- Email: [email protected]
Managing Network Security: Anatomy of a successful sophisticated attack
Network Security
January 7999
Managing Network Security: Anatomy of a Successful Sophisticated Attack Fred Cohen Computing is operated in almost an universally networked environment, but the technical aspects of information protection have not kept up. As a result, the success of information security programmes has increasingly become a function of our ability to make prudent management decisions about organizational activities. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.
A common misperception The fad these days seems to be cyber-attacks evaluating against information networks. The way this is typically done is to scan a network for known vulnerabilities using a simplistic scanning product. If it tells you you’re fine, great. Otherwise, fix the bugs and you are again safe. This, in my view, is a big mistake. From the limited number of interactions I have had with people about the reasons for this approach, one of the common misperceptions they seem to share is that all bad actors are one-dimensional loners. In my experience, the more serious attackers of today are complex people who interact with groups of like-minded people working toward common goals. As a result, the attackers most organizations model tend to be far more limited than the
16
real world attackers we all face, and thus most organizations consistently underestimate the attackers. In this month’s article, I am going to outline what I consider a typical example of a serious attack undertaken with realistic goals, properly resourced, and executed by professionals. This is fictional in every way but one every specific I will be describing has occurred in a real attack. The fiction come from the way I have combined the facts to generate the specific scenario. It is, I can assure you, quite realistic, and indicative of the sorts of attacks undertaken on an everyday basis by serious attackers.
A typical attack cell An attack cell is a group of people who work together to attack systems. Like the Mission impossible television show, there is
a team leader (we normally call this person Mr Phelps) and there is a selection of team members from which the team leader chooses a group for any given penetration. The successful cell Is a diverse group of people with special skills. By this term we mean that they have, over the years, shown particular aptitudes toward doing things that few others are able to do as well. As important as the individual skills, which many people might have, are the combinations of skills. For example, a good ‘second story’ person w/II have good climbing skills, good rope skills, lock picking and safe cracking skills, good balance, and so forth. Of somewhat higher value are people that combine a wider range of special skills, such as electronics, programming, lock picking and caving. Along with most such special skills are special tools, usually custom-developed by the individuals for their own use. For example, a really fine pick kit Is different than the off-the-shelf rubbish you get at a locksmith, and some people’s custom tools are particularly handy at performing somewhat unusual tasks in a very short time frame. Small, multi-purpose, easily concealed and hard to detect tools are especially nice. In a large, well-funded attack cell, there will be a logistics tail back to a research and development organization that is able to apply far more substantial expertise and resources as needed. For example, a strong scientific research organization is very handy when you need those special tools and capabilities that set you apart from the crowd. Similarly, the logistics
0
1999 Elsevier
Science Ltd
January
Ne fwork Security
7999
tail can be very helpful when you need something special in a pinch, or perhaps a hand up, or some cover when you feel you are near detection, and so forth. If you are government funded, your government also has other special resources such as embassies and diplomatic pouches, and secret research facilities, and ways to obscure the purchase of special equipment and the performance of special tests, and so forth.
The goal Before Mr Phelps selects a team, he is always briefed by the mystery voice on what the mission is. But the real Mr Phelps is more often than not a self-starter with generic long-term goals. Most of the plans are made based on what can be done rather than some special mission assigned at the last minute. On the rare occasions when a special mission is required, it is usually based on prepositioned capabilities that Mr Phelps has developed over a long period of time. The long-term is generally thought of as strategic positioning and the short-term as tactical, We’ll pick a strategic goal for discussion purposes. The strategic goal is to infiltrate and gain a strong cyber-warfare position in a key set of industries of financial and strategic importance to Mystery Electronics Inc. the organization we represent. We’ll call it Mystery from now on. Suppose Mystery is in the cover business of developing and selling electronic devices of all sorts to the world, but it also has an internal cell that is really sponsored by a government.
0 1999 Elsevier Science
Ltd
We’ll choose a tactical goal for this discussion, but it’s important to put this goal in context as a part of the larger operation. As you will see when we talk about the planning and intelligence aspects of this attack, the big picture is truly substantial, Suppose this morning, our cell has decided to go after one of our three key technology focus areas - missile technology - and has focused in on the Mammoth Aerospace Company (MAC) Rocket Motor Technology (RTM) division. Why, you may ask, did they choose this particular target? Simple - because it is now ready for plundering. How did it get there?
