"UNIX & The Law" Symposium

"UNIX & The Law" Symposium

Post by A. Newm » Sun, 14 Aug 1994 01:28:28

                            SUN USER GROUP
                      Annual Technical Symposium
                          "UNIX & The Law"
                         November 14-17, 1994
                              Austin, TX

As computers are utilized in more and more aspects of everyday life,
the once distinct areas of technology, legislature, and law
enforcement draw closer together.  This unique technical conference
provides a forum in which members of these three fields can meet to
share experiences and ideas.  The four day technical program (a day of
tutorials, two days of talks, and another day of tutorials) will
provide you with essential knowledge, whether your field is technical,
legal, or law enforcement.

|                    IMPORTANT DATES TO REMEMBER:                       |
| Earlybird Savings Deadline:                   October 3, 1994         |
|       Registrations must be received at the Sun User Group offices    |
|       by October 3, 1994 to be eligible for Earlybird savings         |
|                                                                       |
| Hotel Discount Reservation Deadline:          October 21, 1994        |


        MONDAY, November 14, 1994 - TUTORIAL PROGRAM
        TUESDAY, November 15, 1994 - TECHNICAL SESSIONS
        WEDNESDAY, November 16, 1994 - TECHNICAL SESSIONS
        THURSDAY, November 17, 1994 - TUTORIAL PROGRAM

The SUG Tutorial Program brings experienced training professionals to
you.  Courses are presented by skilled teachers who are hands-on
experts in their topic areas.  The tutorials will cover a variety of
topics relating to Sun/SPARC and x86-based machines, running any of a
number of operating systems.

Those who attend the tutorials will benefit from this unique
opportunity to develop essential skills in a unique combination of
UNIX system security, ethical, and legal topics.

The tutorial program at Austin is divided into two days, with both
full- and half-day tutorials offered.  Attendees may select any
non-overlapping set of classes.  To ensure adequate seating and to
reduce crowding, we are requiring that registrants pre-register for
specific classes.  Please note that some prior knowledge is required
for the advanced tutorials.

SUG's tutorial program is always in demand, and some tutorials are
almost guaranteed to sell out before registration closes.  Attendance
is limited, and pre-registration is strongly recommended.  On-site
registration is possible ONLY if space permits.

Monday, November 14, 1994 Tutorials

M1 - 9:00am-5:00pm
Advanced UNIX Security
Matt Bishop, UC Davis

Prerequisites: an understanding of the basic protection mechanisms of
UNIX systems (real and effective UIDs and GIDs, file protection modes,

Intended audience: system administrators, system programmers, and
users, especially those interested in the underpinnings of UNIX system
security; those needing to write programs which change privileges of
their users; those worried about computer worms, viruses, and other
nasties and who want to learn how to limit their damage; and those
interested in more than a simple cookbook list of ways to protect a
UNIX system

* UNIX  and passwords: how passwords are stored, details of the hashing
  (password encryption) algorithm, password cracking, password management;
  schemes for selecting and/or assigning passwords.  This part involves
  a somewhat technical discussion of the cryptographic techniques used
  in the UNIX password hashing function.

* how to manage privileges: managing a super-user account; managing less
  powerful system management accounts; managing system resources

* Writing setuid programs: when not to use them; when to use them; approaches,
  alternatives, common pitfalls, considerations, some details about
  which library functions and system calls are safe to use, and which
  have dangerous effects or side effects.  We will examine a setuid
  program designed to give temporary privileges as part of this.

* Trojan horses, computer worms, and other malicious logic: how
  malicious logic works, how UNIX security mechanisms interact with it;
  ways to protect yourself and your system; some famous incidents (Internet
  worm of 1988, etc.) and what lessons they teach.

* UNIX and network security: overview of Kerberos, Privacy-Enhanced
  electronic mail, and Secure RPC (including a technical discussion of the
  role of cryptography, and how the ciphers work) NFS and NIS (formerly
  YP); how to forge and intercept network traffic; network-based daemons;
  well-known security holes and why they arise; the many lives of UUCP.

* X11 Window System security: how to set it up, and its limits and

* Some of the better-known, and pernicious, security holes and how to
  plug them or detect their use

* Suggestions for detecting intrusions, what to look for, and what to
  do; planning for an attack; resources

M2 - 9:00am-5:00pm
Internet & The Law
Dan Appelman, Heller, Ehrman, McAuliffe & White

Intended Audience: Anyone interested in the legal issues that arise
out of the increasing use and popularity of the Internet. The
examination of the intersection of technology, law, and public policy
is of particular interest to system administrators, contract
administrators, and company executives who need to develop policies
about doing business electronically.

