[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


		  Second Annual Technical Symposium
			"Computers & The Law"
                         November 12-15, 1995
                              Tampa, FL

As computers are utilized in more and more aspects of everyday life,
the once distinct areas of technology, legislature, and law
enforcement draw closer together.  This unique technical conference
provides a forum in which members of these three fields can meet to
share experiences and ideas.  The four day technical program (a day of
tutorials, two days of talks, and another day of tutorials) will
provide you with essential knowledge, whether your field is technical,
legal, or law enforcement.

Copies of this information are available via email at
conference@sug.org or on the World Wide Web at http://sug.org.

If you have further questions, contact the Sun User Group at

|                    IMPORTANT DATES TO REMEMBER:                       |
| Early-bird Savings Deadline:                  October 13, 1995        |
|       Registrations must be received at the Sun User Group offices    |
|       by October 13, 1995 to be eligible for Early-bird savings       |
|                                                                       |
| Hotel Discount Reservation Deadline:          October 21, 1995        |


        SUNDAY, November 12, 1995 - TUTORIAL PROGRAM
        MONDAY, November 13, 1995 - TECHNICAL SESSIONS
        TUESDAY, November 14, 1995 - TECHNICAL SESSIONS
        WEDNESDAY, November 15, 1995 - TUTORIAL PROGRAM

The SUG Tutorial Program brings experienced training professionals to
you.  Courses are presented by skilled teachers who are hands-on
experts in their topic areas.  The tutorials will cover a variety of
topics relating to Sun/SPARC and x86-based machines, running any of a
number of operating systems.

Those who attend the tutorials will benefit from this unique
opportunity to develop essential skills in a unique combination of
UNIX system security, ethical, and legal topics.

The tutorial program at Tampa is divided into two days, with both
full- and half-day tutorials offered.  Attendees may select any
non-overlapping set of classes.  To ensure adequate seating and to
reduce crowding, we are requiring that registrants pre-register for
specific classes.  Please note that some prior knowledge is required
for the advanced tutorials.

SUG's tutorial program is always in demand, and some tutorials are
almost guaranteed to sell out before registration closes.  Attendance
is limited, and pre-registration is strongly recommended.  On-site
registration is possible ONLY if space permits.

		 Sunday, November 12, 1995 Tutorials

S1 - 9:00am-5:00pm
Basics of Unix Security
Peter Galvin, Corporate Technologies, Inc.

This course will teach you the very basics about Unix security,
including some common threats, what to monitor in the file system,
standard publicly-available tools and resources, and some common
programmed threats to Unix including how to deal with
denial-of-service attacks.

The emphasis of this class is on security basics -- the very
fundamentals to making a Unix system more secure.  Thus, this course
is targetted at new Unix administrators and auditors, and those who
have not had as much background and experience with security as they
might need.  The material is presented in a vendor-independent
fashion, and presupposes no prior knowledge of (or access to) source
code.  Students will receive a copy of "Practical Unix Security" by
Simson Garfinkel and Gene Spafford, which will be used as the textbook
for the course.

	What is security?How do we get better security?

Users & authentication
	What defines a user?
	Passwords and identification
	Special permissions
	Working in groups
	Setting good passwords

Filesystem protection
	File types and protection modes
	Setting modes
	Checking modes
	Checking for changes

Programmed attacks
	Trojan Horses & boobytraps
	other problems

Security tools and add-ons
TCP wrappers
	other resources

Response teams & assistance
	FBI, SS, local

ABOUT THE INSTRUCTOR: Peter Galvin is the Chief Technologist for
Corporate Technologies, Inc. and was the Systems Manager for Brown
University's Computer Science Department.  Mr. Galvin is on the Board
of Directors for the Sun User Group.  He has used, programmed, and
managed computer systems for 15 years, including 8 years with Sun

As a consultant and trainer, he has taught a week-long course in Sun
system administration, and given talks at SunWorld and the annual SUG
conferences, for which he has also served as Chair of the Program
Committee.  He is the security columnist for SunWorld Online (http:
//www.sun.com/sunworldonline), and coauthor of _Operating Systems Concepts_
by Silberschatz and Galvin. Mr. Galvin holds a Master's degree in Computing
Science from the University of Texas at Austin.

