FINAL PROGRAM

The 11th Annual FIRST Conference on
Computer Security Incident Handling and Response

June 13 to June 18, 1999
Brisbane, Australia

Sunday, June 13, 1999

19:00 - 21:00 On-Site Registration
19:00 - 21:00 Icebreaker and Early Arrival Get-Together

Monday, June 14, 1999

08:00 - 09:00 On-Site Registration
09:00 - 12:30 Primary Tutorial Track: Black Hats Session (first half of tutorial, including 1 refreshment break)
Instructors: Ir. Walter Belgers (Origin), Hans van de Looy
09:00 12:30 Advanced Tutorial Track: Computer Forensics (half day tutorial and panel, including 1 refreshment break)
Instructors: Prof. George Mohay (Queensland University of Technology), Rodney McKemmish (Queensland Forensic Computing Examination Unit), Dr. Alison Anderson (Queensland University of Technology), Byron Collie (Directorate of Information Warfare, Headquarters Air Command), Olivier de Vel (Defense Science and Technology Organization)
12:30 - 13:30 Lunch Break
13:30 - 18:00 Primary Tutorial Track:
13:30 - 15:30 Black Hats Session (second half of tutorial)
15:30 - 16:00 Refreshment break
16:00 - 18:00 Will the real owner of this IP address please stand up?
Instructors: Jeffrey J. Carpenter (CERT Coordination Center), Brian P. Dunphy (ASSIST)
13:30 - 18:00 Advanced Tutorial Track: Computer Virus Operation and New Directions (half day tutorial, including 2 refreshment breaks)
Instructors: Klaus-Peter Kossakowski (Secunet), Prof. Emilia Rosti (CERT-IT), Roger Safian (Northwestern University)
Authors: William J. Orvis (CIAC), Ron Moritz CISSP CISA (Finjan Software, Ltd.)

Tuesday, June 15, 1999

08:00 - 09:00 On-Site Registration -
PGP key-signing officials Teun Nijssen and Stefan Kelm present
09:00 - 10:40 Opening Session
Session Chair: Don Stikvoort (M&I/STELVIO), Program Chair

FIRST Chair's Welcoming Remarks
Moira J. West-Brown (CERT/CC)
Welcoming Address
Senator the Honourable Amanda Vanstone (Minister for Justice and Customs)
Keynote Address
Prof. William Caelli (Queensland University of Technology)
Local Organizer's Welcoming Remarks
Eric Halil (AusCERT)

10:40 - 11:15 Refreshment Break
11:15 - 12:30 CSIRT Foundation: gaining and operating "Trust"
Session Chair and Panel Coordinator: Klaus-Peter Kossakowski (Secunet)

Teams in the Asian / Pacific Area (Panel)

Setting up a Policy Certification Authority
Teun Nijssen (Tilburg University & CERT-NL), Stefan Kelm (University of Hamburg & DFN-CERT)

12:30 - 14:00 Lunch Break
14:00 - 15:20 Vulnerability Prevention and Insurance
Session Chair: Christina Serban (AT&T Laboratories)

Assessing Network Security for Insurability
Topher Hughes (Cisco Systems)
On the Management of Secure Gateways
Dr. Brian Denehy and Jeremy Hamlyn (SecureGate Limited)
Bugs per Amount of Code
Dr. Wietse Venema (IBM)

15:20 - 16:00 Refreshment Break
16:00 - 17:30 A Case Study in Incident and Vulnerability Handling Coordination (Workshop)
Coordinators: Jeffrey J. Carpenter, Katherine T. Fithen (both CERT Coordination Center)
19:00 - 21:00 BoF (Birds of a Feather) Sessions
Coordinators: Rob McMillan (AusCERT)
See also the list of scheduled BoF sessions.

