|
Sunday, June 22, 1997
|
| 6:00pm | - | 8:00pm | | On-Site Registration |
| 6:00pm | - | 8:00pm | | Icebreaker and Early Arrival Get-Together |
|
Monday, June 23, 1997
|
| 8:00am | - | | | On-Site Registration |
| 9:00am | - | 5:30pm | |
| "Establishing an Incident Response Team" (full day tutorial) |
| Instructors: | Sandy Sparks (CIAC)
Kathy Fithen (CERT-CC)
Marianne Swanson (NIST)
Pat Zechman (SAIC) |
|
| 10:30am | - | 11:00am | | Refreshment Break |
| 12:30pm | - | 2:00pm | | Lunch Break |
| 2:00pm | - | 5:30pm | |
"International Internet Law Developments circa June 1997:
If You Can See It, You Can Sue It" |
| Instructor: | William J. Cook
(Brinks Hofer Gilson & Lione,
Intellectual Property Attorneys) |
|
| 3:30pm | - | 4:00pm | | Refreshment Break |
|
Tuesday, June 24, 1997
|
| 8:00am | - | | | On-Site Registration |
| 9:00am | - | 9:30am | | Welcoming Remarks |
| 9:30am | - | 10:30am | |
Keynote Address: John Austen
Managing Director, Computer
Crime Ltd. and lecturer in Information Security,
Royal Holloway College, University of London.
Previously Head of Computer Crime, New Scotland
Yard (1984-1996) and Chairman,
Interpol Computer Crime Committee
(1990 - 1996) |
|
| 10:30am | - | 11:00am | | Refreshment Break |
| 11:00am | - | 12:30pm | |
| FIRST Team Update Presentations |
| Coordinator: | Klaus-Peter Kossakowski (DFN-NSCC) |
|
| 12:30pm | - | 2:00pm | | Lunch Break |
| 2:00pm | - | 3:30pm | |
| Incident Characterization |
| Session Chair: | Brian Dunphy (ASSIST) |
| "The Evolution and Mutation of Hacks/Incidents" |
| Author: | John Pescatore (Trusted Information Systems)
|
| "Characterizing Intruder(s) Methods of Operation" |
| Author: | Steve Romig (Ohio State University) |
| "Why Are Some Incidents Never Solved?" |
| Author: | Wolfgang Ley (DFN-CERT) |
|
| 3:30pm | - | 4:00pm | | Refreshment Break |
| 4:00pm | - | 5:30pm | |
| "Report of the Task Force on the Future of FIRST,
Presentation and Discussion" |
| Moderator: | Moira West-Brown (CERT-CC) |
|
| 7:00pm | - | 9:00pm | |
| BoF (Birds of a Feather) Sessions |
| Coordinator: | Wolfgang Ley (DFN-CERT) |
|
|
Wednesday, June 25, 1997
|
| 8:00am | - | | | On-Site Registration |
| 9:00am | - | 10:30am | |
| Tools 1 - Incident Response |
| Session Chair: | Roger Safian (Northwestern University) |
| "The Design and Creation of a UNIX Based Automated
Incident Response System"
|
| Author: | Dr. Eric A. Fisch (Trident Data Systems)
Udo Pooch (Texas A&M University)
Greg White (USAF Academy)
|
| "Intruder Containment - An Automated Method of
Response to Potential Security Incidents"
|
| Authors: | Paul C Brutch (Texas A&M University)
Willis Marti (Texas A&M University)
Udo Pooch (Texas A&M University)
Dhiraj Pradhan (Texas A&M University)
Greg White (USAF Academy)
|
| "Incident and Request Handling System (IRHS)" |
| Author: | John Fisher (CIAC) |
|
| 10:30am | - | 11:00am | |
Refreshment Break |
| 11:00am | - | 12:30pm | |
| Response Team Operations |
| Session Chair: | Paul Mauvais (CIAC) |
| "Third Party Network Audit Experience" |
| Authors: | Michel Miqueu (CNES)
Serge Tapia (Alcatel TITN Answare)
|
| "Public Key Infrastructures" |
| Author: | Wolfgang Ley (DFN-CERT) |
| "Coordinating Multi-Vendor Vulnerabilities
- Why is it so difficult?" |
| Author: | Eric Halil (AUSCERT) |
|
| 12:30pm | - | 2:00pm | | Lunch Break |
| 2:00pm | - | 3:30pm | |
| "Opening The Vendor Black Box" |
| Coordinator: | Miguel J. Sanchez (SGI) |
|
| 3:30pm | - | 4:00pm | | Refreshment Break |
| 4:00pm | - | 5:30pm | |
| FIRST PGP Key-Signing Session |
| Coordinator: | Wolfgang Ley (DFN-CERT) |
|
| 7:30pm | - | 10:00pm | | Conference Banquet |
|
Thursday, June 26, 1997
|
| 8:00am | - | | | On-Site Registration |
| 9:00am | - | 10:30am | |
| "Information Sharing Amongst Incident Response Teams" |
| Coordinator: | Dr. Eric A. Fisch (Trident Data Systems) |
|
| 10:30am | - | 11:00am | |
Refreshment Break |
| 11:00am | - | 12:30pm | |
| "Public Communications in the World of Incident
Response" |
| Presentors: | Terry McGillen (CERT-CC)
Katherine Fithen (CERT-CC)
|
|
| 12:30pm | - | 2:00pm | | Lunch Break |
| 2:00pm | - | 5:30pm | |
| FIRST General Meeting |
The general meeting agenda will be e-mailed to the FIRST
Teams prior to the conference.
Attendance and participation at the FIRST Steering
Committee and General Meetings is limited to FIRST team
members and their invited guests.
|
|
| 3:30pm | - | 4:00pm | | Refreshment Break |
|
Friday, June 27, 1997
|
| 9:00am | - | 10:30am | |
| Tools 2 - Incident Monitoring and Management |
| Session Chair: | Eric Halil (AUSCERT) |
| "Hey, Who Took My Keyboard?" |
| Author: | Steven Branigan (Lucent Technologies) |
| "Review - A Tool for Reviewing Tcpdump Packet Logs" |
| Author: | Steve Romig (Ohio State University) |
|
| 10:30am | - | 11:00am | | Refreshment Break |
| 11:00am | - | 12:30pm | |
| Response Team Management |
| Session Chair: | Thomas Lenggenhaser (SWITCH-CERT) |
| "Incident Control via Incident Prevention" |
| Author: | Dr. Eric A. Fisch (Trident Data Systems) |
| "From Incident Response to Incident Management" |
| Author: | Klaus-Peter Kossakowski (DFN-NSCC) |
| "An Institutional Approach to Incident Response
Team Staff Education & Certification" |
| Author: | Asst. Prof. Ahmet Koltuksuz
(Izmir Institute of Technology) |
|
| 12:30pm | - | 2:00pm | | Lunch Break |
| 2:00pm | - | 3:30pm | | Closing Session |