S2 - 9:00am-5:00pm
System Administrator Liability 
Edward A.  Cavazos
Target Audience: This tutorial is designed to meet the needs of the
system administrator who is faced with the perplexing legal problems
posed by activities related to overseeing a multi-user system which is
connected to the Internet. Individuals involved in establishing,
operating and managing private, commercial, or government systems of
this type, along with those in a position to draft policies setting
the limits of system use and user expectations will benefit by
becoming aware of the underlying legal issues and the current thinking
with regards to limiting potential legal liabilities.
Topics discussed will include:
* Sysadmins, Lawyers and the Law: Sources of law (statutes, precedents
and the common law), jurisdiction, where to go for legal information
and updates, criminal vs. civil law, the nature of lawsuits and
choosing a lawyer.
* E-Mail Privacy: Understanding the Electronic Communications Privacy
Act and other statutory or common law schemes which protect e-mail and
communication privacy, exceptions to the ECPA which sysadmins need to
know, and how to define and clarify the expectations of privacy held
by users.
* Defamation Liability: Limiting liability for defamatory messages
emanating from your site, understanding current precedents with
regardto sysadmin liability for defamation originating on USENET and
similar public forums, and drawing the line between censorship and
responsible administration.
* Copyright Law for the Sysadmin: A copyright "primer," issues
involving software transmitted via anonymous FTP, steps a sysadmin can
take to avoid a copyright infringemt lawsuit, ownership of materials
"posted" to publicdiscussion groups or conferences, new problems
related to WWW and what level of knowledge might form the basis of
* Adult Materials: understanding the current legal analysis pertaining
to sexually explicit computer materials, recognizing unprotected
activity and how to limit it and novel new questions posed by morphing
and related technologies.
* Protecting Your System: user agreements, acceptable use policies,
log-in banners, employment policies and similar methods of defining
the acceptable parameters of system e.
ABOUT THE INSTRUCTOR: Edward A. Cavazos is a practicing attorney with
in the Houston office of the law firm of Andrews & Kurth, where he
represents high-tech and Internet related companies.  His practice
involves rendering services involving litigation, employment law,
products liability, and general business representation. Prior to
becoming licensed, he was involved in computer consulting and hardware
and software development. He has also been a BBS sysop for almost ten
He is the author of several articles relating to on-line legal issues
and system administrator liability questions, and is the co- author of
Cyberspace and the Law: Your Rights and Duties in the On-Line World
(MIT Press).  Mr. Cavazos is also a frequent lecturer on the legal
issues posed by computer communications. When not writing or speaking,
he serves on the Board of Directors of Electronic Frontiers Houston.

		Wednesday, November 15, 1995 Tutorials

W1 - 9:00am-5:00pm
Firewalls and Internet Security
Rik Farrow, Consultant

A connection to the Internet can lead to probes and attacks from
sites around the world.  This one day course examines probing
tools, some TCP/IP basics, routers configured for packet screening,
and full fledged firewalls.  You will leave this course with 
enough information to make decisions about the security of your
Internet connection, and how to choose the appropriate technology
to control and audit your connection to the Internet.

* Probing sites--how hackers find sites, and how to probe your own

* TCP/IP basics--understand the basic protocols involved in Internet
attacks and firewall design.

* Routers and their uses in firewall design.

* Proxy servers on bastion hosts--essential element for a complete
firewall design.

* Choosing a firewall product or public domain software.

ABOUT THE INSTRUCTOR: Rik Farrow has worked with the UNIX system since
1982, and has written two books, UNIX Administration Guide to System V
(Prentice Hall, 1989), and UNIX System Security (Addison-Wesley,
1991).  Since 1986, he has taught courses on UNIX security and system
administration for conferences, user groups, and businesses, in the US
and Europe.  He was the Technical Editor of UNIX World magazine for
four years (as a contractor), and still writes for several magazines.
He has been self-employed for 15 years, enjoys mountain biking, living
in the high desert and flying small planes.