Wednesday, June 16, 1999

08:00 - 09:00 On-Site Registration
09:00 - 10:40 Vulnerability Handling
Session Chair: Mowgli Assar (OSU-IRT)

Vulnerability Assessment Using SAINT
Jane M. Lemmer (World Wide Digital Security, Inc.)
Security Issues for "Always-On" Devices: ADSL and Cable Modem Access
Christina Serban (AT&T Laboratories)
A tiger team approach to resolving vulnerability cases
Marko Laakso (University of Oulu)

10:40 - 11:15 Refreshment Break
11:15 - 12:15 What Incident Response Personnel need to know about today´s hacker world (Panel)
Dr. Wietse Venema (IBM), Mowgli Assor (OSU-IRT), Byron Collie (Directorate of Information Warfare, Headquarters Air Command), Walter Belgers (Origin)
12:15 - 14:00 Lunch Break
14:00 - 15:20 Intrusion Detection
Session Chair: Martin Khoo (National Computer Board, Singapore)

The Implementation of IDA: An Intrusion Detection Agent System
Midori Asaka (Information-technology Promotion Agency, Japan)
Lessons Learned in the Implementation of a Multi-Location Network Based Real-Time Intrusion System
Michael L. Puldy (Manager IBM Emergency Response Service)

15:20 - 16:00 Refreshment Break
16:00 - 17:00 10 years of CSIRT evolution (Panel)
Coordinator: Katherine T. Fithen, Jeffrey J. Carpenter (both CERT Coordination Center)
18:30 - 19:30 Pre-dinner Drinks
19:30 Conference Banquet

Thursday, June 17, 1999

08:00 - 09:00 On-Site Registration
09:00 - 10:40 Incident Handling
Session Chair: Andrew Cormack (JANET-CERT)

Semi-Auto Intruder Retracing Using Autonomous Intrusion Analysis Agent
Chaeho Lim (CERTCC-KR)
Automating Incident Reporting
Jed M. Pickel (CERT Coordination Center), Chris Rouland (Internet Security Systems, Inc.)
10:40 - 11:15 Refreshment Break
11:15 - 12:15 Ask the Experts (Panel)
Coordinator: Roger Safian (Northwestern University)
12:15 - 14:00 Lunch Break
14:00 - 16:00 Primary Tutorial Track: Secure Shell (SSH) Tutorial
Instructor: Steve Acheson (Cisco Systems)
14:00 - 16:00 Advanced Tutorial Track: Risk Avoidance and Risk Management : Phrenology in Cyberspace (first half of tutorial)
Instructor: Bob Ayers (Admiral Management Services)
16:00 - 16:30 Refreshment Break
16:30 - 18:30 FIRST General Meeting
Attendance and participation at the FIRST Steering Committee and General Meetings is limited to FIRST team members and their invited guests, subject to approval by the Steering Committee.
Information about the Annual General Meeting is available on the AGM page.

Friday, June 18, 1999

09:00 - 13:00 Primary Tutorial Track: Creating an Incident Response Team (half day tutorial, including 1 refreshment break)
Instructors: Rob McMillan (AusCERT), Danny Smith (SUN Microsystems Inc.)
Authors: Sandy Sparks (CIAC), Marianne Swanson (NIST)
Tutorial including presentation of "FedCIRC Today: The U.S. Government's Approach to Incident Response" by Judith A. Spencer (Director of FedCIRC)
09:00 - 13:00 Advanced Tutorial Track: Risk Avoidance and Risk Management : Phrenology in Cyberspace (second half of tutorial, including 1 refreshment break)
(continued)
13:00 - 14:00 Lunch Break
14:00 - 15:30 Closing Session
Session Chair: Peter Haag (Nextra AG)

Endnote Address
Steve Orlowski (Special Advisor on IT Security Policy, Australian Federal Attorney-General's Department)
Closing Panel
Coordinator: FIRST Chair, Moira J. West-Brown (CERT/CC)