The planning and intelligence activity Mystery has had its eyes on MAC for some time - as a customer. Over a period of years, it has systematically built a business relationship with MAC by providing excellent value in electronic components and boards. It has created a strong working relationship the way every business tries to do it, and by now, there are many workers that regularly exchange data and co-mingle on joint ventures. Employees even go from one firm to the other on occasion, often as a result of doing contract work. While Mr Phelps doesn’t have enough control to mandate these sorts of things, one of his cell members has been involved in MAC projects for a number of years and has recently manuevered into the position of becoming a MAC employee working in RTM. Hence, the target selection. We’ll call this employee Jane Doe for now because some of the information provided to RTM about Jane is false and planted information in
particular her name and other identity information. Jane doesn’t have any particularly high level security clearances or anything like that, she just does her job as a marketer - or actually - not. Jane doesn’t do all that much marketing although she has the skill to do it and does it to some extent. Instead, another member of the cell does the drudge work of marketing for her, using dial-in connections as part of the telecommuting programme at RTM and some of Mystery’s facilities. Jane’s speciality is in elicitation. Her special skill is getting along with people, and in the process, getting them to give her information. But for now, she is acting as a marketer and, of course, one of her customers is Motors Are Us (MAU). Naturally, her performance is pretty good because MAU has a cell that is connected indirectly with Mystery’s cell. To put it mildly, the fix is in, Jane spends a good part of her working day being friendly and slightly flirtatious. As a result, she provides a steady flow of interesting information about RTM employees to Mystery. On occasion, she influences a hiring or a firing, she lets Mystery know about who people are temporarily unhappy with their work, she is privy to a lot of pricing and customers information, and so on. As part of Jane’s ‘work from home’, her cell-mate Jimmy regularly cruises the internal Web at RTM, keeps all the administrative E-mail, and generally watches the way network traffic works within RTM. Jimmy uses a secure shell connection over the dial-in provided for Jane to access Jane’s PC at work for work
17
Network Security
purposes, but has also installed a covert link through the network firewall’s Web proxy where he does his dirty work. Over time, Jimmy has planted a series of similar Trojan horses throughout RTM’s internal network, and Jane’s computer has become the entry point of last resort. Jimmy would only burn her in this way if the operation were about to shut down, and she would know well in advance. From these Trojan horses, Jimmy does a pretty good job of both securing the machines against detection of his activities and watching network traffic in RTM. If a real expert took a look, he might be able to figure out what’s going on, but Jimmy hopes not, because, the way things are rigged, in the worst case, they will figure he hacked in from the Internet. When they try to trace him down, he will have plenty of notice because he has installed a radio connection between his actual computers and the local university where he has tapped into the infrastructure to link into the Internet. If anyone gets too close to the radio, its built-in motion sensor will tell Jimmy about it and he will simply move on to his next planted device in the next university down the road.
The execution Today, Mr Phelps decided that it was time to take all of the detailed design information on a new rocket monitor that just passed its first round of field tests at RTM. He told Jimmy what he wanted, and Jimmy assured him that it could be done, but was concerned about the high volume of traffic this would involve and indicated that it would be best for the long-term if
18
January 1999
this could be done over a period of a week or two. Mr Phelps expressed that this would be fine and Jimmy proceeded to prepare his exploit. Jimmy, as you may now have guessed, is not some cracker off the Internet. He is a professional with special skills and adequate funding for his efforts. He also has some support staff that help him get his job done, His first step is to model what he will do by doing it in his practice network deep in the bowels of Mystery’s limited access area. He has already done his homework on what’s in place at RTM and over time has gathered quite a bit of information. He knows what design automation tools RTM uses and he has acquired access to the same tools which are used in some of the design areas at Mystery. He has contacts with engineers at Mystery who use this system every day and will ask the systems administrator in charge of the computer-aided design tools to install the package for him he has tested. He will do all of this legally and pay for the extra license to the design package. After the CAD package is up and running, Jimmy will take the last system configuration information gathered from RTM and customize the CAD system to be as close as possible to RTM’s system as he can get it in a reasonable amount of time. .He will be running the same version of the operating system, all the same packages, and so forth. He already has a very substantial collection of attack tools gleaned from off the Internet and will make sure that he has at least 20 or 30 tools that have been tested and work against the system setup at hand in case he has to break into the operating
system or use other similar techniques to counter unanticipated defences. Jimmy will write a small amount of custom software that extracts the desired information and codes it to look innocuous. His plan is to send out in a few large file transfers to an FTP drop zone account at a company that RTM regularly deals with for design automation. He knows it will not be noticed because it is within the normal traffic pattern between the companies and because the user who runs that drop zone is on vacation for the next two weeks and is not the type to dial in to check E-mail when on vacation, From there, he will transfer it to an unmonitored university account he has broken into, encrypt it, and post it to a Usenet newsgroup. From there, he will pick it up through a small company he has broken into that uses a radio LAN to communicate between computers. The files will be shipping a large volume of paper products to the company and from there retransmitted to Jimmy as he sits at lunch in a bistro a few blocks away from the company. All of the intervening equipment will be sacrificed after this information is pulled.
