T1 Solaris 10 Security Features Workshop
Peter Baer Galvin, Corporate Technologies
9:00 a.m.5:00 p.m.
Who should attend: Solaris systems managers and administrators interested in
the new security features in Solaris 10 (and features in previous Solaris
releases that they may not be using).
This course covers a variety of topics surrounding Solaris 10 and security.
Solaris 10 includes many new features, and there are new issues to consider
when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Each student should have a laptop with wireless access for remote access into a Solaris 10 machine.
- Solaris cryptographic framework
- Solaris privileges
- Solaris Flash archives and live upgrade
- Moving from NIS to LDAP
- Smartcard interfaces and APIs
- Kerberos enhancements
- FTP client and server enhancements
- PAM enhancements
- Auditing enhancements
- Password history checking
Peter Baer Galvin (T1) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
T2 DDoS for Fun and Profit
Sven Dietrich, CERT Research, Carnegie Mellon University; David Dittrich, University of Washington
9:00 a.m.5:00 p.m.
Who should attend: System administrators, network
administrators, and computer security practitioners. A basic understanding of IP networking, network protocols, and routing as
well as an understanding of computer security fundamentals is required.
The tutorial will trace the development of denial of service attacks from
early, machine-crashing exploits to the present day distributed denial of
service (DDoS) attacks. A substantial portion of the tutorial will be
devoted to understanding DDoS attacks and developing appropriate
responses. Among the issues to be addressed are preparing for a DDoS
attack, recognizing the attack type and probable attack pattern, designing
appropriate filter rules to mitigate the attack, and working with upstream
providers. We will also survey current research that may lead to ways of
thwarting such attacks in the future.
Fundamentals: Basic networking and routing protocols
Denial of Service:
- Basic concepts
- Vulnerabilities and pathologies
- OS support
- The jump from DoS to DDoS
- Evolution of attack tools
Classes of DDoS tools:
- What they do
- Choices in the attack space
- How they work
- Currently available tools and bots
Diagnosis of the problem:
- How do you know you are under attack?
- Symptoms in your own operational and system monitoring data
- Differentiating between flash crowds and attacks
- Advances in research
- Inspecting a compromised system
- Building a monitoring/traffic capture facility
- Recognition of the attack
- Attack signatures and attack tool identification
- DoS vs. DDoS
- Indications of single and multiple sources
- Creating countermeasures
- Techniques for limiting the damage
- Characterizing the attacked resources
- Infrastructure changes
- Active response
- Dealing with your ISP
- Dealing with management
The bright road ahead
- DDoS and beyond
- Prospects for future advances in attacker tools
- Technical, legal, and political mitigation strategies
Sven Dietrich (T2) is a senior member of the technical staff at CERT Research at
Carnegie Mellon University and also holds an appointment at the Carnegie
Mellon University CyLab, a university-wide cybersecurity research and
education initiative. Previously he was
a senior security architect at the NASA Goddard Space Flight Center, where
he observed and analyzed the first distributed denial-of-service attacks
aainst the University of Minnesota in 1999. He taught Mathematics and
Computer Science as adjunct faculty at Adelphi University, his alma mater,
from 1991 to 1997.
His research interests include survivability, computer and network
security, anonymity, cryptoraphic protocols, and cryptography. His
previous work has included a formal analysis of the secure sockets layer
protocol (SSL), intrusion detection, analysis of distributed
denial-of-service tools, and the security of IP communications in space.
His publications include the recent book Internet Denial of Service:
Attack and Defense Mechanisms (Prentice Hall, 2004), as well as
the articles "Analyzing Distributed Denial of Service Tools: The Shaft
Case" (2000) and "The 'mstream' Distributed Denial of Service Tool"
(2000), and others on Active Network Defense, DDoS tool analysis, and
David Dittrich (T2) is a Senior Security Engineer and Researcher for the UW
Center for Information Assurance and Cybersecurity and the Information
School at the University of Washington, where he has worked since 1990. Dave is also a member of the
Honeynet Project and Seattle's "Agora" security group.
He is most widely known for his research into Distributed Denial of
Service (DDoS) attack tools and host & network forensics. He has
presented talks and courses at dozens of computer security
conferences, workshops, and government/private organizations
worldwide. He has been a prolific self-publisher of white papers, FAQs,
and malware tool analyses, all intended to make his (and everyone
else's) life easier in dealing with computer intrusions. Dave has
contributed to the books Know Your Enemy, by the Honeynet Project
(Addison-Wesley, 2001), The Hacker's Challenge, edited by Mike
Schiffman (McGraw Hill, 2001), and two articles in the Handbook of
Information Security, edited by Hossein Bidoli (John Wiley & Sons,
2005), and was another co-author of Internet Denial of Service:
Attack and Defense Mechanisms (Prentice Hall, 2004).
