NASA Computer Security Conference

John A. Morrison morrison at killerbee.jsc.nasa.gov
Fri Apr 26 19:39:35 EST 1996


                        TISC '96 Conference Information

                               RISK MANAGEMENT ...

                          InterNET Gains and Losses

                  J.W. Marriott, Galleria - Houston, Texas

                           May 13th - 16th, 1996

WELCOME TO HOUSTON

May 13 - 16, 1996, those involved with computer security, will convene at the
Galleria J.W. Marriott Hotel and Convention Center in Houston, Texas, next to 
world-famous Gallerias I, II and III.

The Mission Operations Directorate's AIS Security Engineering Team, with 
sponsorship by NASA, provides a Computer Security Conference every 12 to 
18 months.  These conferences are held within the Houston area, and are 
provided with the express purpose of infusing new technology into the 
aerospace community which services Mission Operations Directorate's 
computing resources.

TISC '96 REGISTRATION INFORMATION

Pre-registration must be received by April 30th, 1996 to take advantage of 
early registration discounts.  On-site registration will be from 7:00 a.m. 
on Monday, May 13th, 1996 and from 7:00 a.m. to 5:00 p.m. on Tuesday, 
May 14th, 1996.  If you have any questions concerning conference 
registrations, please contact College of the Mainland at (409) 938-1211 
ext. 280 or via email by: 

"esocha at campus.mainland.cc.tx.us"

Latest information is always available at http://aset.rsoc.rockwell.com.

DAY ONE - TUESDAY, MAY 14th, 1996 - 9:00 -

KEYNOTE SPEAKER: PLENARY - Winn Schwartau

Winn Schwartau, one of the country's leading experts on information security 
and electronic privacy is often referred to as "the civilian architect of 
information warfare". His writings and research have brought a previously 
classified subject into the commercial open source arena. 

With hundreds of credits to his name, his articles and often controversial 
editorial pieces appear in such magazines as, Information Week, Network World, 
ComputerWorld, Network Security, Internet World, Virus Bulletin, Security 
Management, Infoworld, PC Week, etc.  Mr. Schwartau also wrote a script for 
TV's Law and Order called, "The Hacker."  

Abstract:

Information Warfare

Winn Schwartau will present his eye-opening and occasionally controversial 
views in Information Warfare - a conflict fought without bombs or bullets. 
He will examine the culture of the Post Cold War world, and discuss why 
Info-War has to occur, effectively bypassing governments and the military.

He will examine all three classes of InfoWar:

Class I   - Personal Privacy: In Cyberspace you Are Guilty Until Proven 
            Innocent
Class II  - Industrial Espionage: Current US policies actually encourage 
            espionage.
Class III - Global conflict, terrorism and the military.

Be prepared for a highly illuminating session with the Civilian Architect 
of Information Warfare.

SCHEDULE - WORKSHOPS
==============================================================================
Monday, MAY 13th - 1996

7:30 WORKSHOP / CONFERENCE REGISTRATION
9:00 WORKSHOPS BEGIN

WORKSHOP 1 - Investigative Techniques

Thomas Welch, Welch & Welch Investigations

This course covers options and responsibilities after an attack, and primary 
issues of computer crime investigations, including:

 - Legal Constraints
 - Privacy Concerns
 - Investigative Techniques
 - Computer Forensics

A look at what to do before and after an alleged attack.

WORKSHOP 2 - Secure Internet Commerce

Steve Cobb, NCSA

The three main categories of Internet Commerce are discussed:

 - Secure Transactions
 - Digital Cash
 - Virtual Private Networks

Security Technologies, peripheral risk and exposure; suggestions for policy 
and procedures that reduce risks and exposures are presented.

WORKSHOP 3 - Windows NT Security

Dr. Eugene Schultz, SRI

Fundamentals of Windows NT Server security exposures and features.

 - NTAS Security Model
 - Security Exposures and Incidents
 - Account and Group Management
 - Rights and Privileges
 - Control Measures for Remote Access Servers
 - Control Exposures from Internet Connectivity
 - Configuration and Auditing to Detect Incidents

WORKSHOP 4 - Client Server Security

Doug Conorich, AXENT Technologies, Inc.

A description of a new architecture for managing security in today's 
multi-platform enterprise network is presented, along with tools to 
manage it.  

Also, information that provides the advantages for taking measurements 
regularly, even daily over traditional methods.

WORKSHOP 5 - UNIX Security Tools

Hughes STX, NASIRC

For Systems Administrators.

Security of UNIX systems in a network environment.  Includes the following:

 - Overview of increasing risks.
 - Hacker Attack Methods
 - On-Line Information Resources
 - Automated Tools for System Administration
 - Automated Tools for System Security
 - Installation of Public Domain Software
 - Penetration Testing
 - Hacker Traces (Looking at Logs)
 - Sniffers

WORKSHOP 6 - Firewalls

Harris Computer Corporation

The following is included in this course:

 - Building Internet Firewalls
 - Which Services to Set Up
 - How to Set Up Proxy Services to Protected Networks

WORKSHOP 7 - Corporate Information Protection

Lee Sutterfield, Wheel Group

The Corporate Information Protection Workshop describes a concept of 
operations for cost-effectively managing the corporate information systems 
security posture.  The concept is based on the application of Statistical 
Process Control theory and methods to the problem of large-scale information
protection management.  

