Usenix UNIX Security Symposium Hotel ALERT

Usenix UNIX Security Symposium Hotel ALERT

Post by Edward DeHa » Thu, 20 Aug 1992 03:21:47

I've been asked to pass the following URGENT message to anyone
interested in attending the Third Usenix UNIX Security Symposium.  The
Sheraton Inner Harbor hotel has just alerted the Usenix conference
department that they are sold out of rooms for the Saturday night before
the Symposium.  They will probably sell all remaining sleeping rooms
WHEN our hotel deadline of August 24 passes.  The Baltimore Orioles
will be in town for the entire week.  The stadium is very close to the
hotel and they have no problems selling rooms.

There is a good chance that other hotels will also be sold out during
the week of the Symposium.   If you planning to attend this year's
Symposium, please register as soon as possible and book your hotel
rooms A.S.A.P.

The good news is that we expect this year's Usenix UNIX Security
Symposium will be the best one ever.  The Symposium was originally
advertised as having a single track.  Due to the amount of interest and
number of submissions, the Symposium has been expanded by the addition
of a second track on Wednesday afternoon.

I've included a copy of the program posted by the Usenix Association.

Ed DeHart
Program Chairperson


                        Baltimore, MD
                    September 14-16, 1992

        Sponsored by USENIX in cooperation with the Computer
                 Emergency Response Team (CERT)



Pre-Registration Deadline:  September 8, 1992
Hotel Reservation Deadline:  August 24, 1992

Sunday, September 13    6:00pm - 9:00pm  Registration/no host reception

Monday, September 14    9:00am - 5:00pm  Tutorial Presentations

Tuesday, September 15   8:30 - 10:15 am  Opening Remarks/Keynote Address
                        10:35 - 5:20     Technical Sessions
                        6:00pm - 8:00pm  Symposium Reception

                        8:00pm - 10:00pm Birds of a Feather Sessions

Wednesday, September 16 9:00am - 5:35pm  Technical Sessions


Register in advance to receive the lowest registration rates.
Attendance is limited in both the Tutorial Presentations and Technical
Sessions and pre-registration is strongly recommended.  You may
register for only a tutorial, only the two-day technical sessions
program OR select both programs.  (See registration form at the end of
this posting.)

September 14

One Full-day tutorial  - Only one tutorial can be selected      $245.00


September 15 - 16

*Member Fee             $225.00
Non-member Fee           290.00

Full-time Student Fee - Must provide copy of student  I.D.  75.00

*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG.

Full-time students please note:
A limited number of scholarships are available for full-time students.
Contact the Conference Office for details.

Enjoy the Benefits of Becoming a USENIX Member -  If you are not a
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership.
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.


The Symposium headquarters will be:

Sheraton Inner Harbor Hotel             ROOM RATES
300 South Charles Street                $110 Single or Double Occupancy
Baltimore, MD  21201                    (plus State and city tax)
Telephone # (410) 962-8300                              

To Make Your Reservation:  Call the Hotel directly and ask for the
Reservations Desk.  Tell reservations that you are a USENIX
Attendee to take advantage of our group rate.  A one night's deposit
is required for all reservations.  Should you desire to cancel your
reservation, you must notify the hotel at least 24 hours prior to your
scheduled arrival.

IMPORTANT:  Room reservation deadline is August 24, 1992.  Requests
for reservations received after the deadline will be handled on a
space and RATE available basis.



The goal of this symposium is to bring together security
practitioners, system administrators, system programmers, and anyone
with an interest in computer security as it relates to networks and
the UNIX operating system.  The symposium will consist of a broad
range of topics including tutorials appropriate for a technical
audience, peer-reviewer technical presentations and panel sessions.
Attendees will have a unique opportunity to share their experiences
and ideas on UNIX system security.

Monday, September 14, 1992

Network Security: The Kerberos Approach
Dan Geer,Geer/Zolot Associates and Jon A. Rochlis, MIT

Intended Audience: Systems developers responsible for networked
workstation environments, particularly those whose environments may
include networks which are not themselves physically secure (i.e.,
``open'' networks) and systems managers concerned about the inherent
lack of security for managing today's network-based environments
(e.g., UNIX's .rhosts files).

The amazing and constantly growing numbers of machines and users
ensures that untrustworthy individuals have full access to the Internet.
Given the increasing importance of the information transmitted, it is
imperative to consider the basic security issues present as large open
networks replace isolated timesharing systems.