The focus of this tutorial is an examination of the kinds of problems
which arise as commercial institutions make increasing use of
electronic data communications and the legal bases for resolving those
problems. We examine the areas of law involved when commercial
institutions use the Internet, namely: privacy, confidentiality, and
security; the ownership of proprietary information; the enforceability
of legal transactions; criminal activities; and export compliance.

We begin by presenting "case studies" of problems from each of these
areas, and then giving the participants background knowledge of the
general principles of law in each area. Next, we guide the attendees
as they attempt to apply those principles (from "old law") to the
modern context. In most cases, we see that such application, however
necessary, puts fascinating stresses and strains on the legal system
and forces it to confront new questions of public policy.

This tutorial will make you aware of the emerging issues in electronic
data communication and will help you become an informed participant in
the larger debate. Most importantly, however, armed with the
information presented in this tutorial, you will be better prepared to
deal with the ever-changing face of technology in your day-to-day

Thursday, November 17, 1994 Tutorials
T1 - 9:00am-5:00pm
Network Security: The Kerberos Approach
Daniel V. Geer, OpenVision Technologies

Intended Audience:

* Systems administrators who are concerned about, or must mitigate,
the inherent lack of security and accountability in conventional UNIX
network services environments now

* Systems developers responsible for applications for networked
workstation environments, particularly those whose environments
include networks which are not themselves physically secure (i.e.
"open networks")

* Technical managers in enterprises where the flow of electronic
information is the core of that enterprise and must be protected
without imposing the costs of a "security culture"

We will focus on the practical challenges of providing security for the
cooperative electronic workplace, workplaces that aspire to location
and scale independence in the client-server idiom.   We begin by
briefly describing network security from a general point of view, so
that you will understand the kinds of threats which result from
operating conventional systems in an open environment.  We then
describe what effective approaches can exist to meeting these threats,
with the emphasis more on the practical than the theoretic.  We will
show you where common fallacies are, such as the idea that your
organization's security is materially dependent on close control of
external access (rather than competent internal security mechanisms).

We will explain the Kerberos network security system primarily, but we
will also touch on public-key techniques, the X.509 authentication
model and the Internet's Privacy Enhanced Mail (PEM).  Kerberos is the
core of the Open Software Foundation's Distributed Computing
Environment (OSF/DCE), and we will thoroughly discuss the DCE
extensions and enhancements to Kerberos that made it into the de facto
standard for network security.  We will stress throughout
nuts-and-bolts of making this work in your environment, including
administration and integration of this technology with your existing
environments.  By the end of the day, you will be able to go home and
start work on a computing environment that is both open and

T2 - 9:00am-5:00pm
Joining the Internet Safely Using UNIX and Firewalls
Tina Darmohray, Lawrence Livermore National Laboratory

Intended Audience: System and network administrators; Technical and
operational managers; Those considering an Internet connection for
their site

Pre-requisites: knowledge of TCP/IP, DNS/BIND, and sendmail

Connecting to the Internet is an exciting event for every
organization.  The security implications can often bring hesitation,
though.  This practical tutorial outlines details and examples of
UNIX network security and Internet connectivity issues.  Site policies and
topologies that implement them will be covered, including packet-filtering,
application-level, and circuit-level gateways.  Overviews of
current, publically-available solutions, will be provided, focusing
on complete examples for configuring an Internet firewall.

T3a - 9:00am-12:30pm
Ethics and Systems Administration
S.Lee Henry, Johns Hopkins University

System administrators find themselves increasingly involved in ethical
dilemmas that pit security against privacy, and threaten to disrupt
the delicate balance between personal interests and work commitment.
What if someone works 12 hours a day, but plays games during lunch?
What if someone personally profits from software they develop and use
on the job or from knowledge that they gain at the company's expense?
And what do you do when the infractions are clearly illegal?  When a
colleague is reading someone else's mail or trying to break into
another organization's system? What if the violator is your boss?

Can you establish and administer security and ethics policies that are
comprehensive but not invasive?  Policies that guard against abuse
while not handcuffing on the people whose commitment and creativity
your organization most needs for it to succeed?

This highly interactive, fast-paced tutorial will challenge system
administrators to come to grips with some difficult ethical dilemmas.

