What are the Cyber Defense Initiatives and How Can You Get Involved?

SANS has a yearly tradition to identify opportunities for each of us
to help make measurable improvements in the security of our systems
and networks. This is a call to action. There are seven initiatives,
which are:

- Implement the Gold Standard for Windows 2000 Worldwide
- Remodel the SANS/FBI Top 20
- Awareness Training That Really Works
- Insist Security Officers Meet a Standard
- Expand the Internet Storm Center Early Fight Back System
- Define New Gold Standard Security Configurations
- Establish the standards of our profession

NOTE: Please do not reply to this message, I welcome your email,
but this is not actually my email address. Each initiative has a
way to get involved. At the bottom of the note there is a way to
unsubscribe or modify your email address.

Initiative 1 - Implement the Gold Standard for Windows 2000
Professional Worldwide

The goal is to take one operating system out of the reach of attackers
worldwide this year. The Gold Standard is the most powerful Cyber
Defense Initiative we have. The US National Security Agency studied
the successful system compromises of Windows 2000 during the past
eighteen months and found that more than 85% of them would have
been blocked had the owners been using the Gold Standard, which was
jointly developed by the Center for Internet Security, NSA, DISA,
NIST and GSA. We will launch the effort by offering extended (8:00 AM
- 5:30 PM) one day, hands on training in over 25 cities world wide
primarily on the dates of September 23, 25, and 27. Every Windows
2000 Gold Standard course we have offered so far has sold out.

Minimum-security settings (baselines or benchmarks) do work, however,
system administrators need to be confident that what they are doing
will work and that they know how to do it. In Securing Windows
2000, you will receive the training to use SECEDIT.EXE, SECURITY
CONFIGURATION & ANALYSIS, SECURITY TEMPLATES TOOL, HFNETCHK.EXE,
and the CIS SCORING TOOL. The course expects that you are already
familiar with Windows 2000; we will send you instructions to help
you download and install the HFNETCHK.EXE and CIS SCORING TOOL tools
prior to coming to class.

To see the participating cities or to register:
http://www.sans.org/Win2KWorldTour

To implement the Gold Standard worldwide we estimate we need 150,000
trained people and the world tour is estimated to reach 1,500. We are
going to offer a certification in the Gold Standard. To truly succeed
as a Cyber Defense Initiative, a large number of the people that we
train will need go back to the workplace and teach their co-workers.
Soon after the courses, we will approach the highest scoring students
about teaching and mentoring.

*** We are offering our volunteer program for this course; preference
will be given to experienced volunteers and also law enforcement
personnel. http://www.sans.org/conference/volunteer.php

Initiative 2 - Remodel and Implement The SANS/FBI Top 20

Any good football coach knows to keep the team focused on the
fundamentals of blocking and tackling, the fundamentals for the
defensive information community are the "Top 20". If we can eliminate
the 20 most exploited vulnerabilities in the world, we can prevent
an overwhelming number of attacks from succeeding. We must get this
core fundamental document updated, properly organized and out to the
community and we need to follow that rapidly with an action plan to
implement the corrective steps. To do this, I need your help!

If you have never read the top 20, please download the latest version
from http://www.sans.org/top20.htm
This represents the minimum understanding any security professional
should have about vulnerabilities and exposures to risk for information
systems.

If you are on the front lines and you are dealing with attacks on a
regular basis, we really value your input:

http://www.sans.org/Top20_Questionnaire.php

I need a small team to take the lead on the update. If you want to
help me with this project, have strong writing skills, and hold a
GIAC certification, write infosans.org with "Top 20 Team" in the
subject line.

Initiative 3 - Awareness Training That Really Works

One of the most cost effective methods for improving security is to
build an awareness program that teaches people what the really need to
know and then tests them on the knowledge (going beyond the mechanics
of picking a good password). An online training and no-fail testing
system gives management the tools needed to hold employees accountable.
We have the first version up and running and are getting ready to
build an improved version.

We need help with the stories, or awareness elements. I am desperately
seeking a couple of great writers with a solid technical grounding in
security, especially Windows environment. SANS will pay for accepted
technical pieces that help users understand why their actions (or
lack of actions) really matter. If you feel you could explain how a
buffer overflow works in one page, please write infosans.org

Initiative 4 - Require Security Officers and Managers to Meet a
Minimum Standard

It is clear from the leadership exhibited by the NSA, DISA, GSA
and NIST in the development of the Gold Standard that Information
Security is becoming a major priority in the US government. This year,
October 18 - 25, at the SANS Network Security 2002 National Conference,
http://www.sans.org/NS2002/ SANS will host a special meeting, the 2nd
National Information Assurance Leadership Conference. Information
security leaders from the Army, Navy, Air Force, Marines and Coast
Guard will come together to learn and discuss upcoming trends and
projects and ways to improve their security posture.

One of the services, the Marines, are going to conduct a Security
Essentials + CISSP CBK course right after the meeting for their
security officers leading to certification. Brilliant!
  
If you have been following SANS for a while, you remember KickStart,
the three-day course that was our original entry-level training track.
The first time we taught it, a couple of students came up to me at
the first break, one in tears. "This is too hard", they said, "We're
managers". GIAC Security Essentials + CISSP CBK is well tested and
will weed out people that have no chance of doing the job the way it
needs to be done. Every time you hire, every time you promote you
have a chance to make the world a better place, take the initiative
and insist security officers and managers meet a minimum standard.

