NASA Computer Security Conference
John A. Morrison
morrison at killerbee.jsc.nasa.gov
Fri Apr 26 19:39:35 EST 1996
TISC '96 Conference Information
RISK MANAGEMENT ...
InterNET Gains and Losses
J.W. Marriott, Galleria - Houston, Texas
May 13th - 16th, 1996
WELCOME TO HOUSTON
May 13 - 16, 1996, those involved with computer security, will convene at the
Galleria J.W. Marriott Hotel and Convention Center in Houston, Texas, next to
world-famous Gallerias I, II and III.
The Mission Operations Directorate's AIS Security Engineering Team, with
sponsorship by NASA, provides a Computer Security Conference every 12 to
18 months. These conferences are held within the Houston area, and are
provided with the express purpose of infusing new technology into the
aerospace community which services Mission Operations Directorate's
computing resources.
TISC '96 REGISTRATION INFORMATION
Pre-registration must be received by April 30th, 1996 to take advantage of
early registration discounts. On-site registration will be from 7:00 a.m.
on Monday, May 13th, 1996 and from 7:00 a.m. to 5:00 p.m. on Tuesday,
May 14th, 1996. If you have any questions concerning conference
registrations, please contact College of the Mainland at (409) 938-1211
ext. 280 or via email by:
"esocha at campus.mainland.cc.tx.us"
Latest information is always available at http://aset.rsoc.rockwell.com.
DAY ONE - TUESDAY, MAY 14th, 1996 - 9:00 -
KEYNOTE SPEAKER: PLENARY - Winn Schwartau
Winn Schwartau, one of the country's leading experts on information security
and electronic privacy is often referred to as "the civilian architect of
information warfare". His writings and research have brought a previously
classified subject into the commercial open source arena.
With hundreds of credits to his name, his articles and often controversial
editorial pieces appear in such magazines as, Information Week, Network World,
ComputerWorld, Network Security, Internet World, Virus Bulletin, Security
Management, Infoworld, PC Week, etc. Mr. Schwartau also wrote a script for
TV's Law and Order called, "The Hacker."
Abstract:
Information Warfare
Winn Schwartau will present his eye-opening and occasionally controversial
views in Information Warfare - a conflict fought without bombs or bullets.
He will examine the culture of the Post Cold War world, and discuss why
Info-War has to occur, effectively bypassing governments and the military.
He will examine all three classes of InfoWar:
Class I - Personal Privacy: In Cyberspace you Are Guilty Until Proven
Innocent
Class II - Industrial Espionage: Current US policies actually encourage
espionage.
Class III - Global conflict, terrorism and the military.
Be prepared for a highly illuminating session with the Civilian Architect
of Information Warfare.
SCHEDULE - WORKSHOPS
==============================================================================
Monday, MAY 13th - 1996
7:30 WORKSHOP / CONFERENCE REGISTRATION
9:00 WORKSHOPS BEGIN
WORKSHOP 1 - Investigative Techniques
Thomas Welch, Welch & Welch Investigations
This course covers options and responsibilities after an attack, and primary
issues of computer crime investigations, including:
- Legal Constraints
- Privacy Concerns
- Investigative Techniques
- Computer Forensics
A look at what to do before and after an alleged attack.
WORKSHOP 2 - Secure Internet Commerce
Steve Cobb, NCSA
The three main categories of Internet Commerce are discussed:
- Secure Transactions
- Digital Cash
- Virtual Private Networks
Security Technologies, peripheral risk and exposure; suggestions for policy
and procedures that reduce risks and exposures are presented.
WORKSHOP 3 - Windows NT Security
Dr. Eugene Schultz, SRI
Fundamentals of Windows NT Server security exposures and features.
- NTAS Security Model
- Security Exposures and Incidents
- Account and Group Management
- Rights and Privileges
- Control Measures for Remote Access Servers
- Control Exposures from Internet Connectivity
- Configuration and Auditing to Detect Incidents
WORKSHOP 4 - Client Server Security
Doug Conorich, AXENT Technologies, Inc.
A description of a new architecture for managing security in today's
multi-platform enterprise network is presented, along with tools to
manage it.
Also, information that provides the advantages for taking measurements
regularly, even daily over traditional methods.
WORKSHOP 5 - UNIX Security Tools
Hughes STX, NASIRC
For Systems Administrators.
Security of UNIX systems in a network environment. Includes the following:
- Overview of increasing risks.
- Hacker Attack Methods
- On-Line Information Resources
- Automated Tools for System Administration
- Automated Tools for System Security
- Installation of Public Domain Software
- Penetration Testing
- Hacker Traces (Looking at Logs)
- Sniffers
WORKSHOP 6 - Firewalls
Harris Computer Corporation
The following is included in this course:
- Building Internet Firewalls
- Which Services to Set Up
- How to Set Up Proxy Services to Protected Networks
WORKSHOP 7 - Corporate Information Protection
Lee Sutterfield, Wheel Group
The Corporate Information Protection Workshop describes a concept of
operations for cost-effectively managing the corporate information systems
security posture. The concept is based on the application of Statistical
Process Control theory and methods to the problem of large-scale information
protection management.