T3b - 1:30pm- 5:00pm            
Catching the Wily Hacker
John Smith, Computer Crime Unit, Santa Clara County District
        Attorney's Office

An intruder has gained access to your computer system.  How do you
explain what was stolen and how to a police detective who thinks
you're speaking a foreign language?  How can you, the system
administrator, help the detectives write the report or explain to them
that they might have to do the examination of any recovered evidence
such as a copied account?

Actual cases of computer crimes in Silicon Valley are used as
examples.  Students will follow what has to be done in an
investigation, step by step, including the initial reports that would
be the basis of any search warrants or restraining orders.

The Santa Clara County District Attorney's Officer Hi Tech/Computer
Crime Team has had years of experience investigating and prosecuting
trade secret thefts, network intrusions, chip thefts, and other types
of high tech thefts in Silicon Valley.  This experience is interesting
and can serve as a means of educating computer administrators how to
protect their computers and systems, how to prepare an investigation,
how to get the appropriate law enforcement support, and how to prepare
to testify in court if necessary.

Topics covered include:

How to find law enforcement personnel with sufficient expertise to
assist you.

Law enforcement associations you can contact for help.

When do you need a search warrant to recover lost property/data or to
recover evidence.

Initiating civil litigation.

What law enforcement agents need from system administrators.

What to expect if the case goes to trial.  

How you can protect proprietary or trade secret documents related
to the case.  

What to expect if you are called as a witness.  

                        ABOUT THE INSTRUCTORS:

Daniel Appelman is a Partner in the law firm, Heller, Ehrman, White &
McAuliffe.  He practices computer, telecommunications and intellectual
property law in its Palo Alto office.  Dan frequently writes and
speaks about topics of current interest in the computer and
telecommunications industries.  He is particularly interested in the
legal issues resulting from the merging of products and services in
those industries, the commercialization of the Internet and the
proposals for the National Information Infrastructure.

Matt Bishop, Ph.D. was a research scientist at the University of
California at Davis.  His research areas include computer and network
security, and he teaches both, along with operating systems and
software engineering.  He chaired the first two UNIX Security
Workshops, and his column on computer security appears regularly in
the Best Practises newsletter.

Tina Darmohray is a computer scientist at Lawrence Livermore National
Laboratory.  Tina built her first firewall five years ago.  Since that
time she has lectured extensively on the topic of firewalls and their
configuration, giving tutorials at conferences in the US and Europe.
Recently she has begun consulting and has installed numerous firewalls
at sites connecting to the Internet.

Daniel E. Geer, Jr., Sc.D., is Chief Scientist and VP of Open Vision
Technologies.  Dr.  Geer has worked in network security and
distributed systems management, and he was Manager of Systems
Development for MIT's Project Athena.  At MIT, he was responsible for
all technical development, including X, Kerberos, Hesiod, Zephyr,
Moira, and all other aspects of the Project Athena Network Services
System.  He is a frequent speaker, popular teacher and member of
several professional societies.

S. Lee Henry is a columnist for SunExpert magazine.  She manages Computer
Systems and Networking for the Physics and Astronomy Department at Johns
Hopkins University and is on the Board of Directors of the Sun Users
Group.  Prior to working at JHU, she spent almost ten years as a UNIX
systems administrator in the CIA.


The Sun User Group is pleased to present two topical and informative
keynote speakers, one on each day of the symposiums technical

        STEVE JACKSON, founder, Steve Jackson Games
        "Privacy, Responsibility, and Computers"
        Tuesday, November 15, 9 a.m. - 10:30 a.m.

        DENISE VOIGHT CRAWFORD, commissioner, Texas Securities Commission
        "Financial Fraud on the Internet"
        Wednesday, November 16, 9 a.m. - 10:00 p.m.

TECHNICAL SESSIONS (Tuesday, November 15 & Wednesday, November 16):

"UNIX & The Law" features three distinct parallel tracks of talks:
Technical; Legal; and Law Enforcement.

        The TECHNICAL track will focus on nuts and bolts of
        maintaining a UNIX or Sun system.  These talks will cover the
        all of the newest developments in the changing world
        of technology.  There are talks from the experts on: UNIX and
        network security; encryption; software distribution in a
        client/server environment; firewalls.

        The LEGAL track will cover up-to-date issues of privacy and
        morality, as well as in-depth examinations of the current and
        changing laws pertaining to software and hardware.  Legal
        professionals from all over the country will examine how
        changing technologies will necessitate changes in the law.

