[Seattle-SAGE] Next meeting is Thursday, October 13

Scott McDermott scottm at octaldream.com
Mon Oct 10 06:00:00 PDT 2005

The next Seattle SAGE meeting is Thursday, October 13, 2005 at 7pm.

FREE FOOD! There will be refreshments sponsored by Silicon Mechanics.
Check them out at http://www.siliconmechanics.com/

There will also be several CACert assurers present.

The meeting will be at the Electrical Engineering building on the University
of Washington Campus, aka EE1. Directions are linked to the EE Department's
web site below. Parking is $4 after 4pm.

  Next meeting: Thursday October 13, 2005 at 7:00 PM
         Topic: Network Security Monitoring with Sguil
       Speaker: James Affeld <jamesaffeld at yahoo.com>
      Location: Department of Electrical Engineering (EE1 Building)
                University of Washington
                Seattle, WA
    Directions: http://www.ee.washington.edu/directions.html
      Web Site: http://www.seattle-sage.org/
Talk Abstract:

The discipline of Network Security Monitoring is a specific and structured
approach to the problem of detecting hostile network traffic.  It uses
statistical sources, session/flow data, full packet capture, and alerts
from intrustion detection systems.  The sguil analyst console ties
session, packet capture, and Snort alerts into one functional console with
a mysql back-end.  It presents a convenient way to tie the different
sources of data together for correlation, leading to faster resolution of
events.  It's cross-platform, running anywhere tcl/tk runs.  Presentation
is based on my experience at South Seattle Community College and previous
positions, and Richard Beijtlich's book _Tao of Network Security

Speaker Bio:

James Affeld is the network administrator at South Seattle Community College.

His Unix experience started with a shell account on Eskimo North about 12
years ago. He attended a one year LAN administration program here at NSCC in
1992/93 where he worked in the HP3000/9000 lab and where he hopes everyone
has forgotten about that little incident...

He's been doing network administration ever since, apart from a brief
interlude doing freelance stress testing "Age of Empires" while a contract
tester at Microsoft for SMS 2.0.

In November 2003 He attended the SANS Intrusion Detection course, and
obtained his GIAC GCIA certificate in July 2004. This summer he led a Local
Mentor edition of the class.


This is FREE and open to the public and a wonderful opportunity.

The Seattle SAGE Group (SSG) is a local group for systems & network
administrators in the Seattle and Pacific northwest areas (North
Western Washington). We are a local chapter of SAGE, but SAGE / USENIX
membership is not a requirement.  We sponsor a regular monthly meeting
open to the public on the second Thursday if each month at 7 p.m.

Check out our Web site for more information:

More information about the Members mailing list