Initiative 5 - Expand Storm Center Early Warning and Fight Back System

Storm Center is like an old-time weather reporting system where
people installed rain and wind measurement systems in the yards and
called the radio station to report rainfall and wind speeds. But now
it is all automated. In a thousand organizations around the world,
small programs collect data on unwanted packets, summarize them,
and send them to Storm Center where the data is charted and analyzed.

So far Storm Center has discovered three new worms and it was
instrumental in measuring and monitoring Code Red. Upgraded
sensors will make it even better. Storm Center also accumulates
evidence of infected systems and provides authoritative notice
to ISPs and other organizations so they can remove the infected
systems from the Internet. You can watch Storm Center in action at
http://www.incidents.org and that's also where you'll find information
on having your systems help monitor the Internet. And that is the key;
we need you to get involved. Your personal firewall, your cable modem
or DSL router is probably supported, you can be part of fighting back
simply by having your personal firewall report the attacks it sees, go
here to be part of this initiative: http://www.dshield.org/howto.html

Initiative 6 - Define New Gold Standard Security Configurations

For five years, through the efforts of more than 300 of you, SANS has
been publishing updated step-by-step guides to help you ensure that
each new system you connect to the Internet meets minimum standards of
protection, so it won't be taken over using well-known vulnerabilities.
Now that initiative has taken on national and global partners: - the
US National Security Agency, the National Institutes of Standards and
Technology, the National Infrastructure Protection Center (FBI) and
through the Center for Internet Security, commercial companies from
Intel to Hallmark to Shell, and government leaders in a half dozen
other countries. Together this consortium is publishing consensus
minimum benchmarks for operating systems beginning with Windows 2000,
and the Center for Internet Security is releasing free testing and
scoring tools so you can check your systems against the benchmarks.
It won't be long before the vendors will be delivering more secure
versions of their software to comply with procurement specifications
that include the new benchmarks. We need your help in this continuing
process for each new OS and application and ask for it by putting
notices from time to time in NewsBites. If you are not already
subscribed to NewsBites (the free weekly summary of security news)
send an email to infosans.org with the subject Subscribe NewsBites.

Right now, I think the most important initiative to start is the
Macintosh with OS X v. 10.2. If you are a decent writer with 10.2 or
really know the system internals and are interested in being involved,
write infosans.org with OSX10 in the subject line.

Initiative 7 - Establish the standards of our profession

Auditors and corporate officers have lost the public trust.
What went wrong? As a community we are growing fast. You have read
that employees with information security skills are earning more
than most folks in IT in general and that demand for these skills is
increasing. I hope we do not lose the trust of those that count on us.
We need to establish standards for systems, technical understanding,
job descriptions, salary and ethics.

The Gold Standard movement could be the most important project
to establish standards for implementing and testing system
security. I hope you will visit the Center for Internet Security
http://www.cisecurity.org today if you haven't seen what they have
in a while.

GIAC is the leading certification for technical security knowledge
but there is a lot more work to be done. Those who have successfully
completed the advanced Level II certifications will tell you they
were really challenged, but it was worth it. Many successful GIAC
professionals say that they learned as much doing the practical
assignment as they did in the class which is incredible when you
consider SANS training is mostly hands on and very advanced and
focused. To really help us these standards grow you need to score
a 90 or above on your exams so that you can be eligible for the
advisory boards.

SANS has been running salary surveys for years and we have learned
there is no standard for job titles. What does network engineer
mean exactly? In Canada, you have to be an engineer from a licensed
engineer school to use the engineer title. In the US, I was given a
firewall engineer certificate after two days training once. We need to
collect job descriptions and establish consensus as to what they mean.
If you have a good description for a job in the information security
field and are willing to share it, please send it to kimiesans.org.
We will organize these into best-fit categories and open the floor
for discussion.

If you have note yet voted on the SANS salary survey that is important
as well: http://rr.sans.org/survey In the process, you will have to
register, but you will also get access to the 2,000 unique security
research papers in the SANS Reading Room. Why do you have to register,
is it a real pain to enter a password?

Should there be an ethical standard for every professional in the
industry? There are several groups with existing codes of ethics,
I have started to contact them, stay tuned.

This concludes our discussion of 2002's seven Cyber Defense
Initiatives. The remainder of your note consists of brief pointers
to training opportunities that you may not be aware of unless you
have figured out how to decode the Rosetta stone they call the SANS
home page.

If you can't travel and want to take Security Essentials try the
Instructor Led Online Training version taught by Eric Cole, the
highest rated SANS Security Essentials instructor:
http://www.sans.org/onlinetraining/ILotII.php

If you prefer meeting people in your local area, consider a locally
mentored Security Essentials course:
http://www.sans.org/onlinetraining/mentor.php

On the conference front, Network Security 2002 is one of our national
conferences. If you like all the trimmings including a full vendor
exhibition, please consider:
http://www.sans.org/NS2002/

Finally, it is with great pleasure that I invite each of you to the
Cyber Defense Initiative themed conferences:
http://www.sans.org/CDI02/
http://www.sans.org/CDI03NewOrleans/
http://www.sans.org/CDI03Austin
http://www.sans.org/CDI03SanAntonio

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email. Unsubscribing
will take you off any news bulletin lists for NewsBites or Security
Alert Consensus as well as any conference information notes.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

NOTE: CISSP is a registered certification mark of ISC2.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]