        The LAW ENFORCEMENT track discusses computers as tools.  Tools
        which can help in the prevention of crimes -- or in the
        commission of them.  Join or experts in high-tech crime as the
        discuss the discovery, investigation, apprehension, and
        prosecution of crackers, software pirates, and bandits on the
        information on the information superhighway.


        Panel: "The Future of Computer Crime"

        Join noted futurist Bruce Sterling (author of The Hacker
Crackdown: Law and Disorder on the Electronic Frontier") as he and a
panel of experts from both sides of the law discuss and predict the
uses and abuses of computers into the next century.

Birds-of-a-Feather Sessions (BOFs) allow attendees to meet and discuss
topics of interest to them.  BOF Sessions are intended to be highly
interactive and much less formal than the Technical Sessions.
Birds-of-a-Feather Sessions will be held Wednesday evening at the
Driskill Hotel.  We would particularly like to encourage
Birds-of-a-Feather Sessions on topics which would not normally be
discussed during typical technical presentations (for instance,
discussions on professional and technical issues, non-professional
interests common to Systems Administrators, etc.)  To schedule a BOF
Session, or to request more information, direct your e-mail to
off...@sug.org.  BOFs may also be scheduled on-site in the Conference
Information Room.

You are invited to join in the fun, mingle with old and new friends,
and enjoy the plentiful hors d'oeuvres and beverages.  The Sun User
Group Reception is Tuesday, November 15, from 6:00-8:00pm at the
Driskill Hotel.  The Reception is included in the technical sessions
registration fee.  Additional Reception tickets may be purchased for a
nominal fee at the conference.

One copy of the Conference Proceedings, which contains all refereed
papers, and one copy of the Invited Talks Submitted Notes may be
picked up at the conference by all technical sessions registrants.
Additional copies may be purchased at the conference.  After the
conference, the Proceedings are available for purchase; contact the
Sun User Group Office, Telephone (617) 232-0514 or via-e-mail to

Also, the full text of the proceedings will be contained on the Sun
User Group's Security CD-ROM.  Additionally, the Security CD-ROM will
contain security- and privacy oriented technical papers, and source
code and binaries for a variety of useful UNIX security tools.
Wherever possible, the binaries will be compiled for both Solaris and

The Sun User Group Security CD-ROM is free with any early-bird
registration.  Once the early-bird deadline has passed, the CD will be
available for purchase at the symposium.  After the symposium, the CD
can purchased by contacting the SUG offices at the information above.

A terminal room will be available to attendees of the UNIX & The Law
symposium.  An internet connection is provided by Zilker Internet
Park.  Services available at the terminal Room will include Internet
Access, Dial-Out Access, and a messaging service.

An electronic message service will be available Monday, November 14
through noon Thursday November 17, 1994.  Electronic messages to
conference attendees should be addressed: first_lastn...@sug.org.

Telephone messages may be left by telephoning the Driskill Hotel at
(512) 474-5911 and asking for the Sun User Group Message Center.  The
Message Center will be open Sunday, November 13, 4:00-9:00 pm, and
continue to be open during conference hours.

The Sun User Group (SUG) brings people together to share information
and ideas about using Sun/SPARC equipment.  You can discover new ways
to save time and money in the pages of _Readme_.  You can get quick
answers to important questions on our electronic mailing list.  At our
seminars you can learn more about the capabilities of your
workstation.  At our conferences, you can meet other people who are
doing progressive and innovative work with their Sun/SPARC equipment.

Now is a better time than ever to join the Sun User Group.  We're
reorganized, reinvented and growing every day.  We've recently
introduced exciting new services specifically for our official LUGs.
Our members-only electronic mailing list has become one of the most
popular routes on the information highway. Our annual conferences
feature respected teachers - from Sun Microsystems as well as many
other areas of the industry.

                          HOTEL INFORMATION

Driskill Hotel, (UNIX & The Law Symposium Headquarters)
604 Brazos Street (at Sixth Street)
Austin, TX 78701
Telephone (512) 474-5911 or (800) 527-2008
Fax: (512)474-2214

Nestled in the heart of downtown Austin in the city's treasured Sixth
Street Historic District stands the famous Driskill Hotel, a 19th
century frontier palace and grand dame of vintage hostelries.  More
than just bricks and mortar of pure architectural delight, she is
alive with the sights and sounds of yesterday.

Although The Driskill is renowned for its historic charm, conference
attendees will appreciate a host of state-of-the-art amenities like
newly renovated guest rooms with modem-equipped phones, a business
center with FAX and secretarial service, and video check out.

