Security Session - Abstracts

Title: Security Policy & Best Practice Guidelines

Security has become a very important issue, especially with the advent of networks, Internet and the need to share information. There are basically two issues to contend with. One is the need to make information available to as many people as possible. On the other hand, information falling into the wrong hands and misused may bring undesirable consequences. Hence the need for control of information and resources.

One way of controlling information in an organization is via adopting a security policy. To use a security policy, it must be well planned, explained to all those affected, implemented properly and reviewed from time to time. In this presentation, we will discuss some of the general guidelines that can be used to plan and design a security policy. Among other aspects, we will touch on policy framework, levels of trust, types of participants, user perceptions, levels of control, user acceptance, remote access, information protection, virus protection and password control.

CSIRT cooperation in Europe: past, present and future
Jan Meijer, SURFnet/TF-CSIRT

The TF-CSIRT Task Force is established under the auspices of the TERENA
Technical Programme to promote the collaboration between Computer
Security Incident Response Teams (CSIRTs) in Europe. The aim of the
Task Force is:

* to provide a forum for exchanging experiences and knowledge
* to establish pilot services for the European CSIRTs community
* to promote common standards and procedures for responding to
security incidents
* to assist the establishment of new CSIRTs and the training of
CSIRTs staff.

The activities of TF-CSIRT are focused on Europe and neighbouring
countries, in compliance with the Terms of Reference approved by the
TERENA Technical Committee on the 3rd of June 2002.

The presentation will give an overview of the history of the TF-CSIRT,
past activities and results, current work in progress and planned work.

About most of the activities an shor summary will be given, the
Trusted Introducer service however will be handled in more detail.

Title: Honeynet Introduction
Tang Chin Hooi, APAN Secretariat

The Honeynet Project ( is volunteer, non-profit research organization dedicated to
learning the tools, tactics, and motives of the blackhat community and sharing the lessons learned.
The primary tool used to gather this information is the Honeynet. The main objective of this presentation is to
discuss what a Honeynet is, its value, an overview of how it works, and the risks/issues involved.

Title: DDoS detection and response
Yoonjoo Kwon, KISTI

These days, DDoS attacks are being appeared continuously. In February 2000, many world’s largest e-commerce sites, such as Yahoo, Amazon and so on, were brought offline for several days by DDoS attacks. On January 25, 2003, a DDoS attack, due to vulnerabilities of MS-SQL, stopped the national backbone network and resulted in a network crisis in Korea.
In KREONET(Korea Research Environment Open NETwork), we have monitored amount of network traffic using flowscan and flowscan+ since 2001. We have frequently detected DDoS attack. So far once we detected DDoS attack, we did reaction by manual configuration of routers. But it was so slow that we couldn’t prevent propagation of DDoS attack. So we developed automatic DDoS detection and defense system, NetWRAP(NetWork Resource Abuse Preventive)..
In this presentation, I will talk to you about introducing NetWRAP system.









Security BoF - Abstracts

Title: Security System for KOREN/APII-Testbed
Sungkwan Youm, Korea Univ.


Recently the High-speed Backbone Network suffers from DDoS traffic or an anomaly attack. It is indispensable to monitor traffics to detect an anomaly attack. The research issues of the KESG (KOREN Engineering Study Group) consist of routing analysis, measurement, e2e performance measurement and security. We study and analyze traffic gathered by the router at KOREN. We analyze edge traffic to get pattern of anomaly traffic and knew the characteristic of their traffic. This presentation includes the deployment of attack defense system to KOREN for improving security, the security system design & algorithm proposal, dynamic & adaptive detecting algorithm & system which detects and defends attack, the implementation of signature detector.