|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites_at_sans.org)
Date: Wed Nov 20 2002 - 14:07:17 CST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Special invitation for security managers and executives among NewsBites
readers: Announcing NIAL IV, the Fourth National Information Assurance
Leadership Conference
People attend NIAL because they manage security programs and need
unbiased management-level briefings on both technology and management
issues, on the future of information security, the latest threats,
up to date defenses, how to choose the right security tools, how to
build a defense-in-depth toolbox that scales from a SOHO to a vast
enterprise, and even how to present their security program effectively.
The first three NIAL conferences were limited to Navy, Marines, Army,
Air Force and other DoD security managers. NIAL IV, March 5 and 6,
2003, at Harbor Island in San Diego, will be the first NIAL open to all
security managers and leaders. NIAL is the one conference to attend
if you want a conference where every session features an extraordinary
speaker with valuable, practical information you can apply when you
return to work. This is what a security conference should be, but it
is all too rare. Check out the agenda at the end of this NewsBites,
and then plan to join us in San Diego in March. You'll save $500 if
you register for NIAL plus one of SANS immersion training tracks that
follow NIAL.
http://www.sans.org/SANS2003/nial.php
Stephen Northcutt, Alan Paller, Ed Skoudis
Principal Instructors, NIAL IV
***********************************************************************
SANS NewsBites November 20, 2002 Vol. 4, Num. 47
***********************************************************************
TOP OF THE NEWS
12 November 2002 Vulnerabilities Affect BIND Versions 4 & 8
14 & 15 November 2002 BIND Vulnerabilities Raise Disclosure Debate
14 November 2002 Tcpdump Trojan Infection
14 November 2002 Evidence Obtained from PC Without Warrant Violates
Fourth Amendment
13 & 14 November 2002 Homeland Security Proposal Additions Concern
Security and Privacy
THE REST OF THE WEEK'S NEWS
18 November 2002 GSA Awards Patch Dissemination Contract
18 November 2002 University of Oslo Passwords Hacked
17 November 2002 Journalist Gets Into Hussein's e-Mail
15 November 2002 Bill Establishes e-Government Office in OMB
15 November 2002 WPA Vulnerable to DoS
15 November 2002 P2P Honeypots?
11 November 2002 Revamping P2P Request Rules Diminishes Attack Effects
14 November 2002 Mundie on Trustworthy Computing
14 November 2002 Chechen News Sites Targeted by Foes?
13 November 2002 OHS to Release Conceptual Architecture Plan for DHS
13 November 2002 Men Surrender to FBI in Breeders' Cup Case
13 November 2002 Court Appearance for Virus Spreader
13 November 2002 Latin American Companies Vulnerable to Cyber Attacks
13 November 2002 e-Card Tricks Recipients into Accepting License Terms
12 & 13 November 2002 UK Man Indicted on Military Computer Hacking
Charges
15 November 2002 McKinnon Left Evidence Behind
12 November 2002 Pentagon Developing Global Cyber Surveillance System
12 November 2002 ATM Thieves in Australia
12 November 2002 Report Encourages Government to Use Wireless Devices
12 November 2002 Treasury Dept. IG Report Holds Praise, Offers
Suggestions
11 November 2002 Single Point of Government Contact for Vulnerability
Reporting?
11 November 2002 Charney Calls for Government to Take Larger Role
in CI Security
11 November 2002 Hong Kong Police Force Bolsters Computer Forensic
Dept.
15 November 2002 Mac Unix-based Xserve Vulnerabilities
11 November 2002 Unix-Based Mac OS More Vulnerable
**************** This Issue Sponsored by NetIQ ***********************
FREE HIPAA Compliance White Paper from NetIQ
Attn Healthcare professionals! Are you ready for HIPAA (The Health
Insurance Portability and Accountability Act of 1996)? Read NetIQ's
FREE White Paper, "HIPAA Readiness," and learn how to plan for and
maintain compliance with HIPAA's security guidelines and regulations.
