• News
• Events
• Activities
• Publications

• about
• contact
• login

17^th TF-CSIRT Event

The 17^th TF-CSIRT and FIRST joint Event took place in Amsterdam, the Netherlands on 23-26 January 2006, hosted by Cisco.

Schedule

Monday, 23 January 2006: TF-CSIRT day

Tuesday, 24 January 2006: Seminar day and Social event, organised together by TF-CSIRT and FIRST

Wednesday, 25 January 2006: FIRST TC - hands on day

Thursday, 26 January 2006: FIRST SC meeting

List of registered (only via TF-CSIRT webpage)
Local information

Agenda

Monday, 23 January 2006 - TF-CSIRT day

10:00-13:00 Meeting of TI-accredited CSIRTs (closed meeting)

Coffee break (sponsored by Cisco)

13:00-14:00 Lunch Break

17^th TF-CSIRT meeting (afternoon 14:00 - 17:30)

1. Welcome, Introductions and Apologies
2. Approval of Minutes (Lisbon, 16 September 2005) and Status of Action Items
3. ENISA update - Marco Thorbruegge, Andrew Cormack
4. Compulsory Data Retention: Issues for CSIRTs - Andrew Cormack


Coffee break (Sponsored by Cisco)

5. Update on e-coat forum - by Don Stikvoort
6. Update on EC funded projects - GN2/JRA2 progress report - Jacques Schuurman
7. TRANSITS courses - Karel Vietsch
8. IRT object - Wilfried Woeber
9. Update on RTIR working group - Carlos Fuentes
10. Update from the TTC - Andrew Cormack
11. Status of the ToR and other TF-CSIRT work items / deliverables
12. Date and venue of next meetings
13. Any other business

17:30-18:30 Meeting of TI Review Board (closed meeting for TI staff and TI Review Board members only)

19:30 (in the TERENA's office) RTIR Working Group Meeting (closed meeting for CSIRTs participating in RTIR project only)

Tuesday, 24 January 2006 - Seminar (9:30-18:00)

Session 1: (09:30 - 11:00)

• Welcome. Overview of programme. Logistic announcements
• NREN server certificate service - by Jan Meijer, SURFnet
• Presentation about FIRST - by Mike Caudill, Cisco
• Presentation about Sender Policy Framework - by Przemek Jaroszewski, CERT Polska

11:00 - 11:30 Coffee break (Sponsored by Cisco)

Session 2: (11:30 - 13:00)

• SURFnet IDS - A distributed intrusion detection system - by Rogier Spoor, SURFnet
• Solaris 10 security design considerations - by Casper Dik, SUN
• Update on Vulnerability and Exploit Description and Exchange Format WG - by Ian Bryant, CSIA

13:00 - 14:00 Lunch Break

Session 3: HoneyPots and worm detection (14:00 - 15:50)

• Zero-day worm detection - by Herbert Bos, VU, LOBSTER project
• NoAH project - by Klaus Moeller, DFN-CERT
• WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats - by Fabien Pouget, Eurrecom
• An overview of the German Honeynet Project - by Thorsten Holz, German Honeynet Project

15:50 - 16:20 Coffee break (Sponsored by Cisco)

Session 4: Legal sessions (16:20 - 18:00)

• A civil rights' perspective on data retention - by Sjoera Nas, Bits of Freedom
• CSIRT interactions with law enforcement and intelligence services - by Jacques Schuurman, SURFNet
• Reporting Security Vulnerabilities: Defining Best Practices For Industry and Third Party Co-Ordinators - by Tara Flanagan, Cisco
• US Operational Security Exercise - by Charles T. Yun, Internet2

19:00 Social event - sponsored by SURFnet-CERT and GOVCERT-NL