfalls. In this up-to-the-minute workshop, we will:

• Highlight the security and audit implications of important components of TCP/IP, Internet & Web technology
• Identify the key security control points and related threats to your external and internal Internet/Web environment
• Pinpoint serious security issues and important security countermeasures associated with Web application development software tools including: Java, ActiveX, JavaScript, CGI, SSI, "cookies," and robots
• Build a shopping list for security features for selecting and configuring secure Web server (HTTP) software
• Make sense of the myriad of new Web security protocols such as SET, SSL, S-HTTP, PCT, STLP, S-WAN, PPTP, IPsec, L2TP
• Develop an end-to-end security plan by relating major Internet/Web security threats to a checklist of practical safeguards including: host security, firewalls, user authentication, and cryptography
• Provide tips in selecting tools and techniques to organize an effective, on-going audit plan for evaluating the security of your Internet/Web environment.

Note: In addition to the session notes, participants in the workshop will receive a copy of the famous ISI Swiss Army Knife Security & Audit Reference, a glossary of distributed information systems terminology, and a Web Security and Audit Survival Kit.

Common Criteria Protection Profile

• Lynne Ambuel, BDM International
• Murray Donaldson, CESG, UK

This workshop will provide information and instruction on using the Common Criteria to build protection profiles to express information technology security requirements. Community experience in building protection profiles will be used for this instruction. Alternative sets of related technologies will be compared and contrasted in the hope of harmonizing like requirements into generic protection profiles for given technologies (i.e. firewalls). In addition, issues arising from attempting to create protection profiles representing non-classic requirement sets will be discussed.

How to Establish an Incident Handling Capability

• Sandy Sparks, CIAC-Lawrence Livermore
• Marianne Swanson, NIST

This workshop, which is sponsored by the Federal Computer Incident Response Capability (FedCIRC), will address many of the technical and administrative issues involved in establishing an incident handling capability. Topics to be covered include organizational structure, roles and responsibilities, technology platforms, incident handling methods, sample policy, reporting and issuing alerts, administrative and incident handling procedures, communications (users, other) and lessons learned.

Connecting to the Internet

• Tom Christian, CIAC - Lawrence Livermore National Laboratory

This workshop will address many of the technical issues involved in connecting to and managing systems and sites that are part of the Internet. Current threats on the Internet and how to work with incident response teams and obtain sources for more information will be explored. Administrative information such as the importance of setting up policies with management support will also be given. Topics to be covered include Internet threats, securing the system, detecting intrusions and security on the Internet.