23 April 1998
Date: Wed, 22 Apr 1998 20:26:33 -0500 To: cypherpunks@toad.com From: Bruce Schneier <schneier@counterpane.com> Subject: Network Security Solutions Conference Announcement Network Security Solutions Conference Announcement July 29th and 30th, Las Vegas Nevada ****************** Call For Papers Announcement *************************** Network Security Solutions is now accepting papers for its 1998 event. Papers and requests to speak will be received and reviewed from March 24th until June 1st. Please submit an outline on a self selected topic covering either the problems or solutions surrounding network security. Topics of interest include Intrusion Detection Systems (IDS), distributed languages, network design, authentication systems, perimeter protection, and more. Talks will be an hour with a half hour for Q&A. There will be LCD projectors, overhead, and slide projectors. Updated announcements will be posted to newsgroups, security mailing lists, email, or visit the website at http://www.blackhat.com/ Current speakers include: Marcus Ranum, Network Flight Recorder CEO. Bruce Schneier, Counterpane Systems CEO. Ira Winkler, president of the Information Security Advisory Group. Theo DeRaadt, OpenBSD Lead Developer. Tom Ptacek, Secure Networks Inc. Scott Waddell, Cisco-Wheelgroup corporation. Dominique Brezinski, Network Security Professional at Secure Computing Corp. Peter Shipley, Independent Security consultant. Richard Thieme, Thiemeworks, Inc. Winn Schwartau, Interpact Inc. Dr. Mudge, L0pht Heavy Industries administrator. Ray Kaplan, Meet the Enemy panel discussion, Q&A. Jennifer Granick, Attorney at law. **************************************************************************** It's late. You're in the office alone, catching up on database administration. Behind you, your network servers hum along quietly, reliably. Life is good. No one can get to your data or disrupt your WAN. The network is secure. Or is it? The Network Security Solutions conference has been organized to put an end to concerns like these. While many conferences focus on information and network security, only Network Security Solutions will put your engineers and software programmers face-to-face with today's cutting edge computer security experts and "underground" security specialists. Only the Network Security Solutions conference will provide your people with the tools and understanding they need to thwart those lurking in the shadows of your firewall. The reality is, they are out there. The choice is yours. You can live in fear of them. Or, you can learn from them. **************************************************************************** Conference Overview The Network Security Solutions Summer '98 conference (Formerly known as The Black Hat Briefings) was created to fill the need of computer professionals to better understand the security risks to their computer and information infrastructures by potential threats. To do this we assemble a group of vendor-neutral security professionals in the same room and let them talk candidly about the problems businesses face, and the solutions they see to those problems. No gimmicks, just straight talk by people who make it their business to explore the ever changing security space. Spanning two days with two separate tracks, Network Security Solutions will focus on the vital security issues facing organizations with large Enterprise networks and mixed network operating systems. Topics will include Intrusion Detection Systems (IDS), denial of service attacks and responses, secure programming techniques and tool selection for creating and effectively monitoring secure networks. NSS's intense sessions will bring to light the security and misconfiguration problems confronting organizations and network administrators, most of which go unnoticed by today's preoccupied system admins where security gets put off in lieu of constant network growth and upgrades. Our experts will discuss the strategies involved in correcting existing problems and any problems on the horizon. Current Intrusion Detection Systems and strategies will be covered so that attendees may learn how to stop these problems before they occur. CIO's are welcome, but they should bring the people implementing their network strategies and building their applications, because this conference is for them. **************************************************************************** Speakers There will be 18-20 speakers covering two tracks speaking over two days. Speeches will be more technically oriented and last 1 1/2 hours each. The goal of the talks are to inform the audience with quality current state system vulnerabilities and fixes. Because of our unique speakers NSS will offer the audience a deep insight into the real security issues facing your network with no vendor pitches. Wednesday, July 29th 08:30 - 09:00 Breakfast 09:00 - 09:45 Keynote Address: Marcus Ranum - How to REALLY secure the Internet. 10:00 - 11:30 Track A Richard Thieme - Convergence -- Every Man (and Woman) a Spy. Track B Dominique Brezinski - Penetrating NT Networks Through Information Leaks and Policy Weaknesses. 11:40 - 13:10 Track A Ira Winkler - Information Security: Beyond the Hype. Track B Theo DeRaadt - A discussion of secure coding issues, problems with maintaining OS source trees, and secure program design philosophies. 13:20 - 14:20 Lunch 14:25 - 15:20 Ray Kaplan: Meet the Enemy Session. 15:30 - 17:00 Track A [Empty] Track B Scott Waddell - Thursday, July 10th 09:00 - 09:45 Keynote Address: Bruce Schneier - Mistakes and Blunders: A Hacker Looks at Cryptography. 10:00 - 11:30 Track A [Empty] Track B Dr. Mudge - Real world VPN implementation problems. 11:40 - 13:10 Track A Jennifer Granick - Track B Peter Shipley - An overview of a 2 year effort in massive multi-modem wardialing. 13:20 - 14:20 Lunch 14:25 - 15:20 Panel 1 The benefits and problems of commercial security software. This panel of 5 people and moderator will explore what products work, and what doesn't in specific applications. Q&A. Panel 2 The Merits of Intrusion Testing - What is the benefit of having people break into your network. A panel 5 people. 