Cornell University

 Computer and Network Security Seminars (Past)

The regular seminar schedule is 12:00-1:30 the last Wednesday of every month.

Past Seminars: 2002
Sept. 25 &
Oct. 30		 12:00-1:30 pm   Discussion of Draft Security Policy 219 CCC
  These two meetings will be devoted to discussion of the draft security policy, which has been distributed as an e-mail attachment to the security-discuss-l mailing list.
August 28 12:00-1:30 pm   July/August Security Seminar G10 Biotech
 

The agenda is:
1) Update on OIT/CIT security position
2) Introduce new IT Audit person
3) Ramifications of more disruptive viruses
4) CIT's outreach to incoming students about virus & security
5) Security Policies: Drafts of the two new proposed security policies should be available
    (these will also be sent to security-discuss-l, as pdf files, before the meeting)
June 26 12:00-1:30 pm   Monthly Security Seminar G10 Biotech
  Agenda: CIT security activities, services and current practices

April 15-17,
2002		 Legal Issues in Information Security Statler Hotel
 

College and University Information Security Professionals (CUISP)
Spring Conference

Since the conference is here at Cornell, this will be a good opportunity to participate.

For more information see:
http://www.brown.edu/Research/Unix_Admin/cuisp/announcement2002.html

Past Seminars: 2001
Nov. 28,
2001		11:30-1:00 Information Security: A Primer on How to Protect Your Company's Intellectual Property G10 Biotech
  This seminar will focus on how to address the human risk factors to mission critical information, such as careless disclosure, internal adversaries, business partner dealings, physical plant security, document classification practices, Human Resources and Legal practices, errors & omissions, and inadequate awareness training.

Richard Sheiman is founder and president of InfoScreen, Inc., a Competitive Intelligence and Information Security consultancy. He has been actively engaged in competitive intelligence and market analysis since 1987, starting his career with Harlan Brown and Company in McLean, VA. Richard earned a BS from Cornell and an MBA from UC Berkeley.

Questions will be answered throughout the seminar, which is open to everyone. Refreshments will be served.

August 29,  
2001		11:30-1:00 Firewall guidelines G10 Biotech
  We will be discussing a proposal for university-wide firewall guidelines.

This presentation is available as a web page or PowerPoint presentation.


July 25,  
2001		11:30-1:00 Securing Microsoft IIS Bache Auditorium,
Malott Hall
 

Moe Arif and Thomas Braun of CIT's Systems and Operations division will discuss how to protect your Windows 2000 or NT system against IIS vulnerabilities. This presentation is available online as text or PowerPoint slides.
June 27,  
2001		11:30-1:00 Vendor Discussion of Firewall Products Bache Auditorium,
Malott Hall
  This month will be, per community request, a vendor program. Smallworld Technologies, the reseller for ISS in the area, will discuss the ISS product line and the recent acquisition of Network Ice, the folks who bring us the popular BlackICE Personal Firewall. They will discuss the individual products as well as how the products complement each other.

Snacks will be provided.
May 30,  
2001		11:30-1:00 Network Certification Program & Open Discussion G10 Biotech
  We will provide an overview of the Network Certification program that was recently introduced at the CUSS meeting.

The remainder of the session will be an open (within reason) discussion of recent intrusions, their implications, and our response.
March 28,  
2001		11:30-1:00 Developing a Cornell Firewall Standard G10 Biotech
  The meeting will be an open discussion on the development of a Cornell University Firewall Standard. I would like to extend a special invitation to those who are currently operating a firewall in the Cornell address space. We would be very interested in understanding what your experience has been.

While the topic is intended primarily for departmental scale firewalls, questions and burning issues about personal or desktop firewalls will be welcome.

And, most importantly, the snacks are back!
Jan. 31,   
2001		11:30-1:00 Public Key Infrastructure Revisited Bache Auditorium, Malott Hall
  Due to popular demand, we will revisit the Public Key Infrastructure. For those of you who have attended other sessions, this will not be a replay of the same presentation. Much has taken place in the last few months and I will bring you fresh information. My goal is to give you enough information to make informed decisions as to how your organization will handle this increasingly hot topic.


