Add to your conference experience by attending one of these outstanding technical workshops.

Intrusion Detection

• Sondra Schneider, IFsec, LLC

This workshop will present an introduction to intrusion detection. Network and host based intrusion detection systems (IDS) will be covered and an awareness of the strengths and weaknesses of each will be gained. IT professionals who desire to select IDS will benefit from discussion on the different types of implementations available. Comparisons to other perimeter defenses will be covered as well as IDS countermeasures for common attacks. You will learn where to position sensors and consoles, what types of responses you will receive and what those responses mean. A comparison of the various "in" and outsourcing options will be extremely beneficial to those executives attempting to sift through the myriad of choices available today.

What You Will Learn:

• How to know if you are being attacked?
• Intrusion Detection vs Firewalls
• Network IDS vs Hostbased IDS
• How do IDS systems work?
• Where to place IDS on your network
• Understanding Cyberthreats and Countermeasures
• What you can do to secure your network now
• Insourcing & Outsourcing Options: case studies

Cryptography for Beginners: What is it and how can I use it?

• Jim Litchko, IMSI

KEY, RSA, PKI, SET, SSL, VPN, PGP - as in all things technical or bureaucratic, the three letter acronyms surrounding e-commerce can present a conundrum to information professionals charged with securing the business transactions of their company. This session bridges the technical, the bureaucratic, and the social. It will explain cryptographic basics, but concentrate on the tools and methods necessary for privacy for business transactions and how they are and will be used in electronic commerce. This is not a technical presentation to discuss technical characteristics of the schemes. The session is specifically aimed at the individual who cares less about the mathematics behind the techniques and more about the what, why, and how of cryptographic tools for protecting digital information. The word "practical" is key; no one should be scared away thinking this will be too technical. Using blocks, pens, hoses, rope and real-world case studies, the instructor will explain what secret key and public and hashing algorithms are and how they solve the security problems for electronic commerce and everyday security problems. More importantly, the students will learn when it is appropriate to use cryptography and when it is not. Examples will include military, banking, internet gambling, healthcare, and many others.

Securing A Public Web Server

• Shawn Hernan, CERT® Coordination Center

The world wide web is one of the most important ways for organizations to publish information; however care must be taken in setting up and operating a public web site to reduce security concerns and vulnerabilities. This workshop will describe how to secure a public web site and describe current vulnerabilities that are being exploited and how to mitigate them. Topics covered include:

• Networks, Routers, and Firewalls
• Client-side security
• Content creation and delivery
• Checksum on static pages
• Host security
• Certificates
• MIME issues
• Cookies
• State in a stateless world
• Trusting untrustworthy data
• CGI issues
• Active Content

Protection Profiles * Turning a Good Idea Into a Registered Standard

• Murray Donaldson, CESG, UK
• Lynne Ambuel, TRW, USA

This workshop will provide the attendee with enough information to express their security requirements in the form of a Protection Profile; which can then be registered for international use. It will cover all aspects of Protection Profiles, including when and how to have one developed, evaluated, certified and registered. Common problems and mistakes in building Protection Profiles will be explained and hints provided on how best to express IT security needs in a Protection Profile. Examples will be used extensively to compare and contrast the different ways to express Protection Profile contents.

Attack Techniques and Defenses

• Rik Farrow, CSI

In this condensed version of Computer Security Institute's popular 2-day technical course, instructor Rik Farrow exposes the methods currently being used to perpetrate network attacks: scanning networks, identifying systems based on their responses to TCP packets or by the pattern of services offered, breaking into these systems, gaining administrative privileges, installing tools to hide the attackers presence, installing backdoors, and other related techniques. Based on an understanding of attack methods, you will also explore viable countermeasures to most attacks, tools used by attackers for scanning and break-in, typical 'debris' left by both successful and unsuccessful attacks. Tools covered include dig, nmap, sscan, strobe, NAT, loki2, lrkr4, imap-ex, and other exploits.