Last modified: 6 June 1999

Sunday, June 13, 1999
19:00	-	21:00	On-Site Registration
19:00	-	21:00	Icebreaker and Early Arrival Get-Together
Monday, June 14, 1999
08:00	-	09:00	On-Site Registration
09:00	-	12:30	Primary Tutorial Track: Black Hats Session (first half of tutorial, including 1 refreshment break) Instructors: Ir. Walter Belgers (Origin), Hans van de Looy
09:00		12:30	Advanced Tutorial Track: Computer Forensics (half day tutorial and panel, including 1 refreshment break) Instructors: Prof. George Mohay (Queensland University of Technology), Rodney McKemmish (Queensland Forensic Computing Examination Unit), Dr. Alison Anderson (Queensland University of Technology), Byron Collie (Directorate of Information Warfare, Headquarters Air Command), Olivier de Vel (Defense Science and Technology Organization)
12:30	-	13:30	Lunch Break
13:30	-	18:00	Primary Tutorial Track: 13:30 - 15:30 Black Hats Session (second half of tutorial) 15:30 - 16:00 Refreshment break 16:00 - 18:00 Will the real owner of this IP address please stand up? Instructors: Jeffrey J. Carpenter (CERT Coordination Center), Brian P. Dunphy (ASSIST)
13:30	-	18:00	Advanced Tutorial Track: Computer Virus Operation and New Directions (half day tutorial, including 2 refreshment breaks) Instructors: Klaus-Peter Kossakowski (Secunet), Prof. Emilia Rosti (CERT-IT), Roger Safian (Northwestern University) Authors: William J. Orvis (CIAC), Ron Moritz CISSP CISA (Finjan Software, Ltd.)
Tuesday, June 15, 1999
08:00	-	09:00	On-Site Registration - PGP key-signing officials Teun Nijssen and Stefan Kelm present
09:00	-	10:40	Opening Session Session Chair: Don Stikvoort (M&I/STELVIO), Program Chair FIRST Chair's Welcoming Remarks Moira J. West-Brown (CERT/CC) Welcoming Address Senator the Honourable Amanda Vanstone (Minister for Justice and Customs) Keynote Address Prof. William Caelli (Queensland University of Technology) Local Organizer's Welcoming Remarks Eric Halil (AusCERT)
10:40	-	11:15	Refreshment Break
11:15	-	12:30	CSIRT Foundation: gaining and operating "Trust" Session Chair and Panel Coordinator: Klaus-Peter Kossakowski (Secunet) Teams in the Asian / Pacific Area (Panel) Setting up a Policy Certification Authority Teun Nijssen (Tilburg University & CERT-NL), Stefan Kelm (University of Hamburg & DFN-CERT)
12:30	-	14:00	Lunch Break
14:00	-	15:20	Vulnerability Prevention and Insurance Session Chair: Christina Serban (AT&T Laboratories) Assessing Network Security for Insurability Topher Hughes (Cisco Systems) On the Management of Secure Gateways Dr. Brian Denehy and Jeremy Hamlyn (SecureGate Limited) Bugs per Amount of Code Dr. Wietse Venema (IBM)
15:20	-	16:00	Refreshment Break
16:00	-	17:30	A Case Study in Incident and Vulnerability Handling Coordination (Workshop) Coordinators: Jeffrey J. Carpenter, Katherine T. Fithen (both CERT Coordination Center)
19:00	-	21:00	BoF (Birds of a Feather) Sessions Coordinators: Rob McMillan (AusCERT) See also the list of scheduled BoF sessions.
Wednesday, June 16, 1999
08:00	-	09:00	On-Site Registration
09:00	-	10:40	Vulnerability Handling Session Chair: Mowgli Assar (OSU-IRT) Vulnerability Assessment Using SAINT Jane M. Lemmer (World Wide Digital Security, Inc.) Security Issues for "Always-On" Devices: ADSL and Cable Modem Access Christina Serban (AT&T Laboratories) A tiger team approach to resolving vulnerability cases Marko Laakso (University of Oulu)
