Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
SANS Training and GIAC Certification Update 20
- From: The SANS Institute
- Date: Tue Mar 30 00:36:20 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Colleague,
I want you to get the most out of SANS and GIAC and that is the purpose
of this note. While I do have friends and coworkers double-check what
I write for accuracy, please understand that this is a personal note
from me and may not accurately reflect the philosophy and thoughts of
the other 48 employees of the SANS Institute. Please also note that I
am heading off to SANS 2004 shortly, and will fall a bit behind on my
email until on or after April 10, but will try to answer each person as
soon I can. S. N.
CONTENTS:
1. Preliminary Call for Demonstrations
2. Courseware Module Authors Needed
3. Stephen's Pick for Small Class Size
4. Local Mentor Program (LMP)
5. GIAC Certification
6. Future Direction for Courseware Development
7. Free electronic Newsletters from SANS
8. Intrusion Prevention Hands-on
9. Webcasts
10. Book Callout
11. Contracts Matter!
12. Incident Handling: Real-Time Inter-Network Defense
13. Update Business Continuity Planning to Version 2.1
14. SANS Alumni Program
1. Preliminary Call for Demonstrations:
Network Security 2004, Sep. 29 Oct. 4, Las Vegas
I am not sure if I am fully onboard with the whole megaconference event
concept, but the number of sellouts and second seating at SANS2004 tell
us mega is what you want! So, if that is what you want, then we will
build it. Therefore, NS2004 Las Vegas will be the biggest SANS event in
history. Seventeen tracks are scheduled to be offered, including three
that are being presented for the first time. We want to offer a packed
range of evening activities. The show floor and the section where
vendors' booths are placed will be ringed by skyboxes. We will run the
Intrusion Prevention (IPNET) on the floor and I would love to run
demonstrations and short pragmatic talks in the skyboxes, preferably
talking about what they are doing on the network.
As you know, giving a presentation at a prestigious conference like
Network Security can be one of the best ways to get the boss to approve
a trip to Vegas. If you are skilled with a tool or technique that does
something with network traffic, whether generating or analyzing, and
you are interested in giving a short presentation followed by a
demonstration to 30 - 50 people, then please give me a shout,
Stephen@sans.org
Here are some examples to get the juices flowing:
- - A demonstration of a network analyzer showing the traffic on the
network. Perhaps this could be done in concert with a friend that is
attacking the targets on the IPNET.
- - A demonstration of a traffic generator showing monitoring points along
the network.
- - A demonstration of an application security device, such as a layer 7
web firewall when it comes under attack.
Extreme preference for these slots will go to folks who have won the
coveted "I Hacked The Net" T-shirts.
2. Courseware Module Authors Needed:
In last month's status report, I sent out a call for authors to help
with writing SANS Operations Essentials, which is the rollout,
configuration management, performance tuning cousin to SANS Security
Essentials. To be candid, it did not go so well. Most of the outlines
looked like they were lifted straight out of the CISSP study guide.
So, here's a thought, if you are on the operations side of the house,
(not security, operations), have a technical, pragmatic view of life,
you are willing to write original material based on your experiences,
and are interested in being part of the research and writing team drop
me a note. Perhaps the best way to approach this is to think about a
procedure you currently have in place, if you think we could expand on
this procedure so that we may help others, please contact me and let's
give it a try. Stephen@sans.org
3. Stephen's Pick for Small Class Sizes:
Security Essentials Bootcamp Style has been going nuts lately and until
I can get more capacity into the field, you are going to find fairly
large classes. One opportunity to consider for both Track 1 and Track
4 is our Vancouver, Canada retreat, May 3 - 9. This is also your best
bang for the buck if you have to travel, take a look at the webpage and
do the math!
http://www.sans.org/vancouver04/
Please note: SANS cannot assume responsibility if your system
administrators put sans.org in their spam filters and we cannot get your
registration data or laptop requirements to you.
