[ISN] NSS Security Conference Announcement

From: jerichot_private
Date: Mon Apr 20 1998 - 21:47:51 PDT

  • Next message: jerichot_private: "[ISN] Secret Service Hackers Can't Crack Intranet"

    Forwarded From: Network Security Solutions <nssinfot_private>
    
    
             Network Security Solutions Conference Announcement
    
                    July 29th and 30th, Las Vegas Nevada
    
    
    ******************  Call For Papers Announcement ***************************
    
    Network Security Solutions is now accepting papers for its 1998
    event. Papers and requests to speak will be received and reviewed from
    March 24th until June 1st.  Please submit an outline on a self selected
    topic covering either the problems or solutions surrounding network
    security.  Topics of interest include Intrusion Detection Systems (IDS),
    distributed languages, network design, authentication systems, perimeter
    protection, and more.  Talks will be an hour with a half hour for Q&A.
    There will be LCD projectors, overhead, and slide projectors.
    
    Updated announcements will be posted to newsgroups, security mailing lists,
    email, or visit the website at http://www.blackhat.com/
    
    Current speakers include:
    
    Marcus Ranum, Network Flight Recorder CEO.
    Bruce Schneier, Counterpane Systems CEO.
    Ira Winkler, president of the Information Security Advisory Group.
    Theo DeRaadt, OpenBSD Lead Developer.
    Tom Ptacek, Secure Networks Inc.
    Scott Waddell, Cisco-Wheelgroup corporation.
    Dominique Brezinski, Network Security Professional at Secure Computing Corp.
    Peter Shipley, Independent Security consultant.
    Richard Thieme, Thiemeworks, Inc.
    Winn Schwartau, Interpact Inc.
    Dr. Mudge, L0pht Heavy Industries administrator.
    Ray Kaplan, Meet the Enemy panel discussion, Q&A.
    Jennifer Granick, Attorney at law.
    
    
    ****************************************************************************
    
    It's late. You're in the office alone, catching up on database
    administration.  Behind you, your network servers hum along quietly,
    reliably.  Life is good.  No one can get to your data or disrupt your WAN.
    The network is secure.  Or is it?
    
    The Network Security Solutions conference has been organized to put an end
    to concerns like these.  While many conferences focus on information and
    network security, only Network Security Solutions will put your engineers
    and software programmers face-to-face with today's cutting edge computer
    security experts and "underground" security specialists.
    
    Only the Network Security Solutions conference will provide your people
    with the tools and understanding they need to thwart those lurking in the
    shadows of your firewall.
    
    The reality is, they are out there.  The choice is yours.  You can live in
    fear of them.  Or, you can learn from them.
    
    ****************************************************************************
                              Conference Overview
    
    The Network Security Solutions Summer '98 conference (Formerly known as The
    Black Hat Briefings) was created to fill the need of computer professionals
    to better understand the security risks to their computer and information
    infrastructures by potential threats.  To do this we assemble a group of
    vendor-neutral security professionals in the same room and let them talk
    candidly about the problems businesses face, and the solutions they see to
    those problems.  No gimmicks, just straight talk by people who make it
    their business to explore the ever changing security space.
    
    Spanning two days with two separate tracks, Network Security Solutions will
    focus on the vital security issues facing organizations with large
    Enterprise networks and mixed network operating systems.  Topics will
    include Intrusion Detection Systems (IDS), denial of service attacks and
    responses, secure programming techniques and tool selection for creating
    and effectively monitoring secure networks.
    
    NSS's intense sessions will bring to light the security and
    misconfiguration problems confronting organizations and network
    administrators, most of which go unnoticed by today's preoccupied system
    admins where security gets put off in lieu of constant network growth and
    upgrades.  Our experts will discuss the strategies involved in correcting
    existing problems and any problems on the horizon.
    
    Current Intrusion Detection Systems and strategies will be covered so that
    
    attendees may learn how to stop these problems before they occur.  CIO's
    are welcome, but they should bring the people implementing their network
    strategies and building their applications, because this conference is
    for them.
    
    ****************************************************************************
                                    Speakers 
    
    There will be 18-20 speakers covering two tracks speaking over two days.
    Speeches will be more technically oriented and last 1 1/2 hours each.  The
    goal of the talks are to inform the audience with quality current state
    system vulnerabilities and fixes.  Because of our unique speakers NSS will
    offer the audience a deep insight into the real security issues facing your
    network with no vendor pitches.
    
