SANS Training and GIAC Certification Update
Edition 4, April 29, 2001

Greetings, I am Stephen Northcutt and things are still happening fast
on the training and certification front. Here is the latest update.
 
Table of Contents
- Fight Back Status
- Information Security Heroes
- Reading Room Update
- Certification News
- Conference and Training Information
- Computers for our Community
- Closing Thought

In the last SANS and GIAC update we talked about fighting back. Thank
you for all the responses, it turns out this is a hot theme. You can
see it in action on web pages like
http://www.dshield.org/fightback.html
http://www.mynetwatchman.com and www.incidents.org.
The only thing missing is you if you aren't a contributor. By the way,
we are having trouble getting to word to Asia Pacific region ISPs. If
you are in the Asia Pacific region and you are willing to help, would
you please send the:
- Name of your ISP
- Their IP address range
- Contact point for abuse or incidents to infodshield.org

****************************************
Information Security Heroes

All of these "fight back" programs involve making sense of large volumes
of data. To do that we need techniques that allow for massive data
reduction. Lt. Stephen D. Donald USN, and Captain Robert V. McMillen
USMC, from the Naval Postgraduate School. worked for months, 7 days a
week, taking as little time for sleep as possible, building a new
intrusion detection capability based on a Snort plugin. The tool, while
still under development, provides a realtime, intuitive graphics display
and is being used by analysts on operational DoD networks as one more
capability to help defend networks and identify cyber- attacks for which
there is no known signature. This is a DoD project and I don't know if
it will ever be available for the general population, but this is
exactly the sort of progress that we, as a community, need to make.

****************************************
Reading Room Update

The SANS Web page http://www.sans.org now points to the reading room
topics. If you haven't been to the reading room recently, by the time
you read this there will be over 700 papers covering 43 different
topics.

****************************************
Certification News

SANS is revising Information Security KickStart and Security Essentials
courses to create a new 6 Day (total) Security Essentials course and
certification. Days 2 and 3 of KickStart will be combined with the
current Security Essentials course, and enhanced with brand new
material. The course will be available online in July 2001 and will be
taught "live" starting in August 2001. We are working hard to structure
this so that nobody loses. If you are taking either KickStart or
Security Essentials online, you will be allowed to finish your program,
or to be enrolled at no charge in the new program with a full six months
to finish the new program. If you took either earlier program in a
conference or online, when you re-certify you will have full access to
the new program. For further information:
http://www.sans.org/giactc/new_GSEC.htm

Congratulations to Win Miller (GSEC, GCIH), our first student to pass
his GSEC recertification exam! Win was one of our first GSEC graduates
back in early 2000. He is now one of over 1200 GIAC certified
professionals - those numbers are an indication of the rapid growth of
the GIAC program over the past year.

A reminder to students who have taken SANS online courses or earned GIAC
certifications: Your SANS username and password are permanently
assigned to you. After you complete your course or certification, the
account will remain active. Be sure to keep your account information
up to date so that we can contact you with GIAC news, special offers,
and information about the program! To update your information, log in
at http://www.sans.org/momgate, and click the "Edit Personal Info" link.
If you have forgotten your logon information, you can retrieve it by
going to the URL above, entering the email address you used when you
registered, and clicking the "Forgot Password" button.
 
 
****************************************
Conference and Training Information

Local Mentor Program. The current schedule is posted at
http://www.sans.org/giactc/mentor.htm However, we are going to have to
pause this program for a couple months after these wind up to complete
the transition to the new Security Essentials format.

Important tips for online registration. If you plan to attend a
conference, if at all possible register using our online method and do
it yourself. A number of attendees have had their secretary or training
officer register them and they put their own email in the form. It
seems obvious, but students continue to get it by this, if we do not
have your correct email we can't send your password and userid!

There are two comments that I see again and again on your evaluation
sheets. You want hands-on courses and smaller class sizes. The
experimental hands-on assessment course in Orlando was a huge success,
it was the highest scoring track in the history of SANS with an overall
satisfaction rate of 9.9 out of 10. We will certainly try to run this
again. We will be running a hands-on version of intrusion detection in
depth in July at SANSFIRE: http://www.sans.org/sansfire/track3.html

Smaller class sizes for the popular tracks, intrusion, firewalls and
SANS Security Essentials is a harder rabbit to pull out of a hat, but
your best bets are shown below:

Caribbean SANS is one of our last offerings of the popular single day
of KickStart with Security Essentials. The description is available
at: http://www.sans.org/caribbean/caribbean.htm If you know someone in
the information security field that speaks Spanish as a primary
language, tell them about this URL, the class will be taught in English,
but the instructor can answer questions in Spanish.

LoneStar SANS II will be held in Dallas, Texas with on May 31-June 3,
2001 with two of our most popular training programs, Securing Windows
2000 and Firewalls, VPNs and Perimeter Defense. For more information
please go to our website at:
http://www.sans.org/lonestar2/lonestar2.htm

The way I read the tea leaves, these are your best chance to take SANS
training from our top instructors with a small class size, but please
don't get mad at me if they fill up. However, we secured a small room
for the Securing Unix class in Honolulu Hawaii so it can't get too big,
the information for Aloha III

****************************************
Computers For Our Community

I heard about this program and thought I would share the information
with you, there might be similar programs in your area. Computers for
Our Community is a non- profit program sponsored by the United Way of
Pinellas County Florida. Individuals, companies and organizations donate
computers, software and funding. After donated computers are received,
they are refurbished and licensed software is installed on each
computer. The mission of Computers for our Community is to provide basic
hands-on computer training and a computer at no cost to individuals who
cannot afford them. If you or your organization is interested in
supporting Computers for Our Community please email them at
cfoc2000yahoo.com or call 727-709-4020.

****************************************
Closing Thought

 
I finally went 802.11 wireless in my house. I hooked it up and began
to configure it and soon I got to the screen for Wireless Equivalent
Privacy (WEP) and thought, "I'll get this working and then figure out
the security". That was two weeks ago. Granted, WEP has flaws,
http://www.sans.org/infosecFAQ/wireless/equiv.htm but doing nothing is
far worse. If we truly want to ensure the information economy is a place
of law and order, then each of us needs to make a little time in our
daily lives for the discipline of security. So, if you will excuse me,
I need to figure out what to do with those hex WEP codes!

Stephen Northcutt
The SANS Institute

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]