4. Local Mentor Program (LMP)
Have you considered the Local Mentor Program? LMP is a hybrid of online
training and a series of meetings with a trained mentor to ask questions
or perform hands on exercises. These run all over the world, it might
be your opportunity to receive SANS quality training without having to
travel. This is one way we can offer you a small class size for Security
Essentials. Classes run for 11 weeks. Track 1 is available in the
following places starting between now and May:
- - Altoona, PA - Tuesday, April 6, 2004, 7:00pm - 9:00pm
- - Appleton, WI - Monday, April 26, 2004, 7:00pm - 9:00pm
- - Atlanta, GA - Wednesday, May 19, 2004, 7:00pm - 9:00pm
- - Austin, TX - Tuesday, May 4, 2004, 7:00pm - 9:00pm
- - Boca Raton, FL - Thursday, April 29, 2004, 7:00pm - 9:00pm
- - Burlington, WA - Thursday, April 22, 2004, 7:00pm - 9:00pm
- - Canberra, Australia - Monday, May 3, 2004, 6:30pm - 8:30pm
- - Department of Commerce - Ongoing Training
- - Fredericksburg, VA - Thursday, May 6, 2004, 6:00pm - 8:00pm
- - Intel Internal Class - Thursday, May 6, 2004, 6:00pm - 8:00pm
- - Missoula, MT - Monday, March 29, 2004, 6:00pm - 8:00pm
- - New York, NY - Wednesday, March 31, 2004, 6:00pm - 8:00pm
- - Padova, Italy - Tuesday, April 6, 2004, 7:00pm - 9:00pm
- - Panama City, Panama - Monday, April 12, 2004, 6:30pm - 8:30pm
- - Phoenix, AZ - Thursday, March 25, 2004, 6:00pm - 8:30pm
- - San Diego, CA - Tuesday, March 30, 2004, 7:00pm - 9:00pm
- - St. John's, Newfoundland - Tuesday, April 13, 2004, 7:00pm - 9:00pm
- - Santa Cruz, Bolivia - Monday, May 10, 2004, 7:00pm - 9:00pm
- - Underdale, Australia - Friday, April 16, 2004, 7:00pm - 9:00pm
- - Vancouver, BC - Tuesday, March 30, 2004, 7:00pm - 9:00pm
For other tracks, or the latest information email lmp@sans.org or visit
http://www.sans.org/local/
5. GIAC Certification:
GSNA Candidates, I must apologize. We want our GIAC certifications to
be hard and to really mean something. We have all seen what can happen
when certifications do not guard their value. However, we can also go
too far in that direction. Last week, a student wrote to SANS and
mentioned that his GSNA practical had failed, and that he had run it by
a lead auditor and was told it was pretty good. After a while, you
develop a sixth sense for when you are being played, yet no alarm bells
were ringing, and so I started looking at the statistics. One grader
invoice listed seven failed practical out of nine; and then another nine
out of eleven! I started looking at the individual practical, and to
my horror, one of them was a Cisco router audit, 166 pages long and it
was clean, well-done and accurate, but we failed it.
Friends, I have two things to say, first, this is all my fault, and I
take full responsibility as the Director of GIAC Certification.
Secondly, we are going to make this right. We will not dilute the
certification, we will not allow a practical that does not meet the
standard to pass, but we are going to make this right. I have asked
Gary Anderson, lead grader and chair of the GSNA advisory board for
help. The graders all realized something terrible has happened, we are
nit picking (amazing this happened with our audit certification isn't
it?) instead of looking at the bigger picture, and with Gary's leadership,
have began to re-evaluate the failed practicals.
We are in the process of re-evaluating any practical that scored a 50
or higher. There are 25 of these. Also, if your first submission
failed but it was above a 50, GIAC would be happy to offer you a coupon
for $500.00 off a future SANS course for you or a co-worker; the coupon
will be good for a year. If you have any questions, please contact
Lara@giac.org.
6. Future Direction for Courseware Development
I do not want to belabor this point, but we have a fairly large change
coming. There is just too much teaching content to continue organizing
courses as tracks. So, we will be transitioning to a college course
catalog model for both certifications and certificates. Post SANSFIRE
2004, we will begin referring to a course by its Discipline, Title,
College Level of Difficulty, and Number of credit hours. For example,
Track 7, Advanced Audit and GSNA certification, a 6 day course with a
practical assignment easily rated for 40 hours homework might be:
Audit, Advanced Technical Audit, 507, 3
The level and the credit hours enable you to see at a glance the
relative differences in completing the certification/certificate of the
two offerings. This scheme will be replacing our tracks system in the
future and will position us for the growth in courseware offerings we
anticipate over the next 18 months. A list of the new style
descriptions is shown below:
Discipline - Title/Course Number/Credit Hours
Security - SANS Security Essentials Bootcamp Style/401/4
Security - Firewalls, Perimeter Protection & VPNs/502/3
Security - Intrusion Detection In-Depth/503/3
Security - Hacker Techniques, Exploits & Incident Handling/504/3
Security - Securing Windows/505/3
Security - Securing Unix & Linux /506/3
Security - Auditing, Networks, Perimeters & Systems/507/3
Security - System Forensics, Investigations & Response/508/3
Security - Intro to Information Security/301/3
Audit - IT Security Audit Essentials/410/3
Audit - SANS 17799 Security & Audit Framework/411/3
Managerial - SANS Security Leadership Essentials for Managers/512/3
Managerial - Security Consultant/513/3
Managerial - CISSPR 10 Domains +ST/414/3
Operations - Securing LAMP Web Applications/615/3
Operations - .NET Security/616/3
Audit - DITSCAP/417/3
7. Free electronic Newsletters from SANS
We now have five electronic newsletters and all are available by email
or RSS.