W3a - 9:00pm- 12:30pm		
Network Intrusions
John Smith, Computer Crime Unit, Santa Clara County District
	Attorney's Office

An intruder has gained access to your computer system.  How do you
explain what was stolen and how to a police detective who thinks
you're speaking a foreign language?  How can you, the system
administrator, help the detectives write the report or explain to them
that they might have to do the examination of any recovered evidence
such as a copied account?
Actual cases of computer crimes in Silicon Valley are used as
examples.  Students will follow what has to be done in an
investigation, step by step, including the initial reports that would
be the basis of any search warrants or restraining orders.  Students
will learn how to speed up an investigation by learning to prepare
reports and diagrams that can be part of a request for a search

The Santa Clara County District Attorney's Officer Hi Tech/Computer
Crime Team has had years of experience investigating and prosecuting
trade secret thefts, network intrusions, chip thefts, and other types
of high tech thefts in Silicon Valley.  This experience is interesting
and can serve as a means of educating computer administrators how to
protect their computers and systems, how to prepare an investigation,
how to get the appropriate law enforcement support, and how to prepare
to testify in court if necessary.

Topics covered include:


* POOR PASSWORDS: don't set youself up to be cracked!
* CRACKER PROGRAMS: the most vicious ones in the cracker toolkit
	- TFTP and TCP/IP
	- Trojan Horses
	- Backdoor Programs
	- TIGER and other tools
* SOCIAL ENGINEERING: People can be cracked too, you know.
* PHYSICAL SECURITY: do you know who your modem is talking to?
* GUEST OR ANONYMOUS ACCOUNTS: sure you'll let your sister date him,
but would you give him an account on your machine?


* BUGS and common Security holes
* IP ADDRESSING: what all those numbers & names mean
* MISCONFIGURED SYSTEMS: Some inital configurations come with holes
that vendors expect system admins to fix.
* TRUSTED HOST: don't leave your system wide open


* PACKET BREAKING: Header and other information can be read.
* CHECKSUMS: Comparison of present value with the last known secure value.
* SNIFFER OR LANALYZER: Used to grab packets so they can be analyzed.


* Talk with a systems operator who can explain.

ABOUT THE INSTRUCTOR: John C. Smith is an investigator with the
Computer/High Tech Crime Unit of the Santa Clara County District
Attorney's Office.  He is a frequent guest and lecturer at Sun User
Group meetings and was the Chair for the law enforcement track.

T3b - 1:30pm-5:00pm
Ethics and Systems Administration
S.Lee Henry, Johns Hopkins University

Sysadmins find themselves increasingly involved in ethical dilemmas
that pit security against privacy, and threaten to disrupt the
delicate balance between personal and commercial interests.  

When, if ever, should you overlook the personal use of business
computers?  How should you handle matters involving the potentially
illegal use of your systems?  How do you protect your users' privacy
while not making yourself liable for their activities?  Can you
effectively curb the spread of pirated software?  What are the safest
and most defensible policies to adhere to in light of current laws and
legal precedents?  Can you enforce policies that guard against abuse
while not handcuffing the people whose commitment and creativity your
organization most needs?  What should you do if the abuser is your

This highly interactive, fast-paced tutorial will challenge sysadmins
to come to grips with some difficult ethical dilemmas.

ABOUT THE INSTRUCTOR: S. Lee Henry is a columnist for SunExpert
magazine and has been managing Sun net works for about ten years.  She
currently manages networking and systems for the Physics and Astronomy
Department at Johns Hopkins University.  Prior to this, she spent ten
years doing similar work for "the U.S. Government", also known at the
CIA.  Slee has been serving on the Board of Directors of the Sun User
Group for the past four years.


The Sun User Group keynote sessions are topical and informative --
speakers you won't hear at any other conference!

	Ken Geide, Chief, FBI Economic Espionage Unit
	"Economic Espionage in the USA"
	Monday, November 13, 9 a.m. - 10:30 a.m.