15:30 - 17:00 Track A Winn Schwartau - Track B Tom Ptacek - Problems with Intrusion Detection Systems. **************************************************************************** Speaker Topics and Biographies - - MARCUS RANUM, President and CEO of Network Flight Recorder, Inc. How to REALLY secure the Internet. Is it possible to really secure the Internet? With current technology and methods, the answer would appear to be a resounding "no." We've tried security through stepwise refinement and security through consensus - the best remaining solutions are totalitarian and draconian. Marcus will present an outline for how the Internet could be secured through some simple, cost effective methods. He'll also explain why it won't happen. Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been specializing in Internet security since he built the first commercial firewall product in 1989. He has acted as chief architect and implementor of several other notable security systems including the TIS firewall toolkit, TIS Gauntlet firewall, whitehouse.gov, and the Network Flight Recorder. Marcus frequently lectures on Internet security issues, and is co-author of the "Web Site Security Sourcebook" with Avi Rubin and Dan Geer, published by John Wiley and Sons. - - BRUCE SCHNEIER, President of Counterpane Systems and author of Applied Cryptography. Mistakes and Blunders: A Hacker Looks at Cryptography. - From encryption to digital signatures to electronic commerce to secure voting--cryptography has become the enabling technology that allows us to take existing business and social constructs and move them to computer networks. But a lot of cryptography is bad, and the problem with bad cryptography is that it looks just like good cryptography; most people cannot tell the difference. Security is a chain: only as strong as the weakest link. In this talk I'll examine some of the common mistakes companies make implementing cryptography, and give tips on how to avoid them. Bruce Schneier is President of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm. He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center. He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography. - - THEO DERAADT, Lead developer of OpenBSD. A discussion of secure coding issues, problems with maintaining OS source trees, and secure program design philosophies. Regular systems software has many security problems. A number of approaches at auditing and repairing these problems have been developed as a result of the OpenBSD project. Theo de Raadt heads the OpenBSD project. This 4.4BSD derived operating system project has increasingly placed its focus on discovery and repair of security issues. Due to a 2 year auditing process by a 10-member team, OpenBSD is probably the most secure operating system in common use today. For more information, see http://www.OpenBSD.org/security.html - - IRA WINKLER, President of the Information Security Advisory Group. Information Security: Beyond the Hype If you read the headlines today, you would think that no matter what people are doing to secure themselves, they will never be secure. The reason this idea comes across is that the media focuses on the threats and stories about unstoppable geniuses that can compromise even the Pentagon. The truth is that you can protect yourself from even the most diabolical genius. This presentation discusses Information Security from a Risk based perspective. The threats to your systems are discussed, but more important the vulnerabilities that actually allow the threats to compromise your systems are discussed. Using that information, you can then choose the countermeasures you need to protect yourself and your organization. This presentation will show you that while there is no such thing as perfect security, you can protect yourself from almost all of the most serious threats. Probably what is most valuable to attendees is guidance on how to spend limited funding in the most efficient manner. Ira Winkler, CISSP is considered one of the worlds leading experts on Information Security, Information Warfare, investigating information related crimes, and Industrial Espionage. He is author of the book, Corporate Espionage, and President of the Information Security Advisors Group. His clients include some of the largest companies and banks in the world. He is also a columnist for ZDTV with his column titled SpyFiles. He also functions as the network's security expert. Previously, Mr. Winkler was with the National Security Agency and was the Director of Technology with the National Computer Security Association. He has also performed studies on Information Warfare for the Joint Chiefs of Staff. - - DOMINIQUE BREZINSKI, Network Security Professional at Secure Computing Corporation. Penetrating NT Networks Through Information Leaks and Policy Weaknesses. The focus of this presentation will be a demonstration of how Windows NT hosts can be queried for information and how the information can be correlated to provide an attacker with a path of least resistance. Even though many Windows NT networks have few remotely exploitable technical vulnerabilities (buffer over-runs, flawed CGI scripts, address based authentication etc.), most NT networks give away too much information. By analyzing the information it is easy to find policy weaknesses that can be exploited to gain access to the NT hosts. Custom tools will be demonstrated on a small network. Dominique Brezinski is a Network Security Professional at Secure Computing Corporation and has been concentrating on Windows NT and TCP/IP network security issues for four years. Prior to working for Secure Computing, Mr. Brezinski worked as a Research Engineer at Internet Security Systems where he was responsible for finding new vulnerabilities and security assessment techniques for Windows NT. In 1996 Mr. Brezinski published a white paper entitled "A Weakness in CIFS Authentication" which revealed a serious flaw in the authentication protocol used in Windows NT (NT LM Security). It was shown for the first time that