UniForum '96 Preview: Security and Mission-Critical Systems Track Sessions

In-depth discussions, plus case histories

How do we keep information available for the "good guys" and away from the "bad guys"? How can we take advantage of the latest IT products and techniques while still protecting the applications and data that drive our businesses? What impact does open systems and interoperability have on corporate security and mission- critical applications?

These questions and more will be discussed in a series of track sessions on security and mission-critical systems at UniForum '96, Feb. 14-16, in San Francisco. This year's security track is chaired by Jim Schindler, Information Security Program Manager at Hewlett-Packard and James Bell, Director of Corporate Alliances, Hewlett-Packard. The track on mission-critical systems is chaired by Bill Bonin, Director, Worldwide SAP Program, at Hewlett-Packard.

Schindler and Bonin report that sessions will present a mix of general information and specific case histories that show the practical strengths and limitations of today's security and mission-critical technology. "We're very proud of our panelists and their hands-on experience in the industry," Schindler and Bonin say, adding, "Session topics will also cover an enormous range of IT technology, so the tracks will be able to offer something for everyone."

Advanced security

Two security sessions will be devoted to cryptography and related issues such as U.S. export policy concerning weak and strong encryption. Panelists will discuss the advantages and disadvantages of public and private key systems, including cryptographic algorithms, cryptographic keys, and distribution systems. Discussions will cover the criteria that should be used when selecting cryptography for a corporate environment.

Cryptography for sophisticated users and environments will also be analyzed, with an emphasis on the use of advanced cryptography for authentication, digital signatures, and non-repudiation. The advantages and disadvantages of key escrow alternatives such as the Clipper Chip initiative will be covered in depth.

Another session will concentrate on the role of security as it relates to electronic commerce. Issues discussed will include vulnerabilities and threats, protecting transactions from unauthorized access and modification, and auditing.

Strengthening and analyzing system security will be covered in several sessions. Attendees will learn about techniques for Internet connection security such as firewalls. Are they in fact the best solution? Are there alternatives to firewalls? Panelists will discuss the features and functionality to look for when selecting security technology.

The discussion on security analysis will focus on various metrics related to the measurement of operating system security. Some of these metrics will include the Trusted Computer System Evaluation Criteria (the Orange Book or TCSEC), the Information Technology Security Evaluation Criteria (ITSEC), and the Common Criteria. Discussions will compare and contrast the various security criteria and selected security profiles such as C2, B1, CMW, F(C2)/E2, Commercially Oriented Functionality Class (COFC), etc. Other track sessions will provide attendees with a comprehensive look at advanced security technology, including selected security research activities, what they mean to corporate MIS, and when they might be available. Topics will range from secure microkernels to future technology trends.

The distributed computing environment (DCE) security session will focus on the current and future security features of DCE and what it means to you. Topics will include Kerberos and DCE tools. Different points of view will be discussed including perspectives from both end-users and vendors.

The session on Internet security will cover various threats and vulnerabilities, hacker tools such as SATAN, the roles of various response organizations such as CERT and CIAC, and what corporations should do if their information system has been hacked.

Smartcards are being used extensively in many places throughout the world. The session on smartcards will examine the impact this technology will have on businesses in terms of security. Another session on confidentiality will examine accessibility, auditability, and the best way for management to enforce security on the corporate "Intranet."

When you "bet the business"

In today's information-intensive business world, the term "mission-critical" applies to more and more parts of the corporate information system. The mission-critical systems track will provide attendees with tools and information concerning redundancy, back-up, and maximum uptime.

Sessions will cover client/server performance monitoring on the network, plus ways to determine how much fault tolerance is enough and what it might cost. Other sessions will concentrate on issues involving around-the-clock support in open systems, including failure rates, recovery procedures, and the measurement of service levels in client/server systems.

Process models for maximizing uptime in client/server environments will be explored, as well as technologies such as crypto-routers. Other sessions will discuss tools which monitor constraints in real time and predict the consequences of load changes for mission-critical environments.

Low-cost, high-bandwidth asynchronous networking will be examined in detail, and a comprehensive overview will be given of important topics in the field of secure transactions in distributed systems.

Networking and DCE as they relate to mission-critical issues will be covered in detail. Discussions will include accelerating and monitoring transactions on high-performance Unix servers, as well stories from actual users of DCE concerning their experience with DCE-based distributed environments.