Visit http://www.netiq.com/f/form/form.asp?id=1304&origin=NSSANS102302
***********************************************************************
TOP OF THE NEWS
--12 November 2002 Vulnerabilities Affect BIND Versions 4 & 8
Three "malformed request" vulnerabilities in BIND DNS make servers
running the software susceptible to denial-of-service attacks; one of
the three also includes a buffer overflow attack that allows arbitrary
code to be executed. Affected versions include BIND 4 and BIND 8
through 8.3.3. Users are encouraged to upgrade to BIND 9.
http://www.computerworld.com/securitytopics/security/story/0,10801,75828,00.html
http://news.com.com/2100-1001-965525.html
http://www.linuxsecurity.com/articles/vendors_products_article-6140.html
--14 & 15 November 2002 BIND Vulnerabilities Raise Disclosure Debate
While Internet Security Systems (ISS), the group that made the
announcement of the flaws in the BIND domain name system (DNS)
software maintains patches for the problems were readily available
when they published the information, users say otherwise. Some say
that when they went to the Internet Software Consortium (ISC-the group
responsible for maintaining BIND) web site, they were told to e-mail
the group to speak to them about patches. ISS has been accused of
failing to follow the Organization for Internet Safety's (OIS) code
of conduct. ISS also says they believed the vulnerabilities were
not being actively exploited.
http://www.eweek.com/article2/0,3959,708890,00.asp
http://www.smh.com.au/articles/2002/11/14/1037080843561.html
--14 November 2002 Tcpdump Trojan Infection
A hacker managed to install a Trojan horse backdoor program on two
software products available on the tcpdump.org website: tcpdump,
a network data traffic monitoring utility and libpcap, its code
library. The software has been mirrored on other sites; CERT/CC has
issued an advisory about the affected utilities and advises sites to
verify the integrity of the code they make available. This attack
is similar to earlier attacks on Sendmail and OpenSSH.
http://zdnet.com.com/2100-1105-965800.html
http://news.com.com/2100-1001-965916.html
http://www.cert.org/advisories/CA-2002-30.html
--14 November 2002 Evidence Obtained from PC Without Warrant Violates
Fourth Amendment
A federal judge in Virginia ruled that police who submitted evidence
obtained by a hacker from a suspect's PC without a warrant constituted
unreasonable search and seizure, violating the Fourth Amendment.
The evidence was suppressed.
http://news.com.com/2100-1023-965926.html
[Editor's Note (Murray): The FBI is usually careful to insulate such
evidence by getting a warrant based on "testimony of a confidential
(and often paid) informant," and then getting the same evidence again
under cover of that warrant. In this case, it looks like they skipped
that step and compromised their prosecution.]
--13 & 14 November 2002 Homeland Security Proposal Additions Concern
Security and Privacy
The Cyber Security Enhancement Act (CSEA) has been inserted into
the Department of Homeland Security proposal. CSEA, which passed in
the House but not the Senate earlier this year, could send certain
crackers to prison for life. It also broadens the circumstances
under which an ISP can divulge user activity
http://news.com.com/2100-1001-965750.html
http://www.washingtonpost.com/wp-dyn/articles/A54872-2002Nov14.html
************************ SPONSORED LINKS ******************************
Privacy notice: These links redirect to non-SANS web pages.
(1) STOP UNKNOWN ATTACKS! Intercept would-be network attackers. Free
white paper explains how. http://www.sans.org/cgi-bin/sanspromo/NB101
(2) STOP SPAM and unwanted email. Take control. FREE WHITE PAPER!!!
http://www.sans.org/cgi-bin/sanspromo/NB102
(3) Need to patch your computers? Try SysUpdate free, the first
Anti-Vulnerability Application.
http://www.sans.org/cgi-bin/sanspromo/NB103
***********************************************************************
THE REST OF THE WEEK'S NEWS
--18 November 2002 GSA Awards Patch Dissemination Contract
The General Services Administration (GSA) has awarded a contract to
Veridian Corp. for a computer vulnerability patch dissemination system
for government agencies. Veridian will maintain profiles of agency
systems, advise agencies on what to do until patches become available
and will test patches before sending them out to the various agencies.
http://www.fcw.com/fcw/articles/2002/1118/news-patch-11-18-02.asp
[Editor's Note (Grefer): During the Top20 announcement, the GSA
representative emphasized that the patch "testing" would just be a
general functional test, without any implied nor explicit guarantees
whatsoever. Each agency will still have to do its own testing. The
only thing that will be caught by this setup is anything that has
not gone through quality assurance cycles at the vendor.]