The workshop will address the following:
- The role of Statistical Process Control
- Metrics Development
- Experiment Design
- Risk Management
- Real-Time Intrusion Detection
- Security Posture Assessment
- Incident Response
- Intrusion Control and Recovery
- Threat Analysis
- Countermeasure Engineering
For example, the workshop will provide technical insight into the future of
information protection technologies and the practical use of those
technologies in the workplace. Most importantly, it will provide a
framework around which a pro-active, robust, cost-effective corporate
information protection program can be built.
WORKSHOP 8 - Disaster Recovery
Bill Langendorfer, DRI
This workshop will be a learning process for everyone interested in the
development of Business Continuity / Disaster Recovery Plans. This
workshop will cover the major phases of Plan development; pre-planning,
planning and post-planning efforts.
It will cover the industry accepted Common Body of Knowledge and will
involve everyone in practical steps in recovery plan development. Anyone
involved in the development of recovery plans or who manages or directs
recovery plan development should attend.
In addition, this session will help attendees prepare for the professional
certification examination. Work in groups of six or less participants will
finish the work shop and will include exercises in management decisions and
illustrate the impacts of interruptions and planning on business.
4:30 - REGISTRATION and VENDOR RECEPTION
SCHEDULE- CONFERENCE DAY ONE
==============================================================================
Tuesday, MAY 14th - 1996
7:30 REGISTRATION OPENS
8:45 - WELCOME -
9:00 - PLENARY SESSION - Winn Schwartau
Author of the book, Information Warfare Winn Schwartau is an internationally
recognized authority in this field. He describes the Internet: "It's like
having the combined information wealth of the planet ... at your fingertips."
"With over 100 million computers tying our communications, finance,
transportation, and power system together, we face a potential
electronic Pearl Harbor."
TRACK-1 Security Engineering
TRACK-2 Law and Policy for Managing Risk
TRACK-3 Risk Management Security Concepts
TRACK-4 Security Technology
TRACK-5 Emerging Technology
11:00
TRACK-1: Commerce on the Net - Steve Cobb, NCSA
TRACK-2: Net Crimes - Dr. Raymond Nimmer, Univ. of Houston
TRACK-3: How to Design an effective Disaster Recovery Plan - DRI
TRACK-4: MacAfee Anti-Virus Technology
Track-5: MOSCOM Voice Verification Gateways for Secure Access - Joe Baranauskas
1:30
TRACK-1: The Electronic Underground Dr. Peter Tippet, NCSA
TRACK-2: How to Investigate a Computer Incident - Thomas Welch, Welch & Welch
TRACK-3: Security Posture Assessment - Lee Sutterfield, Wheel Group
TRACK-4: CyberGuard - Harris Computer Corporation
TRACK-5: Introduction to JAVA - Sun MicroSystems - Dun Dublin
3:30
TRACK-1: WWW Security Challenges - Lynda McGhee
TRACK-2: Net Crimes - Scott Charney, U.S. Justice Dept.
TRACK-3: Risk Accountability - Will Ozier
TRACK-4: New Technolog from IBM - Internet Products & Suite of Services
TRACK-5: IRIS Scan - Don Richards
4:30
PANEL DISCUSSION:
BUSINESS: IS THE INTERNET READY FOR IT?
PARTICIPANTS:
- Dr. Peter Tippet
- Dr. Vijay Ahuja
- Dr. Raymond Nimmer
- Scott Charney
- Dr. Gerald Kovacich
- Dr. Eugene Schultz - Moderator
BOOK SIGNING AND BUYING EVENT
SCHEDULE - CONFERENCE DAY TWO
Wednesday, MAY 15th - 1996
8:00 REGISTRATION OPENS
8:45 - ADMINISTRIVIA - ANNOUNCEMENTS -
9:00 - PLENARY SESSION - Dr. Peter Tippet, NCSA
Dr. Tippet is a recognized expert in the area of computer viruses. The
insidious self-replicating malicious programs are infecting virtually
every business and organization using computers, often on a continuing
basis. Dr. Tippet has conducted studies of the costs and consequences
of computer virus infections to those infected.