Contact the Hotel directly to make your reservation.  Be sure to
mention that you are attending the Sun User Group Conference to take
advantage of our special rate of $89 per night.  A first nights
deposit is required to reserve your room.  NOTE: For special room
rates, hotel reservations must be made no later than October 21, 1994.

If you wish to cancel your hotel reservation and receive a refund, you
must give notice at least 48 hours in advance of your planned arrival


|                Sun User Group members save $50.00!                |

For more information please call (617) 232-0514.

Mail, Email, or FAX registration to:

SUG Symposium
1330 Beacon Street, Suite 315
Brookline, MA 02146

Email: registrat...@sug.org         Fax: (617) 232-1347

You may also register over the telephone with a Master Card or Visa.

Please print or type the information required.

To join or renew your membership to Sun User Group when registering
for the conference technical sessions, pay the full registration fee
and check the appropriate box below.  A portion of your registration
fee will be designated as dues in full for a one year individual Sun
User Group membership.

                   Sun User Group Membership Status
                    * * PLEASE CHECK ONLY ONE * *

[ ]     I am a current Sun User Group  member.
        SUG ID#__________________  Exp. Date__________

                Both SUG ID# and exp. date MUST be filled in to be
                eligible for the "Current SUG member" discount below.
                If you do not know your SUG ID# or expiration date,
                please call (617)232-0514 or contact SUG at

[ ]     I am not a current Sun User Group member and would like SUG to
        apply a portion of my registration fee to a one-year SUG

[ ]     I am not a current Sun User Group member but do not wish to
        join at this time.

        |[ ]    Sessions, one-day only          |       $200    |
        |       Please indicate day:            |               |
        |       [ ] Tuesday, November 15, 1994  |               |
        |       [ ] Wednesday, November 16, 1994|               |
        |[ ]    Sessions, both days             |       $350    |
        |[ ]    One Tutorial only               |       $350    |
        |       Please indicate choice below    |               |
        |[ ]    One Tutorial and Sessions       |       $650    |
        |       Please indicate choice below    |               |
        |[ ]    Full Conference                 |       $900    |
        |       Full Conference includes two    |               |
        |       days of tutorials, plus two days|               |
        |       of sessions.  A savings of $200!|               |
        |       Please indicate choices below   |               |

        |[ ]    Current SUG Member Discount     |               |
        |       You *must* provide your SUG ID  |               |
        |       number to get this discount.    |      -$ 50    |
        |[ ]    Early-bird! Register before     |      -$ 50    |
        |       October 3, 1994 and save fifty  |               |
        |       dollars PLUS get the new SUG    |               |
        |       Security CD FREE!!              |               |

        |Total Payment Enclosed                 |               |

        ** NOTE: November 1, 1994 is the last day for advance
        registration.  A $100 on-site fee will be applied to all
        registrations received after November 1, 1994. **


You can select either one full-day tutorial or two half day tutorials
(Half-day tutorial registration fees are not available).

Please indicate tutorial(s) below:

Monday, November 14, 1994
        [ ] M1 - Advanced UNIX Security
        [ ] M2 - The Internet and The Law

Thursday, November 17, 1994
        [ ] T1 - Network Security: The Kerberos Approach
        [ ] T2 - Joining the Internet Safely Using UNIX and Firewalls

        [ ] T3a - Ethics and Systems Administration
        and T3b - Catching the Wily Hacker

-  All payments must be in US dollars;
-  Checks must be drawn on a US bank.
-  Purchase Orders must be paid in full before your registration will
be released.
-  The Sun User Group does not accept American Express

[   ] Check    [  ] Purchase Order   [   ] MasterCard    [   ] Visa

Credit Card Number:___________________________________________________

Expiration Date:______________________________________________________

Signature of cardholder:______________________________________________



Company Name:_________________________________________________________


Mail Stop/Suite:______________________________________________________

Street Address:_______________________________________________________



Zip/Postal Code:______________________________________________________


Email Address:________________________________________________________


If you must cancel, all refund requests must be in writing and
postmarked no later than October 1, 1994.  Direct your letter to the
Sun User Group office.  You may telephone to substitute another in
your place.


Sun User Group
1330 Beacon Street
Suite 315
Brookline, MA 02146

Telephone: (617) 232-0514       Fax: (617) 232-1347
Electronic Mail Address:  confere...@sug.org

You may FAX your registration form if paying by credit card or
purchase order to (617) 232-1347.  If you FAX registration, to avoid
duplicate billing, do not mail additional copy.  You may telephone our
office to confirm receipt of your fax.