an attacker could completely subvert the network authentication in Windows NT to gain unauthorized access to Windows NT servers. Mr. Brezinski has continued to demonstrate advanced techniques for assessing the risks present in Windows NT networks. - - RICHARD THIEME, Thiemeworks, Inc. Convergence -- Every Man (and Woman) a Spy. Arbitrary digital interfaces - television, PCs, PDAs - are converging, but that's only part of the story. The roles people play in work and life are converging too. Intelligence agents, knowledge managers for global corporations, competitive business intelligence agents, sysadmins, hackers, journalists, and CIOs are becoming indistinguishable. Why does that matter? Because the ability to synthesize and integrate information, manage complexity and ambiguity, morph continually into roles appropriate to a shifting work context, and somehow remember who you are - that's what matters most. Our presentations of ourselves are the powerful levers that move mountains in the digital world. Richard Thieme discusses why and how to do it. Richard Thieme is a business consultant, writer, and professional speaker focused on the human dimension of technology and the workplace. His creative use of the Internet to reach global markets has earned accolades around the world. "Thieme knows whereof he speaks," wrote the Honolulu Advertiser. He is "a prominent American techno-philosopher" according to LAN Magazine (Australia), "a keen observer of hacker attitudes and behaviors" according to Le Monde (Paris), "one of the most creative minds of the digital generation" according to the editors of Digital Delirium, and "an online pundit of hacker culture" according to the L A Times. Thieme's articles are published around the world and translated into German, Chinese, Japanese and Indonesian. His weekly column, "Islands in the Clickstream," is published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine as well as distributed to subscribers in 52 countries. Recent clients include: Arthur Andersen; Strong Capital Management; System Planning Corporation; UOP; Wisconsin Power and Light; Firstar Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company; Allstate Insurance; Intelligent Marketing; and the FBI. - - RAY KAPLAN. Generally, "hackers" are regarded as criminals by the "legitimate community." Who are these "hackers" that seem to keep whacking on our systems and networks? Are they merely scumbag reprobates that should be purged from the society? Is there anything to learn from them? This session is intended to introduce the two sides of the security equation to one another in a forum which fosters open, detailed, honest communication. Bring your questions. Who are the enemies of computer and network security? What techniques do they employ against us? Are those that attack our systems all just a bunch of slime balls that are devoid of morals, ethics, and common sense? While in the minority of reported computer crime statistics, the skilled outsider still represents a significant threat. This session explores who they are, their attitudes, their techniques, their successes and their failures from the perspective of what we have to learn from them to better protect your systems and networks. This classic session allows you to interact directly with members of the computer underground. Join us for some stimulating conversation with those who computer security professionals consider to be their enemies. Mr. Kaplan has been actively involved with system and network security as a consultant for over half of his more than 20 years in the industry. There is no question that he hacks. However, he is not a criminal. His clients have included the world's largest financial institution, smallest commodities broker and a wide variety of organizations, including multinational and Fortune 100 companies from all segments of the economy, and public institutions all over the world. Mr. Kaplan is a very prolific lecturer, instructor and writer. He consults, lectures and teaches technical system and network-related topics all over the world. His articles are frequently published in major computer journals and magazines. In over ten years of public speaking and audio/video conference production, he has given over 2,000 technical, tutorial-style presentations and lectures in forums such as professional societies, seminars and his consulting. As a frustrated inventor, he is forever trying to rid the world of inefficiency, frustration and waste by pursuing new paradigms in the delivery of training, education and technical information. - - PETER SHIPLEY - An overview of a 2 year effort in massive multi-modem wardialing. Security problems occur when obvious security problems are overlooked. One commonly overlooked problem is alternative access methods to a corporate Intranet from an external machine. Many if not most companies are overlooking their secondary vulnerabilities surrounding alternate methods of network access. Mr. Shipley will present research covering an overview of a 2 year effort in massive multi-modem wardialing. His findings will include some personal observations and the results obtained from scanning the San Francisco Bay area. When Mr. Shipley started this project he noted that there were no published research references to wardialing or documented statistical results of the types of equipment and computer networks commonly found on the POTS (Plain old telephone system) network. Mr. Shipley decided to change that through his research. Mr. Shipley Is an independent consultant in the San Francisco Bay Area with nearly thirteen years experience in the Computer Security field. Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground and hacker community. He has extensive experience in system and network security as well as programming and project design. Past and current clients include TRW, DHL, Claris, USPS, Wells Fargo, and KPMG. In the past Mr. Shipley has designed Intranet banking applications for Wells Fargo, Firewall design and testing for and, WWW server configuration and design for DHL. Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training. Mr. Shipley also performs post intrusion analysis as well as expert witness testimony. Mr. Shipley is currently concentrating his efforts on completing several research projects. - - Thomas Ptacek, Network Security Professional at Secure Networks, Inc. Defeating Network Intrusion Detection. Network intrusion detection (ID), a technology that attempts to identify attackers by monitoring network traffic, is fast becoming one of the hottest products in the security market. Beneath the hype, however, lie some serious concerns about the reliability of currently available ID systems, as well as the fundamental techniques they use to collect information. This talk will explain why the most popular ID systems on the market can't be trusted, demonstrate how to avoid detection by them, and, in the process, eliminate some very widespread misunderstandings about the capabilities of sniffers and intrusion detection systems. Thomas Ptacek is a developer at Secure Networks, Inc. His work focuses on vulnerability assessment, which involves researching and testing network systems for exploitable design and implementation flaws. In the course of this work, his team has discovered some of the Internet's most serious security problems, including vulnerabilities in Windows NT, Checkpoint Firewall-1, and Solaris, as well as core Internet software such as the BIND, INN, and Apache. - - DR. MUDGE, Administrator of the Boston L0pht Heavy Industries. Real world VPN implementation security issues. As one of the prominent members of the hacker group 'The L0pht', mudge has been responsible for numerous advisories and tools in use in both the black hat and white hat communities. L0phtcrack, the Windows NT password decryptor - monkey, the S/Key password cracker, Solaris getopt() root vulnerability, sendmail 8.7.5 root vulnerability, Kerberos 4 cracker, and SecurID vulnerabilities are some of the recent offerings that mudge has contributed to the security community. Mudge recently finished cryptanalysis work with some of the top US cryptographers - papers will be published within the next several months. The BBC, Wired Magazine, Byte Magazine, and the Washington Post have all recently covered mudge and the L0pht's ongoing projects. - - SCOTT WADDELL, Cisco-Wheelgroup corporation. **************************************************************************** Fees and Registration Registration fees before July 10th are $995, after the 10th are $1195 US. To register please use the online registration page at https://convmgmt.com/security/reg.htm Current payment methods include American Express, Master Card, Visa, and company checks and money orders. You will receive a confirmation letter in the mail informing you of a successful registration. **************************************************************************** Hotel Information Network Security Solutions '98 will take place July 29th and 30th at the Plaza Hotel & Casino in Las Vegas, Nevada. To take advantage of conference rates, reservations must be made prior to June 9. When making arrangements, please reference Network Security Solutions. The Plaza Hotel and Casino, Number One Main Street Las Vegas, NV Phone: 1-800-634-6575 **************************************************************************** Network Security Solutions Summer '98 Sponsors Aventail Corporation http://www.aventail.com/ Aventail (tm) Corporation is the pioneer of policy-based Virtual Private Network (VPN) software solutions. Its award winning product, Aventail VPN (tm) , enables corporations to privately communicate, share applications, and securely exchange business-critical information over the Internet with their business partners, customers, suppliers, and remote/mobile employees. Aventails adherence to open security standards simplifies VPN deployment, enables interoperability, and leverages corporations existing network investments. Network Flight Recorder http://www.nfr.com/ Network Flight Recorder builds traffic analysis and monitoring tools that help you see how your network is being used. Nobody's network is shrinking or getting less complicated - and networking is becoming the lifeblood of many modern businesses. In other words, your job is getting harder and more important. Network Flight Recorder's monitoring package gives you a flexible, user-programmable system that lets you: Recover or monitor online transaction records, keep historical statistics about how your network grows, generate detailed breakdowns of how your network services are being used and by whom, watch for patterns of abuse of network resources and identify the culprit in real-time, set burglar alarms that alert you to security violations or unexpected changes in your network, log and monitor who went where on your network, and replay attackers' sessions and learn what they did. Knowledge is power, and knowing what's going on within your network is the key to keeping it operating smoothly. Like our namesake, the aircraft flight recorder, our system records the information you want about what happened when, where, and how. If you need to go back and look at a reliable record of events, your Network Flight Recorder is the first place to check. We are dedicated to providing the best possible tools for understanding your network traffic, so you can maintain it and secure it. Counterpane Systems http://www.counterpane.com/ Counterpane Systems is a cryptography and computer security consulting firm. We are a virtual company based in Minneapolis, with three full-time employees and six part-time contractors. Counterpane provides expert consulting on Design and Analysis. This is the majority of Counterpane's work: making and breaking commercial cryptographic systems and system designs. We can analyze all aspects of a security system, from the threat model to the cryptographic algorithms, and from the protocols to the implementation and procedures. Our detailed reports provide clients with information on security problems as well as suggested fixes. ********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590 http://www.counterpane.com