                                Wednesday, July 29th
    
    08:30 - 09:00   Breakfast
    
    09:00 - 09:45   Keynote Address: Marcus Ranum - How to REALLY secure the
                                     Internet.
    
    10:00 - 11:30   Track A  Richard Thieme - Convergence -- Every Man (and
                             Woman) a Spy. 
    
                    Track B  Dominique Brezinski - Penetrating NT Networks
                             Through Information Leaks and Policy Weaknesses.
    
    11:40 - 13:10   Track A  Ira Winkler - Information Security: Beyond the
                             Hype.
    
                    Track B  Theo DeRaadt - A discussion of secure coding
                             issues, problems with maintaining OS source trees,
                             and secure program design philosophies.
    
    13:20 - 14:20   Lunch
    
    14:25 - 15:20   Ray Kaplan: Meet the Enemy Session.
    
    15:30 - 17:00   Track A  [Empty]
    
                    Track B  Scott Waddell - 
    
    
    
                                Thursday, July 10th
    
    09:00 - 09:45   Keynote Address: Bruce Schneier - Mistakes and Blunders:
                                     A Hacker Looks at Cryptography.
    
    10:00 - 11:30   Track A	 [Empty]
    
                    Track B  Dr. Mudge - Real world VPN implementation
                             problems.
    
    
    11:40 - 13:10   Track A  Jennifer Granick - 
    
                    Track B  Peter Shipley - An overview of a 2 year effort
                             in massive multi-modem wardialing.
    
    13:20 - 14:20   Lunch 
    
    14:25 - 15:20   Panel 1  The benefits and problems of commercial security
                             software.  This panel of 5 people and moderator
                             will explore what products work, and what doesn't
                             in specific applications. Q&A.
    
                    Panel 2  The Merits of Intrusion Testing - What is the
                             benefit of having people break into your network.
                             A panel 5 people.
    
    15:30 - 17:00   Track A  Winn Schwartau - 
    
                    Track B  Tom Ptacek - Problems with Intrusion Detection
                             Systems.
    
    ****************************************************************************
                         Speaker Topics and Biographies
    
    - MARCUS RANUM, President and CEO of Network Flight Recorder, Inc.
    How to REALLY secure the Internet. Is it possible to really secure the
    Internet? With current technology and methods, the answer would appear
    to be a resounding "no." We've tried security through stepwise refinement
    and security through consensus - the best remaining solutions are
    totalitarian and draconian.  Marcus will present an outline for how the
    Internet could be secured through some simple, cost effective methods.
    He'll also explain why it won't happen.
    
    Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been
    specializing in Internet security since he built the first commercial
    firewall product in 1989. He has acted as chief architect and implementor
    of several other notable security systems including the TIS firewall
    toolkit, TIS Gauntlet firewall, whitehouse.gov, and the Network Flight
    Recorder. Marcus frequently lectures on Internet security issues, and
    is co-author of the "Web Site Security Sourcebook" with Avi Rubin and
    
    Dan Geer, published by John Wiley and Sons. 
                              
    - BRUCE SCHNEIER, President of Counterpane Systems and author of Applied
    Cryptography.  Mistakes and Blunders: A Hacker Looks at Cryptography.
    >From encryption to digital signatures to electronic commerce to secure
    voting--cryptography has become the enabling technology that allows us
    to take existing business and social constructs and move them to computer
    networks.  But a lot of cryptography is bad, and the problem with bad
    cryptography is that it looks just like good cryptography; most people
    cannot tell the difference.  Security is a chain: only as strong as the
    weakest link.  In this talk I'll examine some of the common mistakes
    companies make implementing cryptography, and give tips on how to avoid
    them.  
    
    Bruce Schneier is President of Counterpane Systems, the author of
    Applied Cryptography, and the inventor the Blowfish algorithm.  He
    serves on the board of the International Association for Cryptologic
    Research and the Electronic Privacy Information Center.  He is a
    contributing editor to Dr. Dobb's Journal, and a frequent writer and
    lecturer on cryptography.
                              
    - THEO DERAADT, Lead developer of OpenBSD. 
    A discussion of secure coding issues, problems with maintaining OS
    source trees, and secure program design philosophies.  Regular systems
    software has many security problems.  A number of approaches at auditing
    and repairing these problems have been developed as a result of the
    OpenBSD project.
    