The workshop will address the following:

 - The role of Statistical Process Control
 - Metrics Development
 - Experiment Design
 - Risk Management
 - Real-Time Intrusion Detection
 - Security Posture Assessment
 - Incident Response
 - Intrusion Control and Recovery
 - Threat Analysis
 - Countermeasure Engineering

For example, the workshop will provide technical insight into the future of 
information protection technologies and the practical use of those 
technologies in the workplace.  Most importantly, it will provide a 
framework around which a pro-active, robust, cost-effective corporate 
information protection program can be built.

WORKSHOP 8 - Disaster Recovery

Bill Langendorfer, DRI

This workshop will be a learning process for everyone interested in the 
development of Business Continuity / Disaster Recovery Plans.  This 
workshop will cover the major phases of Plan development; pre-planning, 
planning and post-planning efforts.  

It will cover the industry accepted Common Body of Knowledge and will 
involve everyone in practical steps in recovery plan development.  Anyone
involved in the development of recovery plans or who manages or directs 
recovery plan development should attend.  

In addition, this session will help attendees prepare for the professional 
certification examination.  Work in groups of six or less participants will 
finish the work shop and will include exercises in management decisions and
illustrate the impacts of interruptions and planning on business.

4:30  -  REGISTRATION and VENDOR RECEPTION

SCHEDULE- CONFERENCE DAY ONE
==============================================================================
Tuesday, MAY 14th - 1996

7:30  REGISTRATION OPENS
8:45   - WELCOME - 
9:00   - PLENARY SESSION - Winn Schwartau

Author of the book, Information Warfare Winn Schwartau is an internationally 
recognized authority in this field.  He describes the Internet: "It's like 
having the combined information wealth of the planet ... at your fingertips." 
"With over 100 million computers tying our communications, finance, 
transportation, and power system together, we face a potential 
electronic Pearl Harbor."

TRACK-1 Security Engineering
TRACK-2 Law and Policy for Managing Risk
TRACK-3 Risk Management Security Concepts 
TRACK-4 Security Technology
TRACK-5 Emerging Technology

11:00 

TRACK-1: Commerce on the Net - Steve Cobb, NCSA 
TRACK-2: Net Crimes - Dr. Raymond Nimmer, Univ. of Houston 
TRACK-3: How to Design an effective Disaster Recovery Plan - DRI
TRACK-4: MacAfee Anti-Virus Technology
Track-5: MOSCOM Voice Verification Gateways for Secure Access - Joe Baranauskas

1:30

TRACK-1: The Electronic Underground Dr. Peter Tippet, NCSA
TRACK-2: How to Investigate a Computer Incident - Thomas Welch, Welch & Welch
TRACK-3: Security Posture Assessment - Lee Sutterfield, Wheel Group
TRACK-4: CyberGuard - Harris Computer Corporation
TRACK-5: Introduction to JAVA - Sun MicroSystems - Dun Dublin

3:30  

TRACK-1: WWW Security Challenges - Lynda McGhee
TRACK-2: Net Crimes - Scott Charney, U.S. Justice Dept. 
TRACK-3: Risk Accountability - Will Ozier 
TRACK-4: New Technolog from IBM - Internet Products & Suite of Services
TRACK-5: IRIS Scan - Don Richards

4:30  

PANEL DISCUSSION:

BUSINESS: IS THE INTERNET READY FOR IT?
PARTICIPANTS:

- Dr. Peter Tippet
- Dr. Vijay Ahuja
- Dr. Raymond Nimmer
- Scott Charney
- Dr. Gerald Kovacich
- Dr. Eugene Schultz - Moderator

BOOK SIGNING AND BUYING EVENT


SCHEDULE - CONFERENCE DAY TWO

Wednesday, MAY 15th - 1996

8:00  REGISTRATION OPENS
8:45  - ADMINISTRIVIA - ANNOUNCEMENTS - 
9:00  - PLENARY SESSION - Dr. Peter Tippet, NCSA

Dr. Tippet is a recognized expert in the area of computer viruses.  The 
insidious self-replicating malicious programs are infecting virtually 
every business and organization using computers, often on a continuing 
basis.  Dr. Tippet has conducted studies of the costs and consequences 
of computer virus infections to those infected.