The escape and aftermath After going through this cycle of theft of information a number of times, Mr Phelps decides that it is time for Jane to move on to another aerospace firm. She does what she did before, getting a new job at another firm, more highly placed, at a higher salary, and taking more and more. After a while, Jane becomes quite adept at marketing and no longer requires any assistance to do that aspect
0 1999 Elsevier Science
Ltd
Network Security
January 7999
of her job. She merely gives shortterm insider access to Jimmy or one of his helpers and provides programatic and elicitation information to Mr Phelps on the subjects he is most interested in while moving into areas of strategic interest to Mystery. The information gained through this process is used primarily for research and competitive advantage. Knowing bid prices is helpful in underbidding now and then, but it must not be made too obvious, just as research will be aided by design files but should not use those files to directly create their own devices, On occasion, Mystery may also use the planted holes to harm RTM or other more directly. For example, selective down-time or corruption of files may be used to degrade RTM’s position in key
areas, In some situations, after Jane has moved on, large numbers of mid-sized electronic funds transfers may be made through foreign holdings and rogue nations. Occasionally, high quality people in RTM or other companies may have their reputations harmed by the creation of false activities attributed to them, or the use of deception to cause them to accidentally do something illegal. Weaknesses identified in employees with access to highly sensitive data may be exploited - but never by Jane herself. Her task is intelligence gathering and she is too valuable to burn for an individual gain here and there.
Conclusions The story you have just read is true, The names and some of the
details have been changed. Jane and Jimmy continue to work for Mr Phelps, and you might recognize them as highly successful members of your teams. They have not been caught, but some others like them have been. In today’s computing environment, technical safeguards alone simply will not work against this sort of threat. While we could have technical protection that was effective against a large portion of insider activity, to date, organizations have been unwilling to apply the necessary resources to be successful. Finding and catching this sort of perpetrator involves a combination of sound management practices in information protection and a solid investigation capability properly applied.
EVENTS INFOSEC AFRICA ‘99
EUROSEC ‘99
2-4 February 1999. Location: Johannesburg, South Africa. Contact: Joanne Yuill, Mantis Networks, PO Box 653005, Benmore, 2010, Gauteng, South Africa; tel: +27 11 784 2640; fax: +27 11 884 2148; E-mail: [email protected].
22-24 March 1999. Location: Paris, France. Contact: lsabelle Hachin, XP Conseil Lefebvre Consultants, 5 Rue Aristide Briand, 92300 Levallois Perret, France; tel: +33 01 41 05 29 00; fax: +33 01 41 05 29 05.
OPEN SYSTEMS SECURITY ‘99 14-18 March 1999. Location: Orlando, Florida, USA. Contact: Adam Lennon, MIS Training Institute, 498 Concord Street, Framingham, MA 01702-2357, USA; tel: +1 508 879 7999; fax: +l 508 872 1153; E-mail [email protected]; Web: http://www.misti.com.
0 1999 Elsevier Science
Ltd
WEBSEC ‘99 23-25 March 1999. Location: London, UK. Contact: MIS Training, Nestor House, Playhouse Yard, London EC4V 5EX, UK; tel: +44 171 779 9844; fax: +44 171 779 8293; E-mail: [email protected].
London, UK. Contact: Richard Harris, lnfosecurity ‘99, Reed Exhibitions, Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1 DL, UK; tel: +44 181 910 7718; Web: http://www.infosec.co.uk. CACS ‘99 2-6 May 1999. Location: Orlando, Florida, USA. Contact: ISACA, 135 S. LaSalle Street, Dept, 1055, Chicago, IL 60674-1055, USA; tel:
Nix & Associates +l 314 645 1455; fax: +l 314 645 4130; E-mail [email protected]; Web: http://www.isaca.org. CARDTECH/SECURTECH
INFOSECURITY
‘99
27-29
1999.