- - NewsBites summarizes the most important news in our industry.
- - @Risk provides the most well researched vulnerability management
information available. (RSS feed coming soon.)
- - PrivacyBits delivers a globally focused update of the rapidly
changing privacy field.
- - AuditBits is a quick source to stay abreast on new issues in the
audit world.
- - NetworkBits is sponsored by our Network Security (NS) conference
series and covers late breaking information about network news, design
and implementation.
To subscribe or view the archived newsletters please visit
http://www.sans.org/newsletters/
8. Intrusion Prevention Hands On April 6 - 7, 2004
There are still seats available in one of our most advanced courses;
Bill Stearns will be presenting 'Intrusion Prevention -- Hands On' April
6 - 7 at Disneyworld. Learn to configure and run the open source
Intrusion Prevention system Modwall. In addition there are labs
designed to show how to operate the device with the appropriate degree
of operational rigor for an active defense system. These include tools
such as rpmbuild, rt and Tripwire. The diligent and prepared student
will leave with a pragmatic IPS background and skills that can be
employed at your workplace the day you return. Students should be
familiar with Linux, Snort rules and basic firewall concepts and
commands.
http://www.sans.org/sans2004/description.php?tid=28
9. Upcoming Complimentary Webcasts:
Tool Talk: PGP
April 1, 2004, 12:00PM EST
The information explosion has created a massive amount of sensitive data
that is improperly protected. Although Secret and Top Secret information
classifications are governed by rigorous standards and procedures,
Sensitive but Unclassified (SBU) information is governed by fewer
protective measures This webcast will explain SBU information, look at
best practices for protecting it, and explore how PGP(R) Universal
simplifies, controls, and audits this process.
http://www.sans.org/webcasts/show.php?webcastid=90505
Steganography: Creating and Detecting Hidden Messages
April 7, 2004, 1:00PM EDT
In today's cyberworld, steganography provides a mechanism whereby any
type of digital information can be hidden inside image and audio files.
While useful for digital watermarking and enforcing one's copyright of
digital information, steganography also provides a means whereby
criminals, terrorists, and others can communicate in a practically
undetectable fashion. This presentation will describe common
steganography methods and demonstrate some well-known steganography
tools.
http://www.sans.org/webcasts/show.php?webcastid=90476
Internet Storm Center: Threat Update
April 14, 2004, 1:00PM EDT
Tune in for a discussion on recent threats observed by the Internet
Storm Center (ISC), and new software vulnerabilities or system exposures
that were disclosed over the past month. There will also be a discussion
on email fraud detection and prevention, anatomy of a phishing scheme
and current approaches to fighting email fraud.
http://www.sans.org/webcasts/show.php?webcastid=90487
10. Book Callout
Exploiting Software: How to Break Code (ISBN 0-201-78695-8) by Greg
Hoglund and Gary McGraw.
This book doesn't need me to introduce it, I see it was ranked 408
overall on Amazon. If you are willing to invest some time in reading
Ed Skoudis/Lenny Zeltser's 'Malware' and Greg Hoglund/Gary McGraw's 'Exploiting
Software', you will have acquired a great deal of cutting edge practical
knowledge. If you do buy either one, I have one piece of advice: Budget
the time to read them, a good book on the shelf gains you nothing; a
good book in your brain will gain you a lot!
https://store.sans.org/recommended.php
11. Contracts Matter!
One of the hardest problems in information technology is to get the job
done right when there is a bad contract. We are often part of the
problem, we tend to pride ourselves on being technical and when the boss
asks us to review a contract, we flip through it and move on to the
things we like to do, possibly offering a superficial comment or two.
