Sent: Friday, 22 July 2005 9:28 a.m.
Subject: Network Security Seminar next Tuesday

        Computer Science (INRG) / ITSS   **SEMINAR**      

         Abe Singer, San Diego Supercomputer Centre

               "Security without Firewalls"
                           and
          "Logging Infrastructure and Log Analysis"

               Two talks on  Network Scurity


When:   10:15 - 11:45 am,  next Tuesday,  26 July 05

Where:  Computer Science (i.e. Science Centre Extension) room 279


Abe Singer is a member of the Security Technologies Group at the San
Diego Supercomputer Center.  In providing operational security for the
Center, he participates in incident response and forensics, and is
expanding the SDSC logging infrastructure. His research is in pattern
analysis of syslog data for data mining.  Abe is the author of
"Building a Logging Infrastructure" (SAGE, 2004. http://www.sage.org),
and is currently writing a book on Log Analysis, due out around
January 2006.


               "Security without Firewalls"

Firewalls are popularly believed to be the "correct" approach to
effectively securing a network.  However, there is little practical
basis for these beliefs, and the San Diego Supercomputer Center's
track record, while not perfect, has demonstrated that there are other
methods to securing networks that may be more effective.  This talk
will explain some of the common myths and realities about security
practices, and how SDSC maintains a pretty robust environment.


If time permits Abe will also present

       "Logging Infrastructure and Log Analysis"

Syslog data contains a wealth of information about activity on a Unix
system, which can be used for a variety of things from managing
resource utilization to intrusion detection.

Data mining this information could reveal interesting things about a
system, such as indications of an attack or intrusion.  Basic
analytical techniques such as baselining/thresholding and anomaly
detection alone would be useful for detecting "interesting" activity.

However, Raw syslog data does not lend itself to these analysis
methods.  Syslog messages are free-form text, without any information
which identifies message class or attributes.

In order to apply data mining techniques to syslog data, one needs
classifiers which can uniquely identify messages and their attributes.
Furthermore, it seems that the number of classifiers needed is large
enough that they cannot be set up manually.  Abe has been working on a
methods of auto-generating these classifiers, and will present the
results he has achieved so far.

-----------------------------------------------------------------------