10:40	-	11:15	Refreshment Break
11:15	-	12:15	What Incident Response Personnel need to know about today´s hacker world (Panel) Dr. Wietse Venema (IBM), Mowgli Assor (OSU-IRT), Byron Collie (Directorate of Information Warfare, Headquarters Air Command), Walter Belgers (Origin)
12:15	-	14:00	Lunch Break
14:00	-	15:20	Intrusion Detection Session Chair: Martin Khoo (National Computer Board, Singapore) The Implementation of IDA: An Intrusion Detection Agent System Midori Asaka (Information-technology Promotion Agency, Japan) Lessons Learned in the Implementation of a Multi-Location Network Based Real-Time Intrusion System Michael L. Puldy (Manager IBM Emergency Response Service)
15:20	-	16:00	Refreshment Break
16:00	-	17:00	10 years of CSIRT evolution (Panel) Coordinator: Katherine T. Fithen, Jeffrey J. Carpenter (both CERT Coordination Center)
18:30	-	19:30	Pre-dinner Drinks
19:30			Conference Banquet
Thursday, June 17, 1999
08:00	-	09:00	On-Site Registration
09:00	-	10:40	Incident Handling Session Chair: Andrew Cormack (JANET-CERT) Semi-Auto Intruder Retracing Using Autonomous Intrusion Analysis Agent Chaeho Lim (CERTCC-KR) Automating Incident Reporting Jed M. Pickel (CERT Coordination Center), Chris Rouland (Internet Security Systems, Inc.)
10:40	-	11:15	Refreshment Break
11:15	-	12:15	Ask the Experts (Panel) Coordinator: Roger Safian (Northwestern University)
12:15	-	14:00	Lunch Break
14:00	-	16:00	Primary Tutorial Track: Secure Shell (SSH) Tutorial Instructor: Steve Acheson (Cisco Systems)
14:00	-	16:00	Advanced Tutorial Track: Risk Avoidance and Risk Management : Phrenology in Cyberspace (first half of tutorial) Instructor: Bob Ayers (Admiral Management Services)
16:00	-	16:30	Refreshment Break
16:30	-	18:30	FIRST General Meeting Attendance and participation at the FIRST Steering Committee and General Meetings is limited to FIRST team members and their invited guests, subject to approval by the Steering Committee. Information about the Annual General Meeting is available on the AGM page.
Friday, June 18, 1999
09:00	-	13:00	Primary Tutorial Track: Creating an Incident Response Team (half day tutorial, including 1 refreshment break) Instructors: Rob McMillan (AusCERT), Danny Smith (SUN Microsystems Inc.) Authors: Sandy Sparks (CIAC), Marianne Swanson (NIST) Tutorial including presentation of "FedCIRC Today: The U.S. Government's Approach to Incident Response" by Judith A. Spencer (Director of FedCIRC)
09:00	-	13:00	Advanced Tutorial Track: Risk Avoidance and Risk Management : Phrenology in Cyberspace (second half of tutorial, including 1 refreshment break) (continued)
13:00	-	14:00	Lunch Break
14:00	-	15:30	Closing Session Session Chair: Peter Haag (Nextra AG) Endnote Address Steve Orlowski (Special Advisor on IT Security Policy, Australian Federal Attorney-General's Department) Closing Panel Coordinator: FIRST Chair, Moira J. West-Brown (CERT/CC)

The 11th Annual FIRST Conference onComputer Security Incident Handling and Response

June 13 to June 18, 1999Brisbane, Australia

Final Program

Sunday, June 13, 1999

Monday, June 14, 1999

Tuesday, June 15, 1999

Wednesday, June 16, 1999

Thursday, June 17, 1999

Friday, June 18, 1999

The 11th Annual FIRST Conference on
Computer Security Incident Handling and Response

June 13 to June 18, 1999
Brisbane, Australia