Past Seminars: 2000

Nov. 22,   
2000		11:30-1:00 Matrix Virus Statler 265
  The November seminar will review our recent experience with the Matrix virus. While it's possible that this may be more of an update, it's more likely that it will be a post-mortem.
Oct. 25,
2000		11:30-1:00 PKI Update Statler 265
  The FBI agent who was scheduled to talk with us at this month's security seminar has been assigned to the Syracuse bombing investigation and is seriously unavailable.

I will take this opportunity to repeat the July seminar with an update on national higher education PKI activities. This will include recent updates and will not be a simple replay of the July presentation.


Sept. 27,  
2000		11:30-1:00 Computer and Network Hackers - What (and who) we are up against Statler 265
  In order to effectively defend ourselves from computer and network hackers, we have to know their trade. In this seminar, Dr. Thomas P. Braun of CIT Systems & Network Infrastructure Security will present a summary of some of the well-known tools and techniques that are currently used. We will go over the anatomy of an attack, covering all the steps that are typically involved. While the techniques will be described in some detail, the focus of this seminar lies on prevention.

The activity of the newly formed CIT security team will be presented and the seminar will end with an open discussion of countermeasures.


Aug. 30,
2000		11:30-1:00 FirewallsStatler 265
  Firewalls have become a very hot topic on campus. The August 30 seminar will be a return to the discussion format. We will address such questions as
  • What is a firewall?
  • What will it do?
  • What will it NOT do?
  • When is a firewall appropriate?
  • What alternatives are available?
  • How are firewall requirements documented?
  • What assistance is available?

If you have questions about firewalls, please join us. If you have answers about firewalls... definitely join us!! This is an open meeting and everyone is welcome, Cornell or otherwise.
July 26,
2000		11:30-1:00 PKI UpdateMallott 251
  Public Key Infrastructure: Who, What, When, Where, Why and How?

May 31,
2000		11:30-1:00 Linux Secure ConfigurationMallott 251
 

An introduction to the recently developed Cornell Secure Linux Package:

There is no need to advertise LinuX any more; everybody is going wild about the potential of this high performance / low cost OS. Indeed, you can do almost everything you want with a LinuX box, but so can others...

First we will present a real case study of an attack that can (and will) exploit the standard "out-of-the-box" LinuX installation. This helps to identify the risks involved, and how to avoid (most of) them. The second part of the seminar will consist of a sneak preview of the (more) secure Cornell LinuX Configuration (code name "Red Bear").

We'll give a summary of related efforts elsewhere and present the three packages (kerberos/sidecar, secure shell, security script).
April 26,
2000		11:30-1:00 Cornell Security ReviewStocking 204
  An overview of the current security environment, the sucesses and challenges
*** Due to conflicts with the Corporate Time Pilot, this meeting was cancelled ***

March 1,
2000		3:00 - 4:30 p.m. AuthenticationBiotech G01
 

"Who's on first? What's on second?"
How do we find out?
How do we know it's really Who?

These are the questions we will be asking at the March Security Seminar, in Biotech G01, on March 1, 2000 at 3:00pm.

The subject of this month's seminar is Authentication. First we will get a good description of how it's done now. Then we will move on to a discussion of how well it works (or not), and where there may be gaps in the coverage. Lastly we will discuss the alternatives available to close those gaps.

Whether you are actively involved in delivering security services or are merely interested in the topic, please join us.

Feb. 2,
2000		3:00 - 4:30 p.m. Passwords100 Caldwell
 

Habiger (Retired Air Force Gen. Eugene E. Habiger, who was named DOE security "czar") said cyber-security was so lax a year ago that the weapons laboratories did not even have a uniform policy governing the use of computer passwords. Many employees used their last names or initials, and some simply typed "password" when logging onto classified networks, he said.

Now, Habiger added, "we have a password policy that I would put up against any in industry and academia."

The first monthly security seminar will explore the issues relating to passwords at Cornell. Some of the questions that have already been raised include (but are certainly not limited to):

  1. Just what IS the password policy at Cornell?
  2. What SHOULD it be?
  3. What constitutes a good password?
  4. How can password policy be enforced?
  5. Should passwords ever be stored or transmitted in clear text?

Please join us as we explore these questions and more.

This page is developed and maintained by the Office of Information Technologies. Please write to us with your feedback at security@cornell.edu.

Last updated June 04, 2007