	Mike Godwin, Staff Counsel, The Electronic Frontier Foundation
	Tuesday, November 14, 9 a.m. - 10:30 a.m.

TECHNICAL SESSIONS (Monday, November 13 & Tuesday, November 14):

"Computers & The Law" features three distinct parallel tracks of talks:
Technical; Legal; and Law Enforcement.

	The TECHNICAL track will focus on nuts and bolts of
	maintaining a UNIX or Sun system.  These talks will cover the
	all of the newest developments in the changing world
	of technology.  There are talks from the experts on: UNIX and
	network security; encryption; software distribution in a
	client/server environment; firewalls.

	The LEGAL track will cover up-to-date issues of privacy and
	morality, as well as in-depth examinations of the current and
	changing laws pertaining to software and hardware.  Legal
	professionals from all over the country will examine how
	changing technologies will necessitate changes in the law.

	The LAW ENFORCEMENT track discusses computers as tools.  Tools
	which can help in the prevention of crimes -- or in the
	commission of them.  Join or experts in high-tech crime as the
	discuss the discovery, investigation, apprehension, and
	prosecution of crackers, software pirates, and bandits on the
	information on the information superhighway.


"The Future of Computer Crime"

	Join our panel of experts from both sides of the law discuss
	and predict the uses and abuses of computers into the next

"Unix Security Tools Workshop"
Peter Galvin, Corporate Technologies, Inc.

	With so many tools available to help detect and prevent
	security problems, you practically need a guide to what's
	available, where to get it, what it does, and why you'd want
	to use it.  This workshop is that guide. We'll look at
	scanning tools, detection tools, prevention tools, firewall
	tools, and tools to help during the course of a break-in. Note
	that this is a workshop, not just a talk: If you have favorite
	tools, please be ready to talk about them!

The Great Debate: Round 2 
"Can Existing Laws Be Applied To Cyberspace?"

	"Cyberspace is the new frontier, and is like nothing we've
	seen or experiened before.  In order to keep order in this new
	wilderness, we need new legislation.  Current laws, fine for
	lower technologies, can't possible keep up with the rapidly
	changing face of cyberspace."

			       -- OR --

	"Cyberspace isn't "space" at all.  It's not a place, it's a
	tool, like a FAX machine or a telephone.  We don't need
	special 'electronic' laws, because all of the issues that come
	up on The Internet have all come up before."

	Which is it?  Come hear constitutional law expert Michael
	Froomkin (University of Miami Law School) and former New
	Jersey Securities commissioner Jared Silverman (Hannoch
	Weisman) in the debate which will could change the shape of
	Cyberspace - or your view of it.

Scheduled Papers:

"Information Commerce - Launching Content into Cyberspace"
	David Bernstein, Electronic Publishing Resources

"System Administration - Creating A High-Availability Computing Environment"
	Chip Downing, Director of Technical Services, Qualix Group, Inc.

"The Problem with Passwords: Zero Knowledge Authentication as a
Replacement for Conventional Passphrase Schemes"
	Ben Samman, Yale University Law School

"Issues in Software License Management"
	Dr. Ganapathy Krishnan, Intelligent Software Solutions

"XNet License - A multi-platform flexible license manager"
	Dr. Ganapathy Krishnan, Intelligent Software Solutions

"Sidewinder: Enhanced Security for UNIX Firewalls"
	Dan Thomsen, Secure Computing Corporation

"Secret Service Computer Investigations"
	Bob Friel, U S Secret Service, Electronic Crimes Branch, 

"FBI Computer Crime Team's Mission"
Richard Ress, Supervising Special Agent, FBI Computer Crime Squad

"Victim's Perspective - Ramification of Criminal or Civil Filing"
	Kathryn J (Kate) Fritz, Attorney at Law, Fenwick & West 

"Prosecution of Computer Crime - State Level"
	Lee Hollander, Florida State's Attorney

"Computer Related Pornography"
	Doug Rehman, Florida Dept of Law Enforcement

"Industrial Espionage in Silicon Valley"
	John C. Smith, Investigator, Santa Clara County District
		Attorney's Office

