Date: Tue, 15 Jun 1999 11:03:39 -0700 To: letters@lwn.net From: Laura LeHew <laura@deer-run.com> Subject: Call for Papers SANS 1999 Workshop On Securing Linux Call for Papers SANS 1999 Workshop On Securing Linux December 15-16, 1999 San Francisco Deadline June 28, 1999 Note: Best proposal will get a free trip to San Francisco to present their paper at the conference Conference Objective Topics Who Should Submit a Proposal How to Submit a Proposal Questions Program Sponsors LINUX is winning! Where other new operating systems failed, LINUX is gaining converts among users and vendors at an increasing rate, proving that the community of computer users can create extraordinarily valuable tools. At the same time Linux systems are the targets of a huge number of successful attacks. There is debate over the causes of storm of Linux security incidents, but whether it is the operating system's immaturity or the carelessness of its users, continued growth demands that Linux users and the developer community meet the security challenges. An important initiative was launched at SANS99 in Baltimore. Linux experts from more than a dozen universities are jointly creating a hardened version of Red Hat Linux, in a project named Bastille Linux. They are fixing the default configurations and adding security features so the university administrators will feel safer distributing Linux to students. Information on the project may be found at http://www.bastille-linux.org/ . Every person who attends the Securing Linux Workshop will be given a copy for adaptation and/or redistribution. There's more that can and is being done to make Linux systems less vulnerable. If you are one of the people who have developed home-grown solutions or are one of the developers of a more secure version of Linux, please submit a proposal for the Securing Linux Workshop. If you have solutions (even partial ones) we welcome your input. The 1999 SANS San Francisco Network Security Conference is being held concurrently with the Intrusion Detection & Response Training Conference, where the nation's top network security and intrusion detection experts, people like Stephen Northcutt, Gene Schultz, Randy Marchany, Ed Skoudis, and many more will be teaching in-depth, full-day, intense courses for security practitioners. We hope that you will consider joining the Securing Linux Workshop to extend this tradition of quality by submitting a proposal for: A paper focused on practical solutions (2-10 pages) along with a presentation (25 or 50 minutes) other types of presentations (panels, demonstrations, mini-tutorials, etc. - 15-90 minutes in length) Even if you choose not to submit a short paper and presentation, we hope you will join us in San Francisco on December 11 - 16, 1999 for the workshops and courses that you feel will be helpful in meeting your professional needs. Course titles and a preliminary schedule will be posted to http://www.sans.org around July 15, 1999. Topics Any topic that you feel would provide immediate pragmatic information on Linux security to an assortment of researchers, practitioners, and observers coming to the workshop is invited. Here are a few topic groups that might give you ideas, but submissions are by no means confined to these: Hardening the Operating System Improving Practices and Procedures Risks Particular to Linux Systems Configuration Errors Silly Things Users Do Good New Tools Bad Tools New or Old Automating Installation to Reduce Risks Network-Based Intrusion Detection Host-Based Intrusion Detection Vulnerability Analysis Who Should Submit A Proposal and Why Should You Anyone who has done useful work in improving the security of Linux systems is invited to submit a proposal. The recognition afforded by being chosen to present some of your work can be a marvelous avenue of professional growth and can yield results throughout many aspects of your career. If you have a solution that you would like to share, please consider taking the time to write it up and submit a proposal to SANS. Being selected to be a part of the SANS faculty gets you more than just the rare ID&R-Securing Linux polo shirts. It also conveys an appreciation of the value you are contributing to the field. You don't have to be solving the largest problems in order to have your proposals accepted. We are looking for a wide variety of proposals and encourage you to submit one even if you are not sure of its worth. Besides the distinctive polo shirts, authors also earn substantial discounts on conference and tutorial attendance. If you are a vendor, please consider joining the SANS evening vendor presentation program. Contact daragh@sans.org for opportunities to present technical aspects of your products to SANS participants in a variety of venues. How To Submit A Proposal Send an email to laura@deer-run.com with the subject `Securing Linux Proposal'. Submissions will only be accepted in any of the following formats: PDF, Word '97, PowerPoint '97, ASCII text, or HTML. Deadline for submission is June 28, 1999. Please include the following items: Your Name Preferred email Phone Fax Employer Surface mail address The title of your proposed presentation The length (25 minute presentation with 2-5 page paper or an alternative format). At least three paragraphs containing: The specific challenges or problems the presentation will help the audience solve. The approach you used including any specific tools you created or used The evidence you have that proves that your approach works well and can be used by other people. SANS has made great strides in the past few years and is now recognized as one of the two most useful learning opportunities in the system administration, networking, and security field. This year, SANS is introducing policies that will enable us to continue to earn quality accolades: All presentations focus on actual challenges faced by system administrators, security professionals, and network managers. All presentations provide practical solutions that can be implemented immediately. All daytime presentations are free of vendor bias (except the panels in which multiple vendors are speaking together and will `correct' one another). Vendors and their representatives are welcome to present in the SANS evening program. All presenters will be given opportunities to ensure their presentation skills are the best they can be: through pre-conference training Programs, coaching-on-request for content and speaking, and/or audio tape exchange. Questions Please contact laura@deer-run.com with questions. Program Committee Chairs Alan Paller, The SANS Institute Jon Lasser, University of Maryland Baltimore Campus