April
Location:
‘99
11-14 May 1999. Location: Chicago, IL, USA. Contact: CTST,
19
January 7999
Managing Network Security: Anatomy of a Successful Sophisticated Attack Fred Cohen Computing is operated in almost an universally networked environment, but the technical aspects of information protection have not kept up. As a result, the success of information security programmes has increasingly become a function of our ability to make prudent management decisions about organizational activities. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.
A common misperception The fad these days seems to be cyber-attacks evaluating against information networks. The way this is typically done is to scan a network for known vulnerabilities using a simplistic scanning product. If it tells you you’re fine, great. Otherwise, fix the bugs and you are again safe. This, in my view, is a big mistake. From the limited number of interactions I have had with people about the reasons for this approach, one of the common misperceptions they seem to share is that all bad actors are one-dimensional loners. In my experience, the more serious attackers of today are complex people who interact with groups of like-minded people working toward common goals. As a result, the attackers most organizations model tend to be far more limited than the
16
real world attackers we all face, and thus most organizations consistently underestimate the attackers. In this month’s article, I am going to outline what I consider a typical example of a serious attack undertaken with realistic goals, properly resourced, and executed by professionals. This is fictional in every way but one every specific I will be describing has occurred in a real attack. The fiction come from the way I have combined the facts to generate the specific scenario. It is, I can assure you, quite realistic, and indicative of the sorts of attacks undertaken on an everyday basis by serious attackers.
A typical attack cell An attack cell is a group of people who work together to attack systems. Like the Mission impossible television show, there is
a team leader (we normally call this person Mr Phelps) and there is a selection of team members from which the team leader chooses a group for any given penetration. The successful cell Is a diverse group of people with special skills. By this term we mean that they have, over the years, shown particular aptitudes toward doing things that few others are able to do as well. As important as the individual skills, which many people might have, are the combinations of skills. For example, a good ‘second story’ person w/II have good climbing skills, good rope skills, lock picking and safe cracking skills, good balance, and so forth. Of somewhat higher value are people that combine a wider range of special skills, such as electronics, programming, lock picking and caving. Along with most such special skills are special tools, usually custom-developed by the individuals for their own use. For example, a really fine pick kit Is different than the off-the-shelf rubbish you get at a locksmith, and some people’s custom tools are particularly handy at performing somewhat unusual tasks in a very short time frame. Small, multi-purpose, easily concealed and hard to detect tools are especially nice. In a large, well-funded attack cell, there will be a logistics tail back to a research and development organization that is able to apply far more substantial expertise and resources as needed. For example, a strong scientific research organization is very handy when you need those special tools and capabilities that set you apart from the crowd. Similarly, the logistics
0
1999 Elsevier
Science Ltd
January
Ne fwork Security
7999
tail can be very helpful when you need something special in a pinch, or perhaps a hand up, or some cover when you feel you are near detection, and so forth. If you are government funded, your government also has other special resources such as embassies and diplomatic pouches, and secret research facilities, and ways to obscure the purchase of special equipment and the performance of special tests, and so forth.
The goal Before Mr Phelps selects a team, he is always briefed by the mystery voice on what the mission is. But the real Mr Phelps is more often than not a self-starter with generic long-term goals. Most of the plans are made based on what can be done rather than some special mission assigned at the last minute. On the rare occasions when a special mission is required, it is usually based on prepositioned capabilities that Mr Phelps has developed over a long period of time. The long-term is generally thought of as strategic positioning and the short-term as tactical, We’ll pick a strategic goal for discussion purposes. The strategic goal is to infiltrate and gain a strong cyber-warfare position in a key set of industries of financial and strategic importance to Mystery Electronics Inc. the organization we represent. We’ll call it Mystery from now on. Suppose Mystery is in the cover business of developing and selling electronic devices of all sorts to the world, but it also has an internal cell that is really sponsored by a government.
0 1999 Elsevier Science
Ltd
We’ll choose a tactical goal for this discussion, but it’s important to put this goal in context as a part of the larger operation. As you will see when we talk about the planning and intelligence aspects of this attack, the big picture is truly substantial, Suppose this morning, our cell has decided to go after one of our three key technology focus areas - missile technology - and has focused in on the Mammoth Aerospace Company (MAC) Rocket Motor Technology (RTM) division. Why, you may ask, did they choose this particular target? Simple - because it is now ready for plundering. How did it get there?