[20]] - 18 November 2002 University of Oslo Passwords Hacked
Crackers obtained the University of Oslo's central password file;
they also stored quantities of pirated programs and movies on the
University's servers. The University had to change all the passwords
and install new software on some computers. The University was
unaware that an SQL database installs automatically with Windows 2000;
it was not being properly maintained.
http://www.ds-osac.org/view.cfm?key=7E475241425D&type=2B170C1E0A3A0F162820
--17 November 2002 Journalist Gets Into Hussein's e-Mail
Journalist Brian McWilliams guessed the password to an e-mail
account for Saddam Hussein on the Iraqi government web site,
www.uruklink.net/iraq, and downloaded more than 1,000 messages that
had been sent to Hussein. The mail included business proposals from
some U.S. companies even, though the U.S. has trade sanctions against
Iraq. There is no way to know if Hussein ever read any of the mail.
McWilliams recommended that the site change the account password;
when nothing was done, he changed it himself. It has since been
changed again.
http://www.cnn.com/2002/TECH/11/17/offbeat.saddams.email.ap/index.html
[Editor's Note (Schultz): Let's not give any kudos to
Mr. McWilliams. Breaking into another person's account without
authorization is illegal and unethical.]
--15 November 2002 Bill Establishes e-Government Office in OMB
The House recently approved H.R. 2458, which establishes an
e-government office within the Office of Management and Budget
(OMB). The bill also created an e-government fund for interagency
projects; $200 million is authorized for each of the next three years.
Among other responsibilities, the e-government office's CIO would
establish security guidelines. The Senate passed its version of the
bill, S.803, in June; now both go to conference committee.
http://www.govexec.com/dailyfed/1102/111502a2.htm
--15 November 2002 WPA Vulnerable to DoS
Wi-Fi Protected Access (WPA), the new wireless security standard,
is vulnerable to a type of denial of service attack. If it receives
two unauthorized data packets within one second, it shuts down
for one minute to prevent an "active attack." In other words, an
attacker could send two unauthorized packets every minute and keep
the network down.
http://www.wired.com/news/business/0,1367,56350,00.html
Cisco's response admitting vulnerability to DoS in the conclusion:
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00800a9e74.html
[Editor's Note (Shpantzer): This feature/vulnerability is built into
the spec. It focuses on improving resistance to confidentiality
and integrity attacks, at least relative to WEP. The tradeoff is a
built-in denial of service vulnerability.]
--15 November 2002 P2P Honeypots?
Some record labels, film companies software manufacturers and other
digital content copyright holders are paying companies to seed
peer-to-peer networks with decoy files that may start playing music
and then fade away or play nothing at all.
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=1758568
--11 November 2002 Revamping P2P Request Rules Diminishes Attack
Effects
Two researchers at Stanford University say they believe they could
build a peer-to-peer file-sharing network that would protect users
from denial-of-service attacks. This is especially significant due
to proposed legislation that would permit copyright holders to hack
back at computers of those suspected of copyright violation. Using
a mathematical model of Gnutella, the researchers determined that
establishing rules for responding to requests from certain nodes
greatly reduced the damage from an attack.
http://www.newscientist.com/news/news.jsp?id=ns99993037
[Editor's Note (Northcutt): Measures and countermeasures. This is
going to get pretty nasty, whether or not they legalize attacks,
it is only a matter of time before we see serious P2P malware.
If you are sitting on the sidelines in your organization thinking,
"what harm can some music files do", you are underestimating the
impact. Work to develop strong policy against the use of these tools,
and enforce that policy before the shooting starts.]