    Theo de Raadt heads the OpenBSD project.  This 4.4BSD derived operating
    system project has increasingly placed its focus on discovery and
    repair of security issues.  Due to a 2 year auditing process by a
    10-member team, OpenBSD is probably the most secure operating system
    in common use today.  For more information, see
    http://www.OpenBSD.org/security.html
                             
    - IRA WINKLER, President of the Information Security Advisory Group. 
    Information Security: Beyond the Hype If you read the headlines today,
    you would think that no matter what people are doing to secure themselves,
    they will never be secure.  The reason this idea comes across is
    that the media focuses on the threats and stories about unstoppable
    geniuses that can compromise even the Pentagon. The truth is that you
    can protect yourself from even the most diabolical genius.  This
    presentation discusses Information Security from a Risk based perspective.
    The threats to your systems are discussed, but more important the
    vulnerabilities that actually allow the threats to compromise your
    systems are discussed.  Using that information, you can then choose the
    countermeasures you need to protect yourself and your organization.  This
    presentation will show you that while there is no such thing as perfect
    security, you can protect yourself from almost all of the most serious
    threats.  Probably what is most valuable to attendees is guidance on how
    to spend limited funding in the most efficient manner. 
    
    Ira Winkler, CISSP is considered one of the world’s leading experts on
    Information Security, Information Warfare, investigating information
    related crimes, and Industrial Espionage.  He is author of the book,
    Corporate Espionage, and President of the Information Security Advisors
    Group.  His clients include some of the largest companies and banks in
    the world.  He is also a columnist for ZDTV with his column titled
    SpyFiles.  He also functions as the network's security expert.  Previously,
    Mr. Winkler was with the National Security Agency and was the Director of
    Technology with the National Computer Security Association.  He has also
    performed studies on Information Warfare for the Joint Chiefs of Staff. 
    
    - DOMINIQUE BREZINSKI, Network Security Professional at Secure Computing
    Corporation. Penetrating NT Networks Through Information Leaks and Policy
    Weaknesses.  The focus of this presentation will be a demonstration of how
    Windows NT hosts can be queried for information and how the information
    
    can be correlated to provide an attacker with a path of least resistance.
    Even though many Windows NT networks have few remotely exploitable
    technical vulnerabilities (buffer over-runs, flawed CGI scripts, address
    based authentication etc.), most NT networks give away too much
    information.  By analyzing the information it is easy to find policy
    weaknesses that can be exploited to gain access to the NT hosts.  Custom
    tools will be demonstrated on a small network. 
    
    Dominique Brezinski is a Network Security Professional at Secure
    Computing Corporation and has been concentrating on Windows NT and
    TCP/IP network security issues for four years. Prior to working for
    Secure Computing, Mr. Brezinski worked as a Research Engineer at
    Internet Security Systems where he was responsible for finding new
    vulnerabilities and security assessment techniques for Windows NT.  In
    1996 Mr. Brezinski published a white paper entitled "A Weakness in
    CIFS Authentication" which revealed a serious flaw in the
    authentication protocol used in Windows NT (NT LM Security). It was
    shown for the first time that an attacker could completely subvert
    the network authentication in Windows NT to gain unauthorized access
    to Windows NT servers. Mr. Brezinski has continued to demonstrate
    advanced techniques for assessing the risks present in Windows NT
    networks.   
    
    - RICHARD THIEME, Thiemeworks, Inc.  Convergence -- Every Man (and Woman)
    a Spy.  Arbitrary digital interfaces - television, PCs, PDAs - are
    converging, but that's only part of the story. The roles people play
    in work and life are converging too. Intelligence agents, knowledge
    managers for global corporations, competitive business intelligence
    agents, sysadmins, hackers,  journalists, and CIOs are becoming
    indistinguishable. Why does that matter? Because the ability to
    synthesize and integrate information, manage complexity and ambiguity,
    morph continually into roles appropriate to a shifting work context, and
    somehow remember who you are - that's what matters most. Our
    presentations of ourselves are the powerful levers that move mountains
    in the digital world. Richard Thieme discusses why and how to do it.
    
