M1: INTRUSION DETECTION AND PREVENTION SYSTEMS
NEW
Marcus Ranum, Consultant
Who should attend: Network or security managers responsible for
an IDS roll-out, security auditors interested in assessing IDS
capabilities, security managers involved in IDS product selection.
Overview: Attendees will learn the advantages and disadvantages
of popular approaches to Intrusion Detection Systems (IDSes), how to
deal with false positives and noise, where to deploy IDSes, how to test
them, how to build out-of-band IDS management networks, and how they
interact with switches, routers, and firewalls.
Topics include technologies, deployment issues, and management
issues.
Marcus J. Ranum (http://www.ranum.com) is the inventor of the
proxy firewall and the implementer of the first commercial firewall
product. He holds both the TISC "Clue" award and the ISSA Hall of Fame
award.
M2: LOGGING & SECURITY: BUILDING AN ENTERPRISE
LOGGING INFRASTRUCTURE
Tina Bird, Stanford University
Who should attend: System administrators and network managers
responsible for monitoring and maintaining computers and network devices
in an enterprise environment. Participants should be familiar with the
UNIX and Windows operating systems and basic network security.
Overview: Every device on your network spits out millions of
lines of audit information a day. Hidden within that data are the first
clues that systems are breaking down, attackers are breaking in, and end
users are breaking up. This class will teach you how to build a log
management infrastructure and how to figure out what your log data
means.
Topics include the extent of the audit problem, logfile
generation, log management, and legal issues.
Tina Bird is a Computer Security Officer at Stanford University.
She designs and implements security infrastructure for University
systems; provides security alerts for machines on the 40,000-host
network; and works on healthcare information security and the
university's logging infrastructure.
M3: WIFI SECURITY: THE TRIALS AND TRIBULATIONS OF DESIGNING,
DEPLOYING, AND USING WIFI NETWORKS
SECURELY
NEW
William Arbaugh, University of Maryland, College Park
Who should attend: Anyone who needs to design, deploy, and/or
operate a WiFi network. Previous experience with or knowledge of
wireless networking is helpful but not required.
Overview: This tutorial presents security problems with WiFi
equipment and explains standards changes designed to mitigate or
eliminate those problems. Attendees will be shown how to design, deploy,
and test wireless architectures using legacy, WPA, and RSN equipment and
open source software.
Topics include known attacks and the tools that implement them,
WiFi Protected Access and RSN, designing and deploying a secure WiFi
network, and testing your network using open source tools.
William A. Arbaugh has spent over 15 years performing security
research and engineering. He and his students were among the first to
identify security flaws contained in the IEEE 802.11 standard, as well
as proposed fixes to the standard.
M4: DDOS ATTACKS AND DEFENSES: OVERVIEW, TAXONOMY, AND FUTURE
DIRECTIONS
NEW
Jelena Mirkovic and Peter Reiher, UCLA
Who should attend: Researchers intending to contribute to DDoS
defense, and field and security officers who need to understand and deal
with DDoS attacks.
Overview: Distributed denial of service (DDoS) attacks are a
great threat to the Internet, because their diffuse nature makes it
difficult to control or stop them. This tutorial will describe how DDoS
attacks work, based on analysis of actual attacks and the tools used to
perpetrate them.
Topics include the best uses of the tools available today;
research that is likely to produce more powerful tools; probable future
trends in DDoS attacks; and a taxonomy for classifying DDoS attack and
defense mechanisms, which will aid in understanding the scope of the
threat and the possible range of responses.
Jelena Mirkovic is completing her doctorate at UCLA. She has
designed and implemented a source-end DDoS defense system that stops
outgoing DDoS attacks while preserving legitimate traffic.
Peter Reiher is an adjunct associate professor at UCLA. His
reseach focuses on distributed systems and security. Dr Reiher was a
co-recipient of the Award for the Top 100 R&D Projects in the United
States.
T1: BUILDING HONEY POTS FOR INTRUSION DETECTION
Marcus Ranum, Consultant
Who should attend: System and network managers with
administrative skills and a security background. Attendees will benefit
if they have at least basic UNIX system administration skills.
Overview: This class provides a technical introduction to the art
of
building honey pot systems for intrusion detection and burglar-alarming
networks. Attendees will learn how to assemble their own honey pot,
install it, maintain it, keep it secure, and analyze the data from it.
Topics include the fundamentals of IDSes, burglar alarms, honey
pots, and log-data analysis; a detailed explanation of honey pot design,
including tools and techniques, services, spoofing, honeyd, LaBrea
tarpitting, logging architecture, and simple tricks for information
visualization; how
to get help in analyzing data; and legal issues of entrapment,
privacy,
and liability.
Marcus J. Ranum (http://www.ranum.com) is the inventor of the
proxy firewall and the implementer of the first commercial firewall
product. He holds both the TISC "Clue" award and the ISSA Hall of Fame
award.
T2: HACKING AND SECURING WEB-BASED APPLICATIONS
NEW
David Rhoades, Maven Security Consulting, Inc.
Who should attend: People who are auditing Web application
security or are developing or managing the development of a Web
application.
Overview: Although numerous commercial and freeware tools assist
in locating network-level security vulnerabilities, these tools are
incapable of locating application-level issues. This course will
demonstrate how to identify security weaknesses for Web-enabled services
that could be exploited by remote users.
Topics include information-gathering attacks; user sign-off
verification; OS and Web server weaknesses; finding the weakest link in
encryption; session tracking; authentication; and transaction-level
issues.
David Rhoades is a principal consultant with Maven Security
Consulting, which provides information security assurance and training
services. His work has taken him across the U.S. and to Europe and Asia,
where he has lectured and consulted in various areas of information
security.
T3: NETWORK SECURITY PROTOCOLS: THEORY AND CURRENT STANDARDS
Radia Perlman, Sun Microsystems
Who should attend: Anyone who wants to understand the theory
behind network security protocol design and get an overview of the
alphabet soup of standards and cryptography. Although the tutorial is
technically deep, no background other than intellectual curiosity and a
good night's sleep is required.
Overview: This tutorial first convers the conceptual problems and
solutions, and then specifics of the standards. It describes the pieces
out of which all these protocols are built, discusses subtle design
issues, and covers the kinds of mistakes people make when designing
protocols.
Topics include cryptography, key distribution, handshake issues,
PKI standards, real-time protocols, secure email, and Web security.
Radia Perlman is a Distinguished Engineer at Sun Microsystems.
She is one of the 25 people whose work has most influenced the
networking industry, according to Data Communications Magazine,
and she holds about 50 issued patents.
T4: USING FREEBSD'S ADVANCED SECURITY FEATURES
NEW
Mike DeGraw-Bertsch, Consultant
Who should attend: System administrators and managers responsible
for securing IT assets whose requirements have outgrown their existing
infrastructure. Participants should be familiar with basic system
security.
Overview: This tutorial addresses the risks companies face today,
discusses how to evaluate and lessen those risks, and shows how to use
FreeBSD to create cost-effective, secure computing environments.
Topics include assessing risks; TrustedBSD for security
evaluation; using FreeBSD's ports system for patches; jails and virtual
machines; firewalls; access controls; authentication via PAM or POPIE;
and configuring secure firewalls, log hosts, servers, and clients.
Mike DeGraw-Bertsch is a security and networking consultant who
has been working with FreeBSD for ten years and has been active in
security for the past five years.
Need help? Use our Contacts page.