|
Workshops Program |
|
Thursday, October
19, 2000 |
1:00 - 6:00 p.m.
8:00 a.m. Registration
Pre-registration required - Cost: $125
Attendance limited
Switching between workshops cannot be accommodated.
Add to your conference experience by
attending one of these outstanding technical workshops. |
|
Workshop
1 |
Investigating Computer Virus and Other
Malware Incidents
- Christine M. Orshesky, i-secure
Corporation
With the increasing spread of computer
viruses and worms that can lurk in an organization, it is no
longer feasible to rely solely on single point detection and
repair techniques. Virus-related incidents must be investigated to
determine where the virus originated, where it spread, and what
damage it may have caused or may cause in the future. This
workshop will show you how to make those determinations through
effective response and investigation techniques for computer
viruses and other malware incidents. The workshop will provide a
brief foundation on the functionality of computer viruses and
other forms of malware with an emphasis on the ways they can enter
an organization, the ways they spread, and the types of damage
they can cause. Key techniques in the response and investigation
of such incidents will be discussed and demonstrated. You will
have a hands-on opportunity to investigate several computer virus
and malware incidents.
|
|
Workshop
2 |
Staying Ahead of the Hackers: Network
Vulnerability Testing
- Ken Cutler, Information Security
Institute
Protecting and auditing Internet-TCP/IP
network technology is a major challenge. In this state-of-the-art
session, you will learn how to systematically test the security of
important security hot spots for entire TCP/IP networks as well as
for individual systems. You will receive the necessary guidance to
build a versatile and powerful cyberspace audit toolkit to test
for serious TCP/IP network security vulnerabilities that are
frequently exploited by hackers and other intruders. The session
agenda includes: an evaluation of the significance of recent
incidents, advisories, and trends in network attacks and
vulnerability conditions; a systematic, graduated plan for "discovering"
a network and identifying serious vulnerabilities; sources for
obtaining vital information and tools associated with detecting
serious Internet/Web security exposures; methods for reviewing
freeware, shareware, and commercial tools for auditing the
security of individual servers, firewalls, and entire TCP/IP
networks, including: network discovery tools, network mappers,
port scanners, network security scanning tools, host security
scanning tools, and firewall and web server security testing
techniques.
This session assumes a working knowledge of
TCP/IP and client/server technology.
|
|
Workshop
3 |
Information System Survival School
- Gail Brooks, Mary Washington College
Are you just getting started in information
security? This course has been designed to help you come up to
speed on the significance of computer and network attacks that are
directed at your systems! No prerequisites are needed. The axioms
of information assurance, confidentiality, integrity, and
availability are introduced with examples of real attacks and
defensive countermeasures. The most current attacks on the
Internet are detailed against an historical backdrop so students
can develop a sense of perspective. One attack - the RingZero
proxy scanning trojan - is discussed in depth by the analysts who
discovered it. This illustrates not just the significance of
trojan-based attacks, but the kind of team-based analysis needed
to run a-ground new hacker ploys. A discussion of information
warfare at the national level and the issues of infrastructure
protection will lead into a "from the trenches" process
for incident handling.
|
|
Workshop
4 |
Cryptography for Beginners: What is it
and how can I use it?
- Jim Litchko, Litchko & Associates,
Inc.
KEY, RSA, PKI, SET, SSL, VPN, PGP...As with
all things technical or bureaucratic, these three letter acronyms
surrounding e-commerce can present a conundrum to information
professionals charged with securing the business transactions of
their company. This session bridges the technical, the
bureaucratic, and the social. Specifically, the session offers you
an explanation of cryptographic basics, concentrating on the tools
and methods necessary for privacy for business transactions and
their uses in electronic commerce. This is not a technical
presentation to discuss technical characteristics of the schemes.
The session is specifically aimed at the individual who cares less
about the mathematics behind the techniques and more about the
what, why, and how of cryptographic tools for protecting digital
information. The word "practical" is key. Using blocks,
pens hoses, rope, and real-world case studies, the instructor will
explain what secret key, public, and hashing algorithms are and
how they address security problems for electronic commerce and
everyday situations. More importantly, you will learn when it is
appropriate to use cryptography and when it is not. Examples from
such fields as military, banking, internet gambling, healthcare
and more will be featured. |
|
Workshop
5 |
Introduction to the National
Certification and Accreditation Approach (The NIACAP)
- Mark S. Loepker, National Security Agency
- Barry Stauffer, Corbett Technologies,
Inc.
The National Information Assurance
Certification and Accreditation Process (NIACAP) establishes a
national standard process, a set of activities, general tasks, and
a management structure to certify and accredit systems that will
maintain the Information Assurance (IA) and security posture of an
organization. The NIACAP focuses on the organization's mission and
information system (IS) business case. In this workshop you will
see that the process is designed to certify that the IS meets well
defined and agreed to accreditation requirements and will continue
to maintain the accredited security posture throughout the system
life cycle. You will also see that the NIACAP is adaptable to any
type of IS and any computing environment and mission. You will
learn how the process can be adapted to include existing system
certifications and evaluated products, and how users of the
process must align the process with their program strategies and
integrate the activities into their enterprise system life cycle.
You will see that while NIACAP maps to any system life-cycle
process, its four phases are independent of the life-cycle
strategy. |
Workshop
6 |
Introduction to the Common Criteria
(CC), Common Evaluation Methodology (CEM), and Common Criteria
Toolbox
- Michael McEvilley, Mitretek Systems, Inc.
- Gary Grainger, Mitretek Systems, Inc.
- Frank Belvin, The MITRE Corporation
With the growing need for an internationally
recognized and flexible criteria to specify security requirements
and to replace the inflexible Trusted Computer Systems
Evaluation Criteria (TCSEC), DoD 5200.28, the Common
Criteria for Information Technology Security Evaluation,
ISO/IEC Standard 15408 was developed by an International
community. This workshop is designed for individuals just becoming
familiar with the Common Criteria. Three separate sessions will be
offered focusing on the Common Criteria, Common Evaluation
Methodology, and Common Criteria Toolbox. Upon completion of the
sessions, you will have a greater understanding of the IT 11
functional and 9 assurance security requirements in the CC, how to
assemble the requirements into protection profiles and security
targets that comply with the normative, how to select functional
and assurance requirements based on an objective, how the
evaluation methodology is employed in the security testing
process, and how the automated tools can be used to make the
requirements specification process more efficient and expedient.
You will learn how the CC offers consumers and producers of
commercial-off-the-shelf (COTS) products a flexible and extensible
approach for defining security requirements in IT products and
systems. You will see that with the need for security enabled and
enhanced information technology (IT) to support consumer needs and
the critical infrastructure, the CC provides a framework for
stipulating requirements and a comprehensive approach for testing
IT products and systems using a Common Evaluation Methodology.
Thus, the criteria provides an internationally recognized basis
for specifying and testing a wide range of technologies such as
operating systems, database management systems, PKI, firewalls,
smartcards, telecommunications switches, network devices,
middleware, and applications.
Using the Common Criteria can help:
- Convey consumer security requirements to
IT product developers
- Determine if IT product developers
produced what was specified
- Improve the ways consumers achieve
assurance in IT products and systems
Slides booklet, CD of the CC, and the
Toolbox will be available for each attendee. |
Last update October 12, 2000 |