Computers & Security, 14 (1995) 417-427

COMPSEC ‘95 Paper Abstracts

Compsec International ‘95, the Twelfth World Conference on Computer Security, Audit and Control, is being held on the 25-27th October at the Queen Elizabeth II Conference Centre, Westminster, London, UK. The conference is run by Elsevier Advanced Technology, publishers of Computers G Security, and will be chaired by the journal’s Editor. Below are listed the available abstracts for the papers presented at this year’s conference, some of these will appear in full (or in a revised format) in forthcoming issues of Computea G Security.

DAY 1: Wednesday 25th October

KEYNOTE

Title: Future of Internet Security Author: Bill Hancock, Network-l

Internet provides a ‘target-rich environment’ for security breaches and infiltration attempts. To help defeat such activities, many technical resources around the world are working on providing security mechanisms to solve Internet security problems. This paper provides highlights on some of the technologies being developed and discusses the security problems to be solved in the future for users of the Internet.

STREAM 1: Internet

Title: Using Firewalls to Provide Secure Title: Project Satan Internet Access Author: Wietse Venema, University of Eindhoven

Author: John Sherwood, Sherwood Associates SATAN is a non-intrusive network auditing program. Designed to help the system administrator quickly identify and plug well-known network-related security flaws, its unrestricted release to the public has been the

In the wake of the huge publicity that the Internet has received, many organizations are now wanting to connect their corporate networks to it, either as information consumers or as information providers.

Associated with this are some serious information security risks which need to be managed effectively. One way of doing this is to use a ‘Firewall Machine’ to control data flows between the enterprise network and the Internet. This paper explains the concept of a firewall, describes a number of different implementations that are possible, including both tactical and strategic approaches, and explores the residual risks that are not controlled by firewalls. It will provide a valuable overview ofthe subject for those who are responsible for providing secure Internet access for their organizations, and especially for those moving towards the selection and implementation of a suitable solution.

Title: A New Perspective on Firewall Security Author: Eugene Schultz, SRI International

Title: Publication of Vulnerabilities and Tools Author: Sarah Gordon, Command Software Systems

Open systems lend themselves to a variety of exploitations via design and implementation. Publication of vulnerabilities and dissemination of tools designed to exploit systems will be examined. An overview of at least seven tool types and functionalities will be provided with simple explanations of how they work. Finally, we will discuss the changing nature of vulnerability and tool publication.

0167-4048/95/$9.50 0 1995, Elsevier Science Ltd 417