11:00
TRACK-1: Design Considerations of a Firewall - Jim Livermore
TRACK-2: Reinventing National Security Policy - Vicki Labarre
TRACK-3: Medical Security Issues - Laura Brown
TRACK-4: ISS - Internet Security Systems - Chris Klaus
TRACK-5: HACKER 101 - Network Systems - Randy Terpestra
1:30
TRACK-1: Selecting a FIREWALL - Garrison & Associates
TRACK-2: "So, you're the new ISSO" - Dr. Gerald Kovacich
TRACK-3: Oil and Gas Security Issues - Paul Styrvoki
TRACK-4: RISK WATCH
TRACK-5: NetRISK - TRIDENT - Jeffery Z. Johnson
3:30
TRACK-1: Implementing a Firewall - DR. Vijay Ahuja
TRACK-2: Software Piracy Issues - Shevon Desai
TRACK-3: Banking Security Issues - TBA
TRACK-4: DEC Virtual Private Network - DEC - Part I
TRACK-5: Secure Electronic Transation, SET - MasterCard International
- John Wankenmueller
4:40
TRACK-1: Testing a FIREWALL - Garrison & Associates
TRACK-2: Flexible Response to System Intrusion - J. Stephen Ryan
TRACK-3: Telephone Security Issues - Bernie Milligan
TRACK-4: Virtual Private Networks - DEC
TRACK-5: Norman Defense Systems - Buddy Jenkins
Birds of a Feather
SCHEDULE - CONFERENCE DAY THREE
==============================================================================
7:30 REGISTRATION OPENS
8:45 - ADMINISTRIVIA - ANNOUNCEMENTS -
9:00 - PLENARY SESSION - Raymond Semko, Department of Energy
Mr. Semko has over 20 years of experience as a counterintelligence Special
Agent. He was responsible for all U.S. Army Intelligence investigations
from September 1986 to September 1988. Now with the Office of
Counterintelligence, Department of Energy (DOE), Washington, D.C., he has restructured the presentation of security / counterintelligence awareness
and education. His presentations, which he styles "infotainment," are
unforgettable events.
10:00
TRACK-1: New Trends in Risk Assessment - Carol Hamilton
TRACK-2: Secure Implementation of Windows NT - Ernest Hernandez
TRACK-3: A Comparative Analysis of Intrusion Detection Technologies
- James Cannady & Jay Harrell
TRACK-4: Network Solutions - McAfee
TRACK-5: PadLock/PowerCerv - Dan Griazle
11:00
TRACK-1: SECURING EDI - Alex Woda
TRACK-2: CISSP - (Two Parts) Hal Tipton
TRACK-3: Intrusion Detection using Control-Loop Measurement
- Dr. Myron L. Cramer, James Cannady & Jay Harrell
TRACK-4: Raptor Systems
TRACK-5: MilkyWay
TISC'96 ENDS
VIDEOS OF OUR LAST CONFERENCE AVAILABLE:
A set of 14 video tapes covering 30 expert presentations, plenary speakers,
and panels is on sale for $150 per set. Proceedings in notebook form
featuring a compilation of presentations from our 1994 conference is
available at $85.00 per copy.
These videos plus the Proceedings are a compendium of key information from
the 1994 conference and comprise a compact home course in computer security.
For more information call 713-282-3336.
REGISTRATION FORM
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TISC'96
Date: May 13-16, 1996
Location: J.W. Marriott Galleria, Houston, TX
Registration Form
Event Pre-Registration After April 30,
1996
Workshop Only: [ ] $200 [ ] $200
Conference Only: [ ] $395 Please check one [ ] $445
Workshop and Conference: [ ] $545 box only [ ] $645
Space is limited and available on a first-come first-served basis.
Cancellations:
Failure to attend does not constitute a withdrawal. College of the Mainland
must be notified ofintent ot withdraw by phone or in writing by April 30,
1996. Refunds will be issued, less a $50.00 cancellation fee, for all
requests received by April 30, 1996. After this date, registration fees
are non-refundable. Participant substitutions may be made up to the first
day of the conference.
Mail or Fax this registration form to:
Ed Socha Voice: (713) 280-3991 ext. 280 or
The College of the Mainland (409) 938-3184
1200 Amburn Road Fax: (409) 938-3184
Texas City, TX 77591
(Please Print or Type)
Name:__________________________________________________
Title:_________________________________________________
Company:_______________________________________________
Address:_______________________________________________
City:___________________________ State:________ Zip:_______________
Phone:________________ Fax:__________________
E-Mail Address:________________________________________
Method of Payment:
_____ MasterCard Number:__________________________
Expiration Date:_________________
Signature:_______________________
_____ Visa Card Number: _________________________
Expiration Date: ________________
Signature: ______________________
_____ Check/Money Order:(payable to: The College of the Mainland)
_____ Purchase Order Number:__________________________________
If you have any special needs (dietary, physical, etc.) please describe so
efforts can be made to accomodate everyone:
____________________________________________________________________________
____________________________________________________________________________
morrison at killerbee.jsc.nasa.gov
esocha at campus.mainland.cc.tx.us
More information about the Bionews
mailing list