T3 Organizing a Cybersecurity Exercise
Ron Dodge and Dan Ragsdale, United States Military Academy
9:00 a.m.5:00 p.m.
Who should attend: System administrators and security professionals
involved in the design and management and security of information
systems. A general familiarity with security tools, network
fundamentals, and operating systems is assumed. Students will leave
this tutorial with a framework that can be used to conduct a local
The security of our information systems is constantly under attack.
We propose that to make them safer, they should be attacked even
more. A competition where teams defend a network against skilled
adversaries provides an excellent means to develop the skills
necessary to defend real networks. In addition, such a competition
provides a safe environment to test and evaluate new and emerging
defensive techniques and technologies. Similar events that have
been publicized recently are the DEFCON "Capture the Flag" (CTF)
competition, the military Cyber Defense Exercise, and the Collegiate
Cyber Defense Competition. These competitions follow different
paradigms. The DEFCON event set all teams to be both attackers and
defenders, while the latter two focus the teams on defensive
This tutorial explores the various organizational and administrative
options available when organizing an exercise. Representative exercise schemes will be discussed in detail. An
example network will be demonstrated and available for experimentation.
- Exercise scope
- Hardware and software
- Legal considerations
- Organizational structure
Ron Dodge (T3) is the director of the Information Technology Operations Center and
an assistant professor in the Department of Electrical Engineering and
Computer Science at the US Military Academy. His research
interests include information warfare, security protocols, Internet
technologies, and performance planning and capacity management. Dodge
received a PhD in computer science from George Mason University. Contact him
Dan Ragsdale (T3) is the director of the Information Technology Program and an
associate professor at the US Military Academy. His
research interests include information assurance, network security, intrusion
detection, and artificial intelligence. Ragsdale received a PhD in computer
science from Texas A&M. Contact him at firstname.lastname@example.org.
T4 Security Standards and Why You Need to Understand Them
Brad C. Johnson and Richard E. Mackey, Jr., SystemExperts Corporation
9:00 a.m.5:00 p.m.
Who should attend: Administrators, technicians, and managers at any
level who need to understand the gist of the key security standards
and the laws and industry trends that are making these standards
critical to doing business.
Organizations are turning
to security standards both to measure and to document the completeness
and adequacy of their security program. You may need to simply put
a check in the box that says you "substantially comply" with a
particular standard or you may need to prove to yourself, customers, and
partners that you follow acceptable security practices. Unfortunately, organizations do not have a
widely accepted method to prove they are secure. We look to security
standards to meet this need.
Computer security has seen a number of standards, compliance
specifications, and certification authorities. Today, a few are beginning
to gain acceptance by industry groups, but it is still difficult to tell
which of these will stand the test of time and practicality.
Consequently, it's important to understand, at least at a high
level, what the most popular initiatives are attempting to do, what
problems these standards address, and the value they provide.
Security standards review
Why: The motivations
- Laws: Sarbanes-Oxley, Gramm-Leach-Bliley
- Partnerships and mergers
- Internal and external audits
What: The standards
- ISO 17799
- SAS 70
- Information Criticality Assessment (e.g., NSA IAM)
How: The mechanisms
- ISO 17799 reviews and certifications
- Security audits
- Security assessments
- Penetration and application testing
Practicum and Drill Downs
Standards motivation: Intrusion preparation
- Homeland security
- Intrusion awareness
- Common intrusion areas
- Intrusion example
Security assessments: Drill Down exercises
- ISO 17799 Drill Down
- IAM Drill Down
- COBIT Drill Down
- Risk analysis Drill Downs
Brad C. Johnson (T4) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software
Foundation, X/Open, and the IETF, and has been published in such journals as
Digital Technical Journal, IEEE Computer Society Press, Information Security
Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password
Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics
related to practical network security, penetration analysis, middleware,
and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in
applied management from Lesley University.
Richard E. Mackey, Jr. (T4) is principal of SystemExperts Corporation.
Dick Mackey is regarded as one of the industry's foremost authorities on
distributed computing infrastructure and security. Before joining
SystemExperts, he worked in leading technical and director positions at The
Open Group, The Open Software Foundation (DCE), and BBN Corporation (Cronus
Distributed Computing Environment). He has been published often in security
magazines such as ISSA Password, .NET, Information Security, and SC Secure
Computing. He is a regular speaker on computer security topics at various
industry conferences. Dick has a B.S. and an M.S. in Electrical and Computer Engineering from the University of Massachusetts at Amherst.