--14 November 2002 Mundie on Trustworthy Computing
Microsoft senior VP for advanced strategies and policies Craig Mundie
said that though the company has made progress with its Trustworthy
Computing Initiative, it still has a way to go. Examples of progress
include the success of the voluntary program that lets Windows XP
users have their machines automatically report bugs back to Microsoft,
and privacy enhancements made to Media Player 9. Among the costs
of the program is the fact that Microsoft no longer supports Windows
95 despite its widespread use. Mundie says one of the problems the
company is facing is the fact that customers are running older,
less secure versions of their software; he also says the company
plans to force security fixes onto older versions of their software,
even if it breaks some users' applications.
http://www.computerworld.com/securitytopics/security/story/0,10801,75873,00.html
http://www.wired.com/news/technology/0,1282,56381,00.html
http://www.pcworld.com/news/article/0,aid,106928,00.asp
http://zdnet.com.com/2100-1105-965759.html
http://www.theregister.co.uk/content/4/28100.html
[Editor's Note (Murray): Mundie's message, "You will just have to go
back and fix it," seems to be addressed to the developers. MS has a
hard problem here. Historically they have catered to the developers
because the popularity of Windows is related to the fact that there
are a lot of applications. However, it is the users that will suffer
the broken apps.]
--14 November 2002 Chechen News Sites Targeted by Foes?
Chechen separatists allege that Russia's FSB security service took
down two of their primary news web sites. An FSB spokesman denies
the allegation. One site (chechenpress.com) was the victim of a
denial of service attack; the other's (kavkaz.org) registration was
changed and the site closed.
http://news.zdnet.co.uk/story/0,,t269-s2125938,00.html
--13 November 2002 OHS to Release Conceptual Architecture Plan
for DHS
The Office of Homeland Security is going to issue a conceptual
architecture plan for integrating IT systems within the Homeland
Security Department. A CIO team from the 22 agencies that will merge
to form the new department is also taking a look at various IT projects
and deciding which to combine with others and which to terminate.
http://www.govexec.com/dailyfed/1102/111302h2.htm
--13 November 2002 Men Surrender to FBI in Breeders' Cup Case
Three men involved with suspicious off-track betting in the Breeders'
Cup surrendered to the FBI last week. The men may be charged with
wire fraud conspiracy. One of the three was fired from his job at
Autotote shortly after the event in question; his job allowed him
the type of computer access required to manipulate the wagers.
http://www.wired.com/news/politics/0,1283,56328,00.html
--13 November 2002 Court Appearance for Virus Spreader
A Welsh man, Simon Vallor, appeared in court on charges of
distributing the Gokar, Redesi and Admirer mass-mailer computer
viruses. Information from the FBI helped in the investigation and
subsequent arrest of the 21-year-old in February.
http://news.zdnet.co.uk/story/0,,t281-s2125873,00.html
http://www.theregister.co.uk/content/56/28077.html
--13 November 2002 Latin American Companies Vulnerable to Cyber
Attacks
Companies in Latin American countries are vulnerable to computer
attacks because they don't spend enough or in some cases even have
enough to spend on security. The companies tend to behave reactively
rather than proactively. Employees are not trained properly and many
businesses lack security policies or don't educate employees about
the policies. In addition, the governments are not enforcing cyber
security laws.
http://www.infoworld.com/articles/hn/xml/02/11/13/021113hnlatamhack.xml
[Editor's Note (Murray): Nonsense. There is always enough money to
do that which must be done. If the cost of security were not less
than the cost of insecurity, we would not do it. Trust me when I
tell you that if their systems are compromised they will find the
money for remediation. That money will come out of profits.]
--13 November 2002 e-Card Tricks Recipients into Accepting License
Terms
An electronic greeting card created by a Panama-based company tricks
recipients into downloading an application that sends e-cards to
everyone in the Outlook address book. The company manages to make
such activity legal by the simple fact that users have accepted the
terms of a license agreement.
http://news.com.com/2100-1001-965570.html
--12 & 13 November 2002 UK Man Indicted on Military Computer
Hacking Charges
UK citizen Gary McKinnon has been indicted in Virginia and New
Jersey on charges of hacking into a variety of U.S. military
computer networks between March 2001 and March 2002. McKinnon was
in British custody before being released recently; U.S. Attorney for
the Eastern District of Virginia Paul McNulty said U.S. officials
hope to extradite McKinnon. McKinnon says he will fight extradition.