This tutorial will focus on the challenges of providing security for
cooperative work arrangements consistent with the location and scale
independence of today's open networking environment. Attendees will
gain an understanding of the kinds of security threats which result
from operating in an open environment, such as one composed of a
network of workstations and supporting servers. Effective approaches
to meeting these threats will be presented. Although emphasis will be
on the Kerberos system developed at MIT, public key techniques for
ensuring privacy and authentication on an open network will be explored.
The X.509 authentication model and the new Internet Privacy Enhanced
Electronic Mail RFC's will be discussed.

Internet System Administrator's Tutorial

Ed DeHart and Barb Fraser, Computer Emergency
Response Team

Intended Audience: This tutorial is designed for users and system
administrators of UNIX systems. It is especially suited for system
administrators of UNIX systems connected to a wide area network based
on TCP/IP such as the Internet. Some system administrator experience is

The information presented in this tutorial is based on incidents
reported to the Computer Emergency Response Team. The topics covered

System administration - defensive strategies    
        oPassword selection
         o Default login shell for unused accounts
        o Network daemon configuration
         o Verification of system programs
        o System configuration files
        o Searching for hidden intruder files
 o Staying current with software releases
 o Standard accounting files
        o NFS configuration

System administration - offensive strategies
        o COPS
         o /bin/passwd replacement programs
        o TCP/IP packet filtering
        o TCP/IP daemon wrapper programs
        o Security in programming

Site-specific security policies
        o Maintaining good security at your site
        o Providing guidance to users
        o Handling incidents in an effective
                                orderly fashion
        o Reviewing Site Security Policy Hand
                book (RFC 1244)

 Incident handling
        o What to do if your site is broken into?



8:30 -  8:45    Opening Remarks

8:45 - 10.15    Keynote Address:  
The Justice Department's Computer Crime Initiative

10:35 - 12:05   WAR STORIES

There Be Dragons
Steve Bellovin, AT&T Bell Laboratories

The Greatest Cracker-Case in Denmark:  The Detecting, Tracing, and
Arresting of Two International Crackers
Joergen Bo Madsen, The Danish Computing Center for Research
and Education

Experiences of Internet Security in Italy
Alessandro Berni, Paolo Franchi, Joy Marino, University of Genova

An Internet Gatekeeper
Herve Schauer, Christophe Wolfhugel, Herve Schauer Consultants

Network (In)Security Through IP Packet Filtering
D. Brent Chapman, Great Circle Associates

David Koblas, Independent Consultant
Michelle R. Koblas, Computer Sciences Corporation

3:20 - 5:20     TOOLS 1
TCP WRAPPER, a Tool for Network Monitoring, Access Control and
for Setting up Booby Traps
Wietse Venema, Eindhoven University of Technology

Restricting Network Access to System Daemons Under SunOS
William LeFebvre, Northwestern University

Centralized System Monitoring with Swatch
Stephen E. Hansen, E. Todd Atkins, Stanford University

Security Aspects of a UNIX PEM Implementation
James M. Galvin, David M. Balenson, Trusted Information Systems, Inc.


 9:00 -  10:30  TOOLS 2
Introduction to the Shadow Password Suite
John F. Haugh, II, Locus Computing Corporation

Giving Customers the Tools to Protect Themselves
Shabbir J. Safdar, Purdue University

ESSENSE:  A Knowledge Based Security Monitor
Linda Baillie, Gary W. Hoglund, Lisa Jansen, Eduardo M. Valcarce,
Digital Equipment Corporation

10:50 - 12:20   TOOLS 2 (Continued)

Anatomy of a Proactive Password Changer
Matt Bishop, Dartmouth College

Audit:  A Policy Driven Security Checker for a Heterogeneous
Bjorn Satdeva, /sys/admin, inc.

Secure Superuser Access Via the Internet
Darrell Suggs, Clemson University

1:45 -  3:15    TRACK 1 - APPLIED RESEARCH

Specifying and Checking UNIX Security Constraints
Allan Heydon, DEC Systems Research Center; J.D. Tygar,
Carnegie Mellon University

A Secure Public Network Access Mechanism
J. David Thompson, Science Applications International Corp.
Kate Arndt, ...

read more »


Usenix UNIX Security Symposium Hotel ALERT

Post by David Vincenzet » Fri, 21 Aug 1992 18:01:20

Quote:>I've been asked to pass the following URGENT message to anyone
>interested in attending the Third Usenix UNIX Security Symposium.  The
>Sheraton Inner Harbor hotel has just alerted the Usenix conference
>department that they are sold out of rooms for the Saturday night before
>the Symposium.

I am going to join the USENIX conference and I would like to book a room now.
I'm wondering if someone would mind sending me a list (well, a sort of) of
available hotels in Baltimore. Please skip all those expensive hotels like
Hilton or Sheraton, I have to play it cheap. Many thanks in advance!

Ciao,   David