    Richard Thieme is a business consultant, writer, and professional speaker
    focused on the human dimension of technology and the workplace. His
    creative use of the Internet to reach global markets has earned accolades
    around the world.  "Thieme knows whereof he speaks," wrote the Honolulu
    Advertiser. He is "a prominent American techno-philosopher" according to
    LAN Magazine (Australia), "a keen observer of hacker attitudes and 
    behaviors" according to Le Monde (Paris), "one of the most creative minds
    of the digital generation" according to the editors of Digital Delirium,
    and "an online pundit of hacker culture" according to the L A Times.
    
    Thieme's articles are published around the world and translated into
    German, Chinese, Japanese and Indonesian. His weekly column, "Islands
    in the Clickstream," is published by the Business Times of Singapore,
    Convergence (Toronto), and South Africa Computer Magazine as well as
    distributed to subscribers in 52 countries.
    
    Recent clients include:  Arthur Andersen; Strong Capital Management;
    System Planning Corporation; UOP; Wisconsin Power and Light; Firstar
    Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company;
    Allstate Insurance; Intelligent Marketing; and the FBI.
    
    - RAY KAPLAN. Generally, "hackers" are regarded as criminals by the
    "legitimate community."  Who are these "hackers" that seem to keep
    whacking on our systems and networks? Are they merely scumbag reprobates
    that should be purged from the society?  Is there anything to learn from
    them?  This session is intended to introduce the two sides of the security
    equation to one another in a forum which fosters open, detailed, honest
    communication.  Bring your questions.
    
    Who are the enemies of computer and network security?  What techniques do
    they employ against us?  Are those that attack our  systems all just a
    bunch of slime balls that are devoid of morals,  ethics, and common sense?
    
    While in the minority of reported  computer crime statistics, the skilled
    outsider still represents a  significant threat.  
    
    This session explores who they are, their attitudes, their techniques, their
    successes and their failures from the perspective of what we have to learn
    from them to better protect your systems and networks.  This classic session
    allows you to interact directly with members of the computer underground.
    Join us for some stimulating conversation with those who computer security
    professionals consider to be their enemies.  
    
    Mr. Kaplan has been actively involved with system and network security as
    a consultant for over half of his more than 20 years in the industry.
    There is no question that he hacks.  However, he is not a criminal.  His
    clients have included the world's largest financial institution, smallest
    commodities broker and a wide variety of organizations, including
    multinational and Fortune 100 companies from all segments of the economy,
    and public institutions all over the world.  
    
    Mr. Kaplan is a very prolific lecturer, instructor and writer.  He
    consults, lectures and teaches technical system and network-related topics
    all over the world.  His articles are frequently published in major computer
    journals and magazines.  In over ten years of public speaking and
    audio/video conference production, he has given over 2,000 technical,
    tutorial-style presentations and lectures in forums such as professional
    societies, seminars and his consulting.  As a frustrated inventor, he is
    forever trying to rid the  world of inefficiency, frustration and waste by
    pursuing new paradigms in the delivery of training, education and technical
    information. 
    
    - PETER SHIPLEY - An overview of a 2 year effort in massive multi-modem
    wardialing.  Security problems occur when obvious security problems are
    overlooked.  One commonly overlooked problem is alternative access methods
    to a corporate Intranet from an external machine. Many if not most
    companies are overlooking their secondary vulnerabilities surrounding
    alternate methods of  network access.
    
    Mr. Shipley will present research covering an overview of a 2 year effort
    in massive multi-modem wardialing.  His findings will include some personal
    observations and the results obtained from scanning the San Francisco Bay
    area.  When Mr. Shipley started this project he noted that there were no
    published research references to wardialing or documented statistical
    results of the types of equipment and computer networks commonly found
    on the POTS (Plain old telephone system) network.  Mr. Shipley decided to
    change that through his research.
    
    Mr. Shipley Is an independent consultant in the San Francisco Bay Area with
    nearly thirteen years experience in the Computer Security field.
    Mr. Shipley is one of the few individuals who is well known and respected
    in the professional world as well as the underground and hacker community.
    He has extensive experience in system and network security as well as
    programming and project design. Past and current clients include TRW, DHL,
    Claris, USPS, Wells Fargo, and KPMG.  In the past Mr. Shipley has designed
    Intranet banking applications for Wells Fargo, Firewall design and testing
    for and, WWW server configuration and design for DHL.  Mr. Shipley's
    specialties are third party penetration testing and firewall review,
    computer risk assessment, and security training.  Mr. Shipley also performs
    post intrusion analysis as well as expert witness testimony.   Mr. Shipley
    is currently concentrating his efforts on completing several research
    projects.
    