http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,75833,00.html
http://www.govexec.com/dailyfed/1102/111202h2.htm
http://news.com.com/2100-1001-965490.html
http://www.cnn.com/2002/LAW/11/12/military.hacker/index.html
http://online.securityfocus.com/news/1646
http://www.gcn.com/vol1_no1/daily-updates/20478-1.html
http://www.washingtonpost.com/wp-dyn/articles/A45963-2002Nov12.html
http://media.guardian.co.uk/newmedia/story/0,7496,839642,00.html
--15 November 2002 McKinnon Left Evidence Behind
Gary McKinnon, the UK man indicted for breaking into U.S. military
computers, left clues to his identity in a software download log file.
McKinnon downloaded a utility called RemotelyAnywhere in March 2001.
His IP address was left in the company's server log files; the company
also had the e-mail address he gave to receive code to unlock the
software.
http://www.wired.com/news/technology/0,1282,56392,00.html
--12 November 2002 Pentagon Developing Global Cyber Surveillance
System
The Pentagon's Information Awareness Office plans to develop a global
computer surveillance system to detect suspicious activity in the
effort to fight terrorism. The Information Awareness Office is run
by former national security advisor John Poindexter who proposed
the project; the project is funded by DARPA, the Defense Advanced
Research Projects Agency, to the tune of $200 million annually.
It plans to examine travel, banking, purchasing, medical and other
data. Poindexter says the data would be collected with business and
government permission. Some have raised questions about the proposed
system's ability to be calibrated to avoid collecting data about
innocent people. Poindexter said the system would have safeguards,
but that his goal is to develop technology, not policy.
http://www.washingtonpost.com/wp-dyn/articles/A40942-2002Nov11.html
--12 November 2002 ATM Thieves in Australia
New South Wales, Australia police have warned of thieves attaching
skimming devices to ATMs; the devices read the necessary information
to access bank customers' accounts. The thieves have already stolen
hundreds of thousands of dollars.
http://www.ds-osac.org/view.cfm?key=7E4752424153&type=2B170C1E0A3A0F162820
--12 November 2002 Report Encourages Government to Use Wireless
Devices
A report from the IBM Endowment for the Business of Government
encourages government agencies to train their employees in wireless
technologies and provide them with wireless devices, like PDAs.
The report also warned that wireless security should be improved
before the technology is used between government and private citizens.
http://www.govexec.com/dailyfed/1102/111202td1.htm
[Editor's Note (Murray): Not to fear. The economies of wireless are
such that it will be used. Connectivity trumps security every time;
get used to it. Our readers should forget "wireless security" and
focus on end-to-end encryption. There are many applications that I
can do from my laptop that I cannot do from my PDA because my PDA
browser does not support SSL. Our readers cannot control the use
or the security of wireless but they can control the security of
their applications.]
--12 November 2002 Treasury Dept. IG Report Holds Praise, Offers
Suggestions
Treasury Department Inspector General reports found that three
department agencies - the Office of the Comptroller of the Currency,
the Financial Management Service and the Bureau of Public Debt. -
need to improve their computer inventory systems to prevent loss
and theft. A report said that audits should be conducted by an
independent party. The report had praise for the agencies' written
security policies and other security measures.
http://www.govexec.com/dailyfed/1102/111202a1.htm
--11 November 2002 Single Point of Government Contact for
Vulnerability Reporting?
Government security officials are discussing the possibility of
creating a single point of contact for cyber security vulnerability
notification; the government would be notified at the same time as
the vendor whose product is affected. Some people are concerned
about the amount of information the government would receive.
http://www.eweek.com/article2/0,3959,685579,00.asp
--11 November 2002 Charney Calls for Government to Take Larger Role
in CI Security
Microsoft chief security strategist Scott Charney wants the government
to take a stronger role in securing critical infrastructure instead
of leaving it to market forces. Charney said the role "might be
[regulation], but it doesn't have to be." He would like government
to work closely with vendors to figure out what needs to be done and
how best to achieve that goal. Charney's position is contrary to
the National Strategy to Secure Cyberspace, which shies away from
government regulation of cyber security, but Charney acknowledges
that vendors have to take an active role as well.
http://www.eweek.com/article2/0,3959,686367,00.asp
--11 November 2002 Hong Kong Police Force Bolsters Computer
Forensic Dept.
