COMPSEC ‘97 Paper Abstracts

Title: The Spectrum of Modern Firewalls Author: Marius Nacht, Checkpoint Software

Network firewalls have been in existence for a rela- tively short time, yet during this period the demands made of them have dramatically changed. To adapt to those changes, firewalls had to migrate among differ- ent platforms and operating systems. In addition, the core technology and architecture upon which they were based changed as well.

Title: Intrusion Detection and Response Author: Fred Cohen, Sandia National Laboratories

The state of the art in logical intrusion detection of national information infrastructure (NII) systems is such that a human expert working with a well-developed set of tools can implement a detection system in a few months for a special-purpose computing environment with the properties that it: reliably detects a substantial number of known intrusion techniques, detects sub- stantial short-term changes in user and system behaviour, produces many alarms that, on investigation, are not intrusions (false-positives) and fails to learn on an unknown number of intrusions (false-negatives).

STREAM 2: Security Strategy

Title: Encryption Policy - A UK Perspective Author Nigel Hickson, DTI

Although my paper will concentrate, inter alia, on the various services which Trusted Third Parties may offer IT users, I thought it important to explain some of the factors which are driving the development of encryp- tion policies in the western world. I hope to be able to expand on one or two of the more controversial issues outlined in the paper, and also to bring readers up to date with the rapidly changing scene in the EU and US.

Title:

Author.

What Are Certification Authorities and What Are They Liable For? Tom Parker, ICL

Public Key Cryptography has come of age. It is becoming the most important single security technol-

ogy in use today.When PK was first introduced, it was thought that its security properties were simple and that its application would be relatively straightforward, but since then, a huge and complex infrastructure has developed as the subtleties of the security properties and requirements of PK have come to be better understood. In this session we describe one of the components of this infrastructure - the Certification Authority, and its role in the provision of an infra- structure for public key technology.

Title: The Enemy Everywhere Author: Michael Bacon, KPMG

Over previous years at COMPSEC, many speakers have touched upon the threat presented by staff and that pre- sented by ‘hackers’ and others. In my paper “Whispering in the Wire” (1991) I gave an indication of the profile and ranking of the major intruders into communica- tions systems. Drawing upon research and experience before and since 1991, this paper specifically examines the threats posed by staff, naive and sophisticated hack- ers, action groups and terrorists, national intelligence agencies and others. It examines their motives - finan- cial, revenge, egotism, idealism, opportunism, igno- rance/innocence, learning and lore, anarchism, espi- onage. It looks at some of their methods - focused penetration, broad/blunt attacks, multiple attacks, social engineering, spoofing, password capture. It indicates some of the results - denial of service, corrupted data, fraud and their subtlety or otherwise. It also briefly dips into the future - characterized by Class I, II and III Information Warfare threats and the people who will use these against organizations.

Title: Look Back in Wonder A.&or: Chris Amery, Zergo

After a previously blameless career progression in IBM, the author stumbled into Information Security in 1982. Now retired after five years with Zergo, in this paper he looks back at the amazing growth since then.We are in one of the most exciting professions in IT. Is that because of all our work over the past 15 years, or in spite of it? Do we deserve our good for- tune? In this largely anecdotal review of the history of Information Security, the author gives a personal view.

516