Add to your conference experience by attending one of these outstanding technical workshops.

Investigating Computer Virus and Other Malware Incidents

• Christine M. Orshesky, i-secure Corporation

With the increasing spread of computer viruses and worms that can lurk in an organization, it is no longer feasible to rely solely on single point detection and repair techniques. Virus-related incidents must be investigated to determine where the virus originated, where it spread, and what damage it may have caused or may cause in the future. This workshop will show you how to make those determinations through effective response and investigation techniques for computer viruses and other malware incidents. The workshop will provide a brief foundation on the functionality of computer viruses and other forms of malware with an emphasis on the ways they can enter an organization, the ways they spread, and the types of damage they can cause. Key techniques in the response and investigation of such incidents will be discussed and demonstrated. You will have a hands-on opportunity to investigate several computer virus and malware incidents.

Staying Ahead of the Hackers: Network Vulnerability Testing

• Ken Cutler, Information Security Institute

Protecting and auditing Internet-TCP/IP network technology is a major challenge. In this state-of-the-art session, you will learn how to systematically test the security of important security hot spots for entire TCP/IP networks as well as for individual systems. You will receive the necessary guidance to build a versatile and powerful cyberspace audit toolkit to test for serious TCP/IP network security vulnerabilities that are frequently exploited by hackers and other intruders. The session agenda includes: an evaluation of the significance of recent incidents, advisories, and trends in network attacks and vulnerability conditions; a systematic, graduated plan for "discovering" a network and identifying serious vulnerabilities; sources for obtaining vital information and tools associated with detecting serious Internet/Web security exposures; methods for reviewing freeware, shareware, and commercial tools for auditing the security of individual servers, firewalls, and entire TCP/IP networks, including: network discovery tools, network mappers, port scanners, network security scanning tools, host security scanning tools, and firewall and web server security testing techniques.

This session assumes a working knowledge of TCP/IP and client/server technology.

Information System Survival School

• Gail Brooks, Mary Washington College

Are you just getting started in information security? This course has been designed to help you come up to speed on the significance of computer and network attacks that are directed at your systems! No prerequisites are needed. The axioms of information assurance, confidentiality, integrity, and availability are introduced with examples of real attacks and defensive countermeasures. The most current attacks on the Internet are detailed against an historical backdrop so students can develop a sense of perspective. One attack - the RingZero proxy scanning trojan - is discussed in depth by the analysts who discovered it. This illustrates not just the significance of trojan-based attacks, but the kind of team-based analysis needed to run a-ground new hacker ploys. A discussion of information warfare at the national level and the issues of infrastructure protection will lead into a "from the trenches" process for incident handling.

Cryptography for Beginners: What is it and how can I use it?

• Jim Litchko, Litchko & Associates, Inc.

KEY, RSA, PKI, SET, SSL, VPN, PGP...As with all things technical or bureaucratic, these three letter acronyms surrounding e-commerce can present a conundrum to information professionals charged with securing the business transactions of their company. This session bridges the technical, the bureaucratic, and the social. Specifically, the session offers you an explanation of cryptographic basics, concentrating on the tools and methods necessary for privacy for business transactions and their uses in electronic commerce. This is not a technical presentation to discuss technical characteristics of the schemes. The session is specifically aimed at the individual who cares less about the mathematics behind the techniques and more about the what, why, and how of cryptographic tools for protecting digital information. The word "practical" is key. Using blocks, pens hoses, rope, and real-world case studies, the instructor will explain what secret key, public, and hashing algorithms are and how they address security problems for electronic commerce and everyday situations. More importantly, you will learn when it is appropriate to use cryptography and when it is not. Examples from such fields as military, banking, internet gambling, healthcare and more will be featured.

Introduction to the National Certification and Accreditation Approach (The NIACAP)

• Mark S. Loepker, National Security Agency
• Barry Stauffer, Corbett Technologies, Inc.

The National Information Assurance Certification and Accreditation Process (NIACAP) establishes a national standard process, a set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of an organization. The NIACAP focuses on the organization's mission and information system (IS) business case. In this workshop you will see that the process is designed to certify that the IS meets well defined and agreed to accreditation requirements and will continue to maintain the accredited security posture throughout the system life cycle. You will also see that the NIACAP is adaptable to any type of IS and any computing environment and mission. You will learn how the process can be adapted to include existing system certifications and evaluated products, and how users of the process must align the process with their program strategies and integrate the activities into their enterprise system life cycle. You will see that while NIACAP maps to any system life-cycle process, its four phases are independent of the life-cycle strategy.

Introduction to the Common Criteria (CC), Common Evaluation Methodology (CEM), and Common Criteria Toolbox

• Michael McEvilley, Mitretek Systems, Inc.
• Gary Grainger, Mitretek Systems, Inc.
• Frank Belvin, The MITRE Corporation

With the growing need for an internationally recognized and flexible criteria to specify security requirements and to replace the inflexible Trusted Computer Systems Evaluation Criteria (TCSEC), DoD 5200.28, the Common Criteria for Information Technology Security Evaluation, ISO/IEC Standard 15408 was developed by an International community. This workshop is designed for individuals just becoming familiar with the Common Criteria. Three separate sessions will be offered focusing on the Common Criteria, Common Evaluation Methodology, and Common Criteria Toolbox. Upon completion of the sessions, you will have a greater understanding of the IT 11 functional and 9 assurance security requirements in the CC, how to assemble the requirements into protection profiles and security targets that comply with the normative, how to select functional and assurance requirements based on an objective, how the evaluation methodology is employed in the security testing process, and how the automated tools can be used to make the requirements specification process more efficient and expedient. You will learn how the CC offers consumers and producers of commercial-off-the-shelf (COTS) products a flexible and extensible approach for defining security requirements in IT products and systems. You will see that with the need for security enabled and enhanced information technology (IT) to support consumer needs and the critical infrastructure, the CC provides a framework for stipulating requirements and a comprehensive approach for testing IT products and systems using a Common Evaluation Methodology. Thus, the criteria provides an internationally recognized basis for specifying and testing a wide range of technologies such as operating systems, database management systems, PKI, firewalls, smartcards, telecommunications switches, network devices, middleware, and applications.
Using the Common Criteria can help:

• Convey consumer security requirements to IT product developers
• Determine if IT product developers produced what was specified
• Improve the ways consumers achieve assurance in IT products and systems

Slides booklet, CD of the CC, and the Toolbox will be available for each attendee.