The Hong Kong police force plans to increase the number of officers in
the computer forensics department of its Technology Crime Division.
The Division presently includes 66 officers in three departments:
operations, forensic investigations, and intelligence and support. The
amount of crime data undergoing forensic investigation is increasing
dramatically; the police force has also opened a HK$4 million computer
forensics laboratory.
http://www.infosecnews.com/sgold/news/2002/11/11_02.htm
--15 November 2002 Mac Unix-based Xserve Vulnerabilities
The Macintosh Xserve server is vulnerable to denial of service attacks
or web page defacements if it is not configured correctly. Furthermore,
the server is Unix based, making it vulnerable to Unix flaws. However,
because Macintosh server software is not as prevalent as Windows,
it is not often targeted by virus writers and hackers.
http://www.newsfactor.com/perl/story/19994.html
--11 November 2002 Unix-Based Mac OS More Vulnerable
Although a recent study proclaimed the Macintosh OS the least likely
to be the target of malware, it was unclear whether the study looked
at Classic Mac-OS or the new, Unix-based version. While the older OS
may be less likely to come under attack, the Unix-based OS is likely
to open the door for more attacks on Macintoshes. In addition,
security advisories at CERT/CC show a higher incidence of security
issues with Mac OS X than does the study.
http://www.newsfactor.com/perl/story/19930.html
[Editor's Note (Northcutt): I own a pair of Macintosh OS X systems,
and my wife and I love them. However, when I watch them on the home
network with an analyzer, their traffic leads me to believe they
must have serious potential vulnerabilities. They are very chatty
and their multicast traffic is only partially documented. The MI2g
press releases reflected in the preceding articles do not appear to be
supported by sound research, and some people are going to believe these
sorts of things without doing any research and testing themselves.
Readers beware.]
===end===
NewsBites Editorial Board:
Kathy Bradford, Roland Grefer, Bill Murray, Stephen Northcutt, Alan
Paller, Marcus Ranum, Eugene Schultz and Gal Shpantzer
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
visit https://www.sans.org/sansnews/
To change your subscription, address, or other information, visit
https://www.sans.org/sansurl/ and enter your SD number or email address
(from the headers.) You will receive your personal URL via email.
AGENDA FOR NIAL 4, March 5-6, San Diego
The Fourth National Information Assurance Leadership Conference (NIAL
IV), March 5 and 6, 2003, on Harbor Island in San Diego, is open to
all managers and leaders involved in information and network security.
Learn the latest threat information, how to update your defenses,
and the tools and tips that work from the best speakers in the
security field.
http://www.sans.org/SANS2003/nial.php
"SANS is on the cutting edge of security and is recognized as the
standard that everyone else wants to be." Wade Gaines, Dept of Energy
"Worth every dime!" Dustin Howard, Lucent
Agenda
March 5, 2003
Keynote - Marcus Sachs - President's Critical Infrastructure Protection
Board, The White House Learn the inside story on the National Strategy
For Securing Cyberspace and on the lessons learned in the aftermath
of September 11, 2001. Marcus is the technical information security
guru on the White House staff, and one of the most respected security
experts involved in fighting back against cyber crime. He gives an
extraordinary presentation bridging the technical and policy aspects
of the issues involved in creating a national cybersecurity strategy.
"Down to earth, practical training...where the rubber meets the road!"
J. Frazier, PWC
Intellectual Property Intrusion Detection - Stephen Northcutt
Plagiarism, Kazaa and other networks of stolen .mp3s, economic
espionage, and information warfare are similar issues; they are attacks
against intellectual property. We know attacks against copyrights,
trade and service marks and trade secrets are as common as hacker
attacks, but how do we detect these, how can we defend against them?