And then, later, we find we have to live with that contract. Purchases
happen, outsourcing happens and contracts matter. There are famous
stories like the National Missle Defense contract not properly
specifying security, or the USPS outsourcing their networking and
forgetting the critical security clauses, but it happens on a smaller
scale every single day. A security professional must understand the
fundamentals of contracts to be effective; it is that simple. SANS has
requested that Ben Wright, our most popular attorney instructor, develop
an up to date course on the essentials of contract law sensitive to the
current legislative requirements. So I ask two things of you today,
first, when your boss asks you to review a contract, take the assignment
seriously, you are going to have to live with that contract. Second,
please take a moment to read the course description below and if this
is an area you need training in, get yourself into school!
"Contracting for Data Security and Other Technology"
Compliance with many of the new data security laws requires contracts.
Because IT pulls together the products and services of many vendors,
consultants and outsourcers, enterprises need appropriate contracts to
comply with Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, EU Data
Directive, California Senate Bill 1386 and others.
IT security professionals are becoming more deeply engaged in
negotiating, interpreting and managing contracts and providing advice
in contract disputes. This engagement calls for special intellectual
skills.
Security professionals must be able to spot legal issues. They must
interact knowledgably with legal counsel. As they interact with counsel
to devise solutions, they must be ready to offer educated suggestions.
What is more, no IT professional has the luxury of a corporate lawyer
to edit all email. Tech professionals themselves need law-based training
on how to communicate in day-to-day business negotiations.
Prepared primarily for non-lawyers, this course focuses on practical
lessons rather than theory. But many corporate lawyers will find this
course rewarding because it will introduce the waterfront of practical
issues involved in technology negotiations.
When appropriate, this course leaves the student with practical steps
and tools to be applied in his or her enterprise.
This course covers these issues facing modern enterprises, in the
context of the new data security laws identified above:
General Technology Contracts
ASP Agreements
Software Agreements
Consulting Contracts
Contract Formation and Mechanics
Risks and Rewards of E-communication
Negotiating Through Electronic Media
Anti-Spam Laws
Scattered throughout are descriptions of legal cases to show how
different disputes have resolved in litigation.
One goal of this course, especially in the parts dealing with
negotiation, is to convey tips and instincts that a business lawyer
would learn not in law school but from the day-to-day practice of
contract law.
Contracting for Data Security and Other Technology
Balimore, MD
May 16, 2004
http://www.sans.org/bootcamp04/description.php?tid=24
http://www.sans.org/bootcamp04/index.php
12. Incident Handling: Real-Time Inter-Network Defense
This Internet Draft began life as Kathleen Moriarity's GIAC practical
assignment and continues to mature. As the speed of attacks continue to
increase, we need to examine methods to defend in kind. If you work for
a large enterprise, or an ISP, I strongly recommend you read and
comment. The draft proposes a messaging mechanism to coordinate the
trace back of information security incidents across network providers
and attached networks.
INCH working group page:
http://www.ietf.org/html.charters/inch-charter.html
The draft is available here:
http://www.ietf.org/internet-drafts/draft-ietf-inch-rid-00.txt
13. Update Business Continuity Planning to Version 2.1
Steve Weil is leading the update of the SANS Disaster Recovery, Business
Continuity Planning Step by Step book and is almost finished. We are
looking for a few stories of organizations that successfully recovered
from a disaster. The maximum length for such a story would be one page.
If you have a story and your organization will allow you to contribute
it "on the record", please drop me at note, Stephen@sans.org
14. SANS Alumni Program
SANS makes every effort to provide you with the most current consensus
best practices curriculum and help you obtain your certifications.
Have you previously taken a SANS Track, but did not complete your GIAC
certification for that track?
Are you interested in getting a complete, updated version of the course
books and other track related material, and networking with other
network security professionals, regardless of whether or not you obtain
your certification?
Register for SANS Local Mentor-Led course and fully participate for only
$1,250.
This offer is available to alumni who attempted their course after
January 1, 2001 and applies only to the same course previously
attempted. Work with our mentor, who will lead the class discussions
and demonstrations, and assist in preparing you for your certification.
You will receive all the items that come with having paid full tuition,
described above.
If you are interested in participating in SANS Alumni Program, please
contact lmp@sans.org and request the alumni discount code. You must
meet our criteria in order to qualify for the Alumni discount.
************************************************************************
To change your subscription, address, or other information, visit
http://portal.sans.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAaMra+LUG5KFpTkYRAt3CAKClCVacEoiskpT4vGgOchio/RJxNwCgpGgC
E+ipM+VyJvYabTuYlnnZQH4=
=oPS6
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
