Who should attend: Network, system, and firewall administrators; security auditors or audit recipients; people involved with responding to intrusions or responsible for network-based applications or systems which might be targets for hackers. Participants should understand the basics of TCP/IP networking. Examples may use UNIX commands or include C or scripting languages.

This course will be useful for people with any type of TCP/IP based system: whether it is a UNIX, Windows, NT, or mainframe based operating system or whether it is a router, firewall, or gateway network host.

There are four common stages to network-based host attacks: reconnaissance, target selection, exploitation, and cover-up. This course will review the tools and techniques hackers use in performing these types of activities. You will understand how to either be prepared for such attacks or how to stay one step ahead of them. Specifically, the course will focus on how to generate profiles of your systems remotely. Additionally, it will show some of the business implications of these network-based probes.

The course will focus primarily on tools that exploit many of the common TCP/IP based protocols (such as ICMP, SNMP, RPC, HTTP, SMTP) which support virtually all of the Internet applications - such as mail, Web technologies, network management, and remote file systems. Many topics will be addressed at a detailed technical and administrative level. This course will primarily use examples of public domain tools because they are widely available and commonly used in these types of situations.

Topics include:

	Review of attack methodology: reconnaissance, target selection, exploitation, and cover-up
	Profiles: what does one look like
	Techniques: scanning, CERTs, hacking clubs
	Tools: scotty, strobe, SATAN, ISS, etc.
	Business exposures: integrity and confidentiality, audits, intrusion resolution
	Demos of some tools

Jon Rochlis is a senior consultant for SystemExperts Corp. He provides high level advice to businesses in the areas of network security, distributed systems design and management, high-availability, and electronic commerce. Before joining SystemExperts, Mr. Rochlis was engineering Manager with BBN Planet, a major national Internet service provider.

Brad Johnson is a well-known authority in the field of distributed systems. He has participated in seminal industry initiatives like the Open Software Foundation, X/Open, and the IETF. At SystemExperts he has led numerous security probes for major companies, revealing significant unrealized exposures.

Tutorials at-a-Glance     Symposium Speakers