11:00 

TRACK-1: Design Considerations of a Firewall - Jim Livermore
TRACK-2: Reinventing National Security Policy - Vicki Labarre
TRACK-3: Medical Security Issues - Laura Brown
TRACK-4: ISS - Internet Security Systems - Chris Klaus
TRACK-5: HACKER 101 - Network Systems - Randy Terpestra

1:30 

TRACK-1: Selecting a FIREWALL - Garrison & Associates
TRACK-2: "So, you're the new ISSO" - Dr. Gerald Kovacich
TRACK-3: Oil and Gas Security Issues - Paul Styrvoki
TRACK-4: RISK WATCH
TRACK-5: NetRISK - TRIDENT - Jeffery Z. Johnson

3:30 

TRACK-1: Implementing a Firewall - DR. Vijay Ahuja 
TRACK-2: Software Piracy Issues - Shevon Desai
TRACK-3: Banking Security Issues - TBA
TRACK-4: DEC Virtual Private Network - DEC - Part I
TRACK-5: Secure Electronic Transation, SET - MasterCard International 
         - John Wankenmueller

4:40 

TRACK-1: Testing a FIREWALL - Garrison & Associates 
TRACK-2: Flexible Response to System Intrusion - J. Stephen Ryan
TRACK-3: Telephone Security Issues - Bernie Milligan
TRACK-4: Virtual Private Networks - DEC
TRACK-5: Norman Defense Systems - Buddy Jenkins

Birds of a Feather


SCHEDULE - CONFERENCE DAY THREE
==============================================================================
7:30   REGISTRATION OPENS
8:45   - ADMINISTRIVIA - ANNOUNCEMENTS -
9:00   - PLENARY SESSION - Raymond Semko, Department of Energy

Mr. Semko has over 20 years of experience as a counterintelligence Special 
Agent.  He was responsible for all U.S. Army Intelligence investigations 
from September 1986 to September 1988.  Now with the Office of 
Counterintelligence, Department of Energy (DOE), Washington, D.C., he has restructured the presentation of security / counterintelligence awareness 
and education.  His presentations, which he styles "infotainment," are 
unforgettable events.

10:00 

TRACK-1: New Trends in Risk Assessment - Carol Hamilton 
TRACK-2: Secure Implementation of Windows NT - Ernest Hernandez 
TRACK-3: A Comparative Analysis of Intrusion Detection Technologies 
         - James Cannady & Jay Harrell
TRACK-4: Network Solutions - McAfee
TRACK-5: PadLock/PowerCerv - Dan Griazle

11:00  

TRACK-1: SECURING EDI - Alex Woda 
TRACK-2: CISSP - (Two Parts) Hal Tipton 
TRACK-3: Intrusion Detection using Control-Loop Measurement 
         - Dr. Myron L. Cramer, James Cannady & Jay Harrell 
TRACK-4: Raptor Systems
TRACK-5: MilkyWay

TISC'96 ENDS

VIDEOS OF OUR LAST CONFERENCE AVAILABLE:

A set of 14 video tapes covering 30 expert presentations, plenary speakers, 
and panels  is on sale for $150 per set.  Proceedings in notebook form 
featuring a compilation of presentations from our 1994 conference is 
available at $85.00 per copy.

These videos plus the Proceedings are a compendium of key information from 
the 1994 conference and comprise a compact home course in computer security. 

For more information call 713-282-3336.

REGISTRATION FORM
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                                   TISC'96

                            Date: May 13-16, 1996
                 Location: J.W. Marriott Galleria, Houston, TX

                             Registration Form

Event                     Pre-Registration            After April 30, 
1996
Workshop Only:               [ ]   $200                        [ ]   $200
Conference Only:             [ ]   $395     Please check one   [ ]   $445
Workshop and Conference:     [ ]   $545         box only       [ ]   $645


Space is limited and available on a first-come first-served basis.

Cancellations:

Failure to attend does not constitute a withdrawal. College of the Mainland
must be notified ofintent ot withdraw by phone or in writing by April 30,
1996. Refunds will be issued, less a $50.00 cancellation fee, for all 
requests received by April 30, 1996. After this date, registration fees
are non-refundable. Participant substitutions may be made up to the first 
day of the conference.

         Mail or Fax this registration form to:

         Ed Socha                      Voice: (713) 280-3991 ext. 280 or
         The College of the Mainland          (409) 938-3184
         1200 Amburn Road              Fax:   (409) 938-3184
         Texas City, TX 77591

(Please Print or Type)
       Name:__________________________________________________

       Title:_________________________________________________

       Company:_______________________________________________

       Address:_______________________________________________

       City:___________________________ State:________ Zip:_______________

       Phone:________________ Fax:__________________

       E-Mail Address:________________________________________

Method of Payment:
_____ MasterCard     Number:__________________________

                     Expiration Date:_________________

                     Signature:_______________________

_____ Visa Card      Number: _________________________

                     Expiration Date: ________________

                     Signature: ______________________

_____ Check/Money Order:(payable to: The College of the Mainland)

_____ Purchase Order Number:__________________________________

If you have any special needs (dietary, physical, etc.) please describe so
efforts can be made to accomodate everyone:

____________________________________________________________________________  

____________________________________________________________________________  


morrison at killerbee.jsc.nasa.gov
esocha at campus.mainland.cc.tx.us





More information about the Bionews mailing list