"E-mail Privacy and Message Management Issues"
	Pete Kennedy, George, Donaldson and Ford

"Electronic Contracts" 
	Richard Horning, Horning,Janin and Harvey

"Copyright Infringement and Fair Use"
	Edward A. Cavazos, Andrews & Kurth, LLP

"Jurisdiction in Cyberspace"
	Timothy Langenkamp, University of Houston Law School

"Trademarks Along the Infobahn"
	Dan L. Burk, Seton Hall University Law School

"Protecting and Enforcing Your Company's Trade Secrets"
	David Donaldson, George, Donaldson & Ford

"A survey of On-line Legislation"
	Marshal Dyer, Esq.

"Starting and Growing a Computer Industry Company" 
	Jeff Wade, Andrews & Kurth 

Birds-of-a-Feather Sessions (BOFs) allow attendees to meet and discuss
topics of interest to them.  BOF Sessions are intended to be highly
interactive and much less formal than the Technical Sessions.
Birds-of-a-Feather Sessions will be held Tuesday evening at the
Conference hotel.  We would particularly like to encourage
Birds-of-a-Feather Sessions on topics which would not normally be
discussed during typical technical presentations (for instance,
discussions on professional and technical issues, non-professional
interests common to Systems Administrators, etc.)  To schedule a BOF
Session, or to request more information, direct your e-mail to
office@sug.org.  BOFs may also be scheduled on-site.

RECEPTION Sponsored by our friends at SunExpress!
You are invited to join in the fun, mingle with old and new friends,
and enjoy the plentiful hors d'oeuvres and beverages.  The Sun User
Group Reception is Monday, November 13, from 6:00-8:00pm at the
Conference hotel.  The Reception is included in the technical sessions
registration fee.  Additional Reception tickets may be purchased for a
nominal fee at the conference.

One copy of the Conference Proceedings, which contains all refereed
papers, and one copy of the Invited Talks Submitted Notes may be
picked up at the conference by all technical sessions registrants.
Additional copies may be purchased at the conference. 

The Sun User Group (SUG) brings people together to share information
and ideas about using Sun/SPARC equipment.  You can discover new ways
to save time and money in the pages of _Readme_.  You can get quick
answers to important questions on our electronic mailing list.  At our
seminars you can learn more about the capabilities of your
workstation.  At our conferences, you can meet other people who are
doing progressive and innovative work with their Sun/SPARC equipment.

Now is a better time than ever to join the Sun User Group.  We're
reorganized, reinvented and growing every day.  We've recently
introduced exciting new services specifically for our official LUGs.
Our members-only electronic mailing list has become one of the most
popular routes on the information highway. Our annual conferences
feature respected teachers - from Sun Microsystems as well as many
other areas of the industry.


		       Crowne Plaza, Sabal Park
	    Computers & The Law II Symposium Headquarters
		      10221 Princess Palm Avenue
			   Tampa, FL 33610

voice	(813) 623-6363 
FAX	(813) 246-7113 

	(800) 866-7666 reservations within the USA

The Crowne Plaza is an elegant five-story, full service hotel
conveniently located at the intersection of Interstates 4 and 75, only
20 minutes from Tampa International Airport.  The hotel operates a
complimentary airport shuttle and is only minutes from Busch Gardens,
the new Florida Aquarium, as well as many other popular attractions.

The Sun User Group has a special negotiated rate of $85.00/night for
attendees of the Computers & The Law symposium.  Please be sure to
mention that you are attending the Sun User Group conference and
reserve your room before October 21, 1995.

|                Sun User Group members save $50.00!                |
|	Earlybird Bonus! Register before October 6, 1995 and	    |
|	save $100.00 *plus* get the Sun User Group "Security"	    |
|	CD-ROM for FREE -- a $195 savings if you register by	    |
|	October 13, 1995!					    |

For more information please call (617) 232-0514.

