|
Workshops Program |
|
Thursday, October
21, 1999 |
1:00 - 6:00 p.m.
8:00 a.m. Registration
Pre-registration required - Cost: $125
Attendence limited
Add to your conference experience by attending one of these
outstanding technical workshops. |
|
Workshop 1 |
Intrusion Detection
- Sondra Schneider, IFsec, LLC
This workshop will present an introduction to intrusion
detection. Network and host based intrusion detection systems
(IDS) will be covered and an awareness of the strengths and
weaknesses of each will be gained. IT professionals who desire to
select IDS will benefit from discussion on the different types of
implementations available. Comparisons to other perimeter defenses
will be covered as well as IDS countermeasures for common attacks.
You will learn where to position sensors and consoles, what types
of responses you will receive and what those responses mean. A
comparison of the various "in" and outsourcing options
will be extremely beneficial to those executives attempting to
sift through the myriad of choices available today.
What You Will Learn:
- How to know if you are being attacked?
- Intrusion Detection vs Firewalls
- Network IDS vs Hostbased IDS
- How do IDS systems work?
- Where to place IDS on your network
- Understanding Cyberthreats and Countermeasures
- What you can do to secure your network now
- Insourcing & Outsourcing Options: case studies
|
|
Workshop 2 |
Cryptography for Beginners: What is it and how can I use it?
KEY, RSA, PKI, SET, SSL, VPN, PGP - as in all things technical
or bureaucratic, the three letter acronyms surrounding e-commerce
can present a conundrum to information professionals charged with
securing the business transactions of their company. This session
bridges the technical, the bureaucratic, and the social. It will
explain cryptographic basics, but concentrate on the tools and
methods necessary for privacy for business transactions and how
they are and will be used in electronic commerce. This is not a
technical presentation to discuss technical characteristics of the
schemes. The session is specifically aimed at the individual who
cares less about the mathematics behind the techniques and more
about the what, why, and how of cryptographic tools for protecting
digital information. The word "practical" is key; no one
should be scared away thinking this will be too technical. Using
blocks, pens, hoses, rope and real-world case studies, the
instructor will explain what secret key and public and hashing
algorithms are and how they solve the security problems for
electronic commerce and everyday security problems. More
importantly, the students will learn when it is appropriate to use
cryptography and when it is not. Examples will include military,
banking, internet gambling, healthcare, and many others. |
|
Workshop 3 |
Securing A Public Web Server
- Shawn Hernan, CERT® Coordination Center
The world wide web is one of the most important ways for
organizations to publish information; however care must be taken
in setting up and operating a public web site to reduce security
concerns and vulnerabilities. This workshop will describe how to
secure a public web site and describe current vulnerabilities that
are being exploited and how to mitigate them. Topics covered
include:
- Networks, Routers, and Firewalls
- Client-side security
- Content creation and delivery
- Checksum on static pages
- Host security
- Certificates
- MIME issues
- Cookies
- State in a stateless world
- Trusting untrustworthy data
- CGI issues
- Active Content
|
|
Workshop 4 |
Protection Profiles * Turning a Good Idea Into a Registered
Standard
- Murray Donaldson, CESG, UK
- Lynne Ambuel, TRW, USA
This workshop will provide the attendee with enough information
to express their security requirements in the form of a Protection
Profile; which can then be registered for international use. It
will cover all aspects of Protection Profiles, including when and
how to have one developed, evaluated, certified and registered.
Common problems and mistakes in building Protection Profiles will
be explained and hints provided on how best to express IT security
needs in a Protection Profile. Examples will be used extensively
to compare and contrast the different ways to express Protection
Profile contents. |
|
Workshop 5 |
Attack Techniques and Defenses
In this condensed version of Computer Security Institute's
popular 2-day technical course, instructor Rik Farrow exposes the
methods currently being used to perpetrate network attacks:
scanning networks, identifying systems based on their responses to
TCP packets or by the pattern of services offered, breaking into
these systems, gaining administrative privileges, installing tools
to hide the attackers presence, installing backdoors, and other
related techniques. Based on an understanding of attack methods,
you will also explore viable countermeasures to most attacks,
tools used by attackers for scanning and break-in, typical
'debris' left by both successful and unsuccessful attacks. Tools
covered include dig, nmap, sscan, strobe, NAT, loki2, lrkr4,
imap-ex, and other exploits. |
Last update March 19, 2002 |