The planning and intelligence activity Mystery has had its eyes on MAC for some time - as a customer. Over a period of years, it has systematically built a business relationship with MAC by providing excellent value in electronic components and boards. It has created a strong working relationship the way every business tries to do it, and by now, there are many workers that regularly exchange data and co-mingle on joint ventures. Employees even go from one firm to the other on occasion, often as a result of doing contract work. While Mr Phelps doesn’t have enough control to mandate these sorts of things, one of his cell members has been involved in MAC projects for a number of years and has recently manuevered into the position of becoming a MAC employee working in RTM. Hence, the target selection. We’ll call this employee Jane Doe for now because some of the information provided to RTM about Jane is false and planted information in
particular her name and other identity information. Jane doesn’t have any particularly high level security clearances or anything like that, she just does her job as a marketer - or actually - not. Jane doesn’t do all that much marketing although she has the skill to do it and does it to some extent. Instead, another member of the cell does the drudge work of marketing for her, using dial-in connections as part of the telecommuting programme at RTM and some of Mystery’s facilities. Jane’s speciality is in elicitation. Her special skill is getting along with people, and in the process, getting them to give her information. But for now, she is acting as a marketer and, of course, one of her customers is Motors Are Us (MAU). Naturally, her performance is pretty good because MAU has a cell that is connected indirectly with Mystery’s cell. To put it mildly, the fix is in, Jane spends a good part of her working day being friendly and slightly flirtatious. As a result, she provides a steady flow of interesting information about RTM employees to Mystery. On occasion, she influences a hiring or a firing, she lets Mystery know about who people are temporarily unhappy with their work, she is privy to a lot of pricing and customers information, and so on. As part of Jane’s ‘work from home’, her cell-mate Jimmy regularly cruises the internal Web at RTM, keeps all the administrative E-mail, and generally watches the way network traffic works within RTM. Jimmy uses a secure shell connection over the dial-in provided for Jane to access Jane’s PC at work for work
17
Network Security
purposes, but has also installed a covert link through the network firewall’s Web proxy where he does his dirty work. Over time, Jimmy has planted a series of similar Trojan horses throughout RTM’s internal network, and Jane’s computer has become the entry point of last resort. Jimmy would only burn her in this way if the operation were about to shut down, and she would know well in advance. From these Trojan horses, Jimmy does a pretty good job of both securing the machines against detection of his activities and watching network traffic in RTM. If a real expert took a look, he might be able to figure out what’s going on, but Jimmy hopes not, because, the way things are rigged, in the worst case, they will figure he hacked in from the Internet. When they try to trace him down, he will have plenty of notice because he has installed a radio connection between his actual computers and the local university where he has tapped into the infrastructure to link into the Internet. If anyone gets too close to the radio, its built-in motion sensor will tell Jimmy about it and he will simply move on to his next planted device in the next university down the road.
The execution Today, Mr Phelps decided that it was time to take all of the detailed design information on a new rocket monitor that just passed its first round of field tests at RTM. He told Jimmy what he wanted, and Jimmy assured him that it could be done, but was concerned about the high volume of traffic this would involve and indicated that it would be best for the long-term if
18
January 1999
this could be done over a period of a week or two. Mr Phelps expressed that this would be fine and Jimmy proceeded to prepare his exploit. Jimmy, as you may now have guessed, is not some cracker off the Internet. He is a professional with special skills and adequate funding for his efforts. He also has some support staff that help him get his job done, His first step is to model what he will do by doing it in his practice network deep in the bowels of Mystery’s limited access area. He has already done his homework on what’s in place at RTM and over time has gathered quite a bit of information. He knows what design automation tools RTM uses and he has acquired access to the same tools which are used in some of the design areas at Mystery. He has contacts with engineers at Mystery who use this system every day and will ask the systems administrator in charge of the computer-aided design tools to install the package for him he has tested. He will do all of this legally and pay for the extra license to the design package. After the CAD package is up and running, Jimmy will take the last system configuration information gathered from RTM and customize the CAD system to be as close as possible to RTM’s system as he can get it in a reasonable amount of time. .He will be running the same version of the operating system, all the same packages, and so forth. He already has a very substantial collection of attack tools gleaned from off the Internet and will make sure that he has at least 20 or 30 tools that have been tested and work against the system setup at hand in case he has to break into the operating
system or use other similar techniques to counter unanticipated defences. Jimmy will write a small amount of custom software that extracts the desired information and codes it to look innocuous. His plan is to send out in a few large file transfers to an FTP drop zone account at a company that RTM regularly deals with for design automation. He knows it will not be noticed because it is within the normal traffic pattern between the companies and because the user who runs that drop zone is on vacation for the next two weeks and is not the type to dial in to check E-mail when on vacation, From there, he will transfer it to an unmonitored university account he has broken into, encrypt it, and post it to a Usenet newsgroup. From there, he will pick it up through a small company he has broken into that uses a radio LAN to communicate between computers. The files will be shipping a large volume of paper products to the company and from there retransmitted to Jimmy as he sits at lunch in a bistro a few blocks away from the company. All of the intervening equipment will be sacrificed after this information is pulled.