Mail, Email, or FAX registration to:

SUG Symposium
1330 Beacon Street, Suite 344
Brookline, MA 02146

Email: registration@sug.org         Fax: (617) 232-1347

You may also register over the telephone with a Master Card or Visa.

Please print or type the information required.

To join or renew your membership to Sun User Group when registering
for the conference technical sessions, pay the full registration fee
and check the appropriate box below.  A portion of your registration
fee will be designated as dues in full for a one year individual Sun
User Group membership.

		   Sun User Group Membership Status

[ ]	I am a current Sun User Group  member.
	SUG ID#__________________  Exp. Date__________

		Both SUG ID# and exp. date MUST be filled in to be
		eligible for the "Current SUG member" discount below.
		If you do not know your SUG ID# or expiration date,
		please call (617)232-0514 or contact SUG at

[ ]	I am not a current Sun User Group member and would like SUG to
	apply a portion of my registration fee to a one-year SUG

[ ]	I am not a current Sun User Group member but do not wish to
	join at this time.

	|[ ] 	Sessions, one-day only		|	$200	|
	|	Please indicate day:		|		|
	|	[ ] Monday, November 13, 1995	|		|
	|	[ ] Tuesday, November 14, 1995	|		|
	|[ ] 	Sessions, both days		|	$350	|
	|[ ] 	One Tutorial only		|	$350	|
	|	Please indicate choice below	|		|
	|[ ] 	One Tutorial and Sessions	|	$650	|
	|	Please indicate choice below	|		|
	|[ ] 	Full Conference			|	$900	|
	|	Full Conference includes two 	|		|
	|	days of tutorials, plus two days|		|
	|	of sessions.  A savings of $200!|		|
	|	Please indicate choices below	|		|

        |[ ]    Current SUG Member Discount     |               |
        |       You *must* provide your SUG ID  |               |
        |       number to get this discount.    |      -$ 50    |
	|[ ]	Early-bird! Register before	|      -$100	|
	|	October 13, 1995 and save $100	|		|
	|	dollars PLUS get the new SUG 	|		|
	|	Security CD FREE!!		|		|

        |Total Payment Enclosed                 |               |

	** NOTE: November 1, 1995 is the last day for advance
	registration.  A $100 on-site fee will be applied to all
	registrations received after November 1, 1995. **


You can select either one full-day tutorial or two half day tutorials
(Half-day tutorial registration fees are not available).

Please indicate tutorial(s) below:

Sunday, November 12, 1995
	[ ] S1 - Basics of Unix Security
	[ ] S2 - System Administrator Liability 

Wednesday, November 15, 1995
	[ ] W1 - Network Security: The Kerberos Approach
	[ ] W2a - Network Intrusions
	and W2b - Ethics and Systems Administration

-  All payments must be in US dollars;
-  Checks must be drawn on a US bank.
-  Purchase Orders must be paid in full before your registration will
   be released.  Purchase Orders must be paid in full before October
   13th to qualify for earlybird discount.  POs unpaid before November
   1st may result in cancellation of registration.  
-  The Sun User Group does not accept American Express

[   ] Check    [  ] Purchase Order   [   ] MasterCard    [   ] Visa

Credit Card Number:___________________________________________________

Expiration Date:______________________________________________________

Signature of cardholder:______________________________________________



Company Name:_________________________________________________________


Mail Stop/Suite:______________________________________________________

Street Address:_______________________________________________________



Zip/Postal Code:______________________________________________________


Email Address:________________________________________________________


If you must cancel, all refund requests must be in writing and
postmarked no later than October 6, 1995.  Direct your letter to the
Sun User Group office.  You may telephone to substitute another in
your place.


Sun User Group 
1330 Beacon Street
Suite 344
Brookline, MA 02146

Telephone: (617) 232-0514	Fax: (617) 232-1347
Electronic Mail Address:  conference@sug.org
World Wide Web:  http://sug.org

You may FAX your registration form if paying by credit card or
purchase order to (617) 232-1347.  If you FAX registration, to avoid
duplicate billing, do not mail additional copy.  You may telephone our
office to confirm receipt of your fax.