    - TOM PTACEK, Secure Networks, Inc., Problems with Intrusion Detection
      Systems.
                             
    - DR. MUDGE, Administrator of the Boston L0pht Heavy Industries.
    Real world VPN implementation security issues.
    
    As one of the prominent members of the hacker group 'The L0pht', mudge has
    been responsible for numerous advisories and tools in use in both the black
    
    hat and white hat communities. L0phtcrack, the Windows NT password
    decryptor - monkey, the S/Key password cracker, Solaris getopt() root
    vulnerability, sendmail 8.7.5 root vulnerability, Kerberos 4 cracker,
    and SecurID vulnerabilities are some of the recent offerings that mudge
    has contributed to the security community. Mudge recently finished
    cryptanalysis work with some of the top US cryptographers - papers
    will be published within the next several months. The BBC, Wired
    Magazine, Byte Magazine, and the Washington Post have all recently covered
    mudge and the L0pht's ongoing projects.
    
    - SCOTT WADDELL, Cisco-Wheelgroup corporation.
      
    ****************************************************************************
                               Fees and Registration
    
    Registration fees before July 10th are $995, after the 10th are $1195 US.
    
    To register please use the online registration page at
    https://convmgmt.com/security/reg.htm
    
    Current payment methods include American Express, Master Card, Visa, and
    company checks and money orders.  You will receive a confirmation letter
    in the mail informing you of a successful registration.
    
    ****************************************************************************                   
                                 Hotel Information
    
    
    Network Security Solutions '98 will take place July 29th and 30th at the
    Plaza Hotel & Casino in Las Vegas, Nevada. To take advantage of conference
    rates, reservations must be made prior to June 9. When making arrangements,
    please reference Network Security Solutions.
    
    The Plaza Hotel and Casino, 
    Number One Main Street
    Las Vegas, NV
    Phone: 1-800-634-6575 
    
    ****************************************************************************
                  Network Security Solutions Summer '98 Sponsors
    
    
    Aventail Corporation
    
    http://www.aventail.com/
    
    Aventail (tm) Corporation is the pioneer of policy-based Virtual Private
    Network (VPN) software solutions.  Its award winning product, Aventail VPN
    (tm) , enables corporations to privately communicate, share applications,
    and securely exchange business-critical information over the Internet with
    their business partners, customers, suppliers, and remote/mobile employees.
    Aventail’s adherence to open security standards simplifies VPN deployment,
    enables interoperability, and leverages corporations’ existing network
    investments.
    
    Network Flight Recorder
    
    http://www.nfr.com/
    
    Network Flight Recorder builds traffic analysis and monitoring tools that
    help you see how your network is being used.  Nobody's network is
    shrinking or getting less complicated - and networking is becoming the
    lifeblood of many modern businesses.  In other words, your job is getting
    harder and more important.  Network Flight Recorder's monitoring package
    gives you a flexible, user-programmable system that lets you: Recover or
    monitor online transaction records, keep historical statistics about how
    your network grows, generate detailed breakdowns of how your network
    services are being used and by whom, watch for patterns of abuse of
    network resources and identify the culprit in real-time, set burglar
    alarms that alert you to security violations or unexpected changes in
    your network, log and monitor who went where on your network, and
    replay attackers' sessions and learn what they did.
    
    Knowledge is power, and knowing what's going on within your network is
    the key to keeping it operating smoothly. Like our namesake, the aircraft
    flight recorder, our system records the information you want about what
    happened when, where, and how. If you need to go back and look at a
    reliable record of events, your Network Flight Recorder is the first
    place to check. 
    
    We are dedicated to providing the best possible tools for understanding
    your network traffic, so you can maintain it and secure it. 
    
    Counterpane Systems
    
    http://www.counterpane.com/
    
    Counterpane Systems is a cryptography and computer security consulting
    firm. We are a virtual company based in Minneapolis, with three full-time
    
    employees and six part-time contractors.  Counterpane provides expert
    consulting on Design and Analysis.  This is the majority of
    Counterpane's work: making and breaking commercial cryptographic systems
    and system designs.  We can analyze all aspects of a security system,
    from the threat model to the cryptographic algorithms, and from the
    protocols to the implementation and procedures.  Our detailed reports
    provide clients with information on security problems as well as
    suggested fixes.
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:01 PDT