by I've been asked to pass the following URGENT message to anyone
interested in attending the Third Usenix UNIX Security Symposium. The
Sheraton Inner Harbor hotel has just alerted the Usenix conference
department that they are sold out of rooms for the Saturday night before
the Symposium. They will probably sell all remaining sleeping rooms
WHEN our hotel deadline of August 24 passes. The Baltimore Orioles
will be in town for the entire week. The stadium is very close to the
hotel and they have no problems selling rooms.
There is a good chance that other hotels will also be sold out during
the week of the Symposium. If you planning to attend this year's
Symposium, please register as soon as possible and book your hotel
rooms A.S.A.P.
The good news is that we expect this year's Usenix UNIX Security
Symposium will be the best one ever. The Symposium was originally
advertised as having a single track. Due to the amount of interest and
number of submissions, the Symposium has been expanded by the addition
of a second track on Wednesday afternoon.
I've included a copy of the program posted by the Usenix Association.
Thanks, USENIX THIRD UNIX SECURITY SYMPOSIUM Baltimore, MD Sponsored by USENIX in cooperation with the Computer ********************************************************************** IMPORTANT SYMPOSIUM DATES & SCHEDULE OF EVENTS Pre-Registration Deadline: September 8, 1992 Sunday, September 13 6:00pm - 9:00pm Registration/no host reception Monday, September 14 9:00am - 5:00pm Tutorial Presentations Tuesday, September 15 8:30 - 10:15 am Opening Remarks/Keynote Address 8:00pm - 10:00pm Birds of a Feather Sessions Wednesday, September 16 9:00am - 5:35pm Technical Sessions REGISTRATION INFORMATION Register in advance to receive the lowest registration rates. TUTORIAL REGISTRATION FEE One Full-day tutorial - Only one tutorial can be selected $245.00 ************ TECHNICAL SESSIONS REGISTRATION FEES *Member Fee $225.00 Full-time Student Fee - Must provide copy of student I.D. 75.00 *The member rate applies to current individual members of the USENIX Full-time students please note: Enjoy the Benefits of Becoming a USENIX Member - If you are not a PRE-REGISTRATION DEADLINE: SEPTEMBER 8, 1992. HOTEL INFORMATION Sheraton Inner Harbor Hotel ROOM RATES To Make Your Reservation: Call the Hotel directly and ask for the IMPORTANT: Room reservation deadline is August 24, 1992. Requests ******************************* UNIX SECURITY SYMPOSIUM PROGRAM The goal of this symposium is to bring together security TUTORIAL PROGRAM Network Security: The Kerberos Approach Intended Audience: Systems developers responsible for networked The amazing and constantly growing numbers of machines and users This tutorial will focus on the challenges of providing security for Internet System Administrator's Tutorial Ed DeHart and Barb Fraser, Computer Emergency Intended Audience: This tutorial is designed for users and system The information presented in this tutorial is based on incidents System administration - defensive strategies System administration - offensive strategies Site-specific security policies Incident handling ************* TUESDAY, SEPTEMBER 15 8:30 - 8:45 Opening Remarks 8:45 - 10.15 Keynote Address: 10:35 - 12:05 WAR STORIES There Be Dragons The Greatest Cracker-Case in Denmark: The Detecting, Tracing, and Experiences of Internet Security in Italy 1:30 - 3:00 TCP/IP NETWORK SECURITY Network (In)Security Through IP Packet Filtering SOCKS 3:20 - 5:20 TOOLS 1 Restricting Network Access to System Daemons Under SunOS Centralized System Monitoring with Swatch Security Aspects of a UNIX PEM Implementation WEDNESDAY, SEPTEMBER 16 9:00 - 10:30 TOOLS 2 Giving Customers the Tools to Protect Themselves ESSENSE: A Knowledge Based Security Monitor 10:50 - 12:20 TOOLS 2 (Continued) Anatomy of a Proactive Password Changer Audit: A Policy Driven Security Checker for a Heterogeneous Secure Superuser Access Via the Internet 1:45 - 3:15 TRACK 1 - APPLIED RESEARCH Specifying and Checking UNIX Security Constraints A Secure Public Network Access Mechanism read more »
Ed DeHart
Program Chairperson
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
September 14-16, 1992
Emergency Response Team (CERT)
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
Hotel Reservation Deadline: August 24, 1992
10:35 - 5:20 Technical Sessions
6:00pm - 8:00pm Symposium Reception
Attendance is limited in both the Tutorial Presentations and Technical
Sessions and pre-registration is strongly recommended. You may
register for only a tutorial, only the two-day technical sessions
program OR select both programs. (See registration form at the end of
this posting.)