The escape and aftermath After going through this cycle of theft of information a number of times, Mr Phelps decides that it is time for Jane to move on to another aerospace firm. She does what she did before, getting a new job at another firm, more highly placed, at a higher salary, and taking more and more. After a while, Jane becomes quite adept at marketing and no longer requires any assistance to do that aspect
0 1999 Elsevier Science
Ltd
Network Security
January 7999
of her job. She merely gives shortterm insider access to Jimmy or one of his helpers and provides programatic and elicitation information to Mr Phelps on the subjects he is most interested in while moving into areas of strategic interest to Mystery. The information gained through this process is used primarily for research and competitive advantage. Knowing bid prices is helpful in underbidding now and then, but it must not be made too obvious, just as research will be aided by design files but should not use those files to directly create their own devices, On occasion, Mystery may also use the planted holes to harm RTM or other more directly. For example, selective down-time or corruption of files may be used to degrade RTM’s position in key
areas, In some situations, after Jane has moved on, large numbers of mid-sized electronic funds transfers may be made through foreign holdings and rogue nations. Occasionally, high quality people in RTM or other companies may have their reputations harmed by the creation of false activities attributed to them, or the use of deception to cause them to accidentally do something illegal. Weaknesses identified in employees with access to highly sensitive data may be exploited - but never by Jane herself. Her task is intelligence gathering and she is too valuable to burn for an individual gain here and there.
Conclusions The story you have just read is true, The names and some of the
details have been changed. Jane and Jimmy continue to work for Mr Phelps, and you might recognize them as highly successful members of your teams. They have not been caught, but some others like them have been. In today’s computing environment, technical safeguards alone simply will not work against this sort of threat. While we could have technical protection that was effective against a large portion of insider activity, to date, organizations have been unwilling to apply the necessary resources to be successful. Finding and catching this sort of perpetrator involves a combination of sound management practices in information protection and a solid investigation capability properly applied.
EVENTS INFOSEC AFRICA ‘99
EUROSEC ‘99
2-4 February 1999. Location: Johannesburg, South Africa. Contact: Joanne Yuill, Mantis Networks, PO Box 653005, Benmore, 2010, Gauteng, South Africa; tel: +27 11 784 2640; fax: +27 11 884 2148; E-mail: [email protected].
22-24 March 1999. Location: Paris, France. Contact: lsabelle Hachin, XP Conseil Lefebvre Consultants, 5 Rue Aristide Briand, 92300 Levallois Perret, France; tel: +33 01 41 05 29 00; fax: +33 01 41 05 29 05.
OPEN SYSTEMS SECURITY ‘99 14-18 March 1999. Location: Orlando, Florida, USA. Contact: Adam Lennon, MIS Training Institute, 498 Concord Street, Framingham, MA 01702-2357, USA; tel: +1 508 879 7999; fax: +l 508 872 1153; E-mail [email protected]; Web: http://www.misti.com.
0 1999 Elsevier Science
Ltd
WEBSEC ‘99 23-25 March 1999. Location: London, UK. Contact: MIS Training, Nestor House, Playhouse Yard, London EC4V 5EX, UK; tel: +44 171 779 9844; fax: +44 171 779 8293; E-mail: [email protected].
London, UK. Contact: Richard Harris, lnfosecurity ‘99, Reed Exhibitions, Oriel House, 26 The Quadrant, Richmond, Surrey, TW9 1 DL, UK; tel: +44 181 910 7718; Web: http://www.infosec.co.uk. CACS ‘99 2-6 May 1999. Location: Orlando, Florida, USA. Contact: ISACA, 135 S. LaSalle Street, Dept, 1055, Chicago, IL 60674-1055, USA; tel:
Nix & Associates +l 314 645 1455; fax: +l 314 645 4130; E-mail [email protected]; Web: http://www.isaca.org. CARDTECH/SECURTECH
INFOSECURITY
‘99
27-29
1999.
April
Location:
‘99
11-14 May 1999. Location: Chicago, IL, USA. Contact: CTST,
19