This talk will describe the categories of intellectual property, show
techniques to detect intrusion and theft, and most importantly describe
tried and proven strategies for defense of intellectual property.
"Stephen's knowledge and experience (stories) mix well to fully meet
the objectives of the course." Joshua Feldman, NFR Security
The SANS/FBI Top 20 Internet Security Vulnerabilities: How To Find
Them and Get Rid of Them - Alan Paller
In this session you'll learn how the SANS/FBI Top 20 were created
and how they are different from the 2001 Top 20. You'll also learn
about the current state of tools that can test for the Top 20 and
the lessons learned by NASA in wiping out the common vulnerabilities
across more than 80,000 systems.
Future Trends in Information Security - Stephen Northcutt
If you are a manager or leader, you need to know where the industry is
going, not where it has been. In this talk, updated from the keynote
at NIAL 03, Stephen uses data from surveys, web hit statistics and
other proprietary information sources to track the dominant trends
shaping the future of information security.
"You just have to hear the master speak, he can share the experience
we can only dream of." Kris Van der Smissen, Telindus
"How to give Winning Technical Presentations" - Alan Paller
The core of SANS is great teaching by front-line practitioners
and every one of the top rated SANS instructors have taken this
short-course. No single professional skill is more important to
on-the-job success than your ability to present your ideas in a
compelling and approachable manner. Whether the audience is the CEO or
a crowd of techies, there are approximately 30 errors technical people
make so often that they have been catalogued. These errors sometimes
are so bad that they cause audiences to want to do just the opposite
of what the speaker is saying. In this fast-paced session, you'll have
a humorous introduction to the errors and learn how to eliminate them.
"Alan Paller is charismatic, has high energy, and is adept at showing
an audience how to communicate and present effectively, while
making the audience feel interested along each step of the way."
Karl G. Pena, Arin.Net
Cyberwarfare - Stephen Northcutt
This freshly updated talk is a SANS classic, It has been taught at
SANS since 1997 and clearly indicated the economic effects of terrorism
using the airline industry years before 9/11. It is based on research
work done by Rand for the National Security Agency and tuned at NSWC
and examines information warfare methods and scenarios. We look at
how to apply an 'Indications and Warnings' intelligence methodology
to information security correlations to improve early warning of
impending large-scale attacks. We'll then apply these methods to
analyzing a hypothetical cyber war scenario set in 2004, and will
discuss large-scale response, critical infrastructure defense.
"Stephen's blend of enthusiasm and content knowledge make the subject
matter (often mind-numbing) intensely interesting." Adam Taylor, DoD
March 6, 2003
"SANS is the best vendor neutral training that I have ever received,
and I have had over 1,000 hours of pro training." Keith Nelson,
Deployment Technologies
Keynote - Breaking News - Recent Advances in Computer Attacks and
Defenses - Ed Skoudis
The bad guys just keep getting better. They constantly devise new
and ever more devious ways to break into our computers. To even the
score, we must keep up with their advances by improving our defenses.
This briefing covers several recent trends in computer attacks over the
past several months, with recommendations for countering each threat.
In this engaging session, we will address super-stealthy Trojan
Horse backdoors, advanced scanners, software flaw analysis tools,
and new wireless LAN attacks.
"This course is excellent at drilling down at some of the various
hacking techniques. Skoudis is probably the best instructor I've had."
Jason McKee, State Farm
Choosing the Right Vulnerability Detection and Intrusion Analysis
Tools - Alan Paller
If you had $100,000 or $500,000 to spend on security tools, what
would be the best allocation of the money? Which types of tools would
you want to buy first? Which vendors would you look to? This session
summarizes answers to those questions based on data from more than
1,000 user organizations that have made those decisions for intrusion
detection and vulnerability analysis tools.
Stealth, Evasion, and Anti-Forensics: How Bad Guys Hide on Computers-
Ed Skoudis
Experienced computer attackers are highly effective in disguising
their malicious actions. Using IDS evasion, anti-forensics, sniffing
backdoors, and other related techniques, attackers are constructing
effective "cones of silence" around their activities. If you don't
prepare your systems in advance, your users and system administrators
could be unaware of a