September 14
September 15 - 16
Non-member Fee 290.00
Association, Sun User Group, EurOpen and AUUG.
A limited number of scholarships are available for full-time students.
Contact the Conference Office for details.
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership.
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
The Symposium headquarters will be:
300 South Charles Street $110 Single or Double Occupancy
Baltimore, MD 21201 (plus State and city tax)
Telephone # (410) 962-8300
Reservations Desk. Tell reservations that you are a USENIX
Attendee to take advantage of our group rate. A one night's deposit
is required for all reservations. Should you desire to cancel your
reservation, you must notify the hotel at least 24 hours prior to your
scheduled arrival.
for reservations received after the deadline will be handled on a
space and RATE available basis.
practitioners, system administrators, system programmers, and anyone
with an interest in computer security as it relates to networks and
the UNIX operating system. The symposium will consist of a broad
range of topics including tutorials appropriate for a technical
audience, peer-reviewer technical presentations and panel sessions.
Attendees will have a unique opportunity to share their experiences
and ideas on UNIX system security.
Monday, September 14, 1992
Dan Geer,Geer/Zolot Associates and Jon A. Rochlis, MIT
workstation environments, particularly those whose environments may
include networks which are not themselves physically secure (i.e.,
``open'' networks) and systems managers concerned about the inherent
lack of security for managing today's network-based environments
(e.g., UNIX's .rhosts files).
ensures that untrustworthy individuals have full access to the Internet.
Given the increasing importance of the information transmitted, it is
imperative to consider the basic security issues present as large open
networks replace isolated timesharing systems.
cooperative work arrangements consistent with the location and scale
independence of today's open networking environment. Attendees will
gain an understanding of the kinds of security threats which result
from operating in an open environment, such as one composed of a
network of workstations and supporting servers. Effective approaches
to meeting these threats will be presented. Although emphasis will be
on the Kerberos system developed at MIT, public key techniques for
ensuring privacy and authentication on an open network will be explored.
The X.509 authentication model and the new Internet Privacy Enhanced
Electronic Mail RFC's will be discussed.
Response Team
administrators of UNIX systems. It is especially suited for system
administrators of UNIX systems connected to a wide area network based
on TCP/IP such as the Internet. Some system administrator experience is
assumed.
reported to the Computer Emergency Response Team. The topics covered
include:
oPassword selection
o Default login shell for unused accounts
o Network daemon configuration
o Verification of system programs
o System configuration files
o Searching for hidden intruder files
o Staying current with software releases
o Standard accounting files
o NFS configuration
o COPS
o /bin/passwd replacement programs
o TCP/IP packet filtering
o TCP/IP daemon wrapper programs
o Security in programming
o Maintaining good security at your site
o Providing guidance to users
o Handling incidents in an effective
orderly fashion
o Reviewing Site Security Policy Hand
book (RFC 1244)
o What to do if your site is broken into?
TECHNICAL PROGRAM
The Justice Department's Computer Crime Initiative
Steve Bellovin, AT&T Bell Laboratories
Arresting of Two International Crackers
Joergen Bo Madsen, The Danish Computing Center for Research
and Education
Alessandro Berni, Paolo Franchi, Joy Marino, University of Genova
An Internet Gatekeeper
Herve Schauer, Christophe Wolfhugel, Herve Schauer Consultants
D. Brent Chapman, Great Circle Associates
David Koblas, Independent Consultant
Michelle R. Koblas, Computer Sciences Corporation
TCP WRAPPER, a Tool for Network Monitoring, Access Control and
for Setting up Booby Traps
Wietse Venema, Eindhoven University of Technology
William LeFebvre, Northwestern University
Stephen E. Hansen, E. Todd Atkins, Stanford University
James M. Galvin, David M. Balenson, Trusted Information Systems, Inc.
Introduction to the Shadow Password Suite
John F. Haugh, II, Locus Computing Corporation
Shabbir J. Safdar, Purdue University
Linda Baillie, Gary W. Hoglund, Lisa Jansen, Eduardo M. Valcarce,
Digital Equipment Corporation
Matt Bishop, Dartmouth College
Environment
Bjorn Satdeva, /sys/admin, inc.
Darrell Suggs, Clemson University
Allan Heydon, DEC Systems Research Center; J.D. Tygar,
Carnegie Mellon University
J. David Thompson, Science Applications International Corp.
Kate Arndt,
...