Windows NT Security-Related Vulnerabilities
E. Eugene Schultz - Global Integrity
Mar 05, 1999
AbstractAny product, no matter how well designed and implemented, has security-related vulnerabilities; Windows NT is no exception. The fact that so many of these vulnerabilities have emerged in the relatively short time since Windows NT's original release is noteworthy. This presentation describes a taxonomy of Windows NT vulnerabilities, providing specific examples within each category.
About the SpeakerDr. Eugene Schultz, CISSP, is the Research Director and Trusted Security Advisor with Global Integrity Corporation, a wholly-owned subsidiary of Science Applications International Corporation (SAIC). In this role he conducts research and consulting activities and provides strategic guidance to corporate clients. He is also a Visiting Scientist in the Computer Science Department at Purdue University as part of his research activities.
An expert in Windows NT, UNIX, and network security, Dr. Schultz is a member of the faculty of the Computer Security Institute and SANS (System Administration and Network Security). He has co-authored two books (UNIX: Its Use, Control and Audit and Internet Security for Business) and over 80 published articles, and is a contributing editor to Network Security in addition to being a member of IFIP Working Group 11.4 (Network Security). His new book, Practical Windows NT Security, will be released early this year.
He has received numerous professional awards, including the NASA Technical Innovation Award, Best Paper Award for the National Information Systems Security Conference, and Information Systems Security Association (ISSA) Career Achievement Award. Dr. Schultz has also provided expert testimony for the U.S. Senate.
Before coming to Global Integrity, he was the Principal and Infomation Security Practice Leader for SRI Consulting, where he also served as Program Manager and Research Director for the I-4 (International Information Integrity Institute) Program. Dr. Schultz was also previously a Principal Security Engineer with ARCA Systems, the Project Manager and founder of the Department of Energy's Computer Incident Advisory Capability (CIAC) at Lawrence Livermore National Laboratory, and Group Leader at the Jet Propulsion Laboratory. He has presented over 100 talks, including numerous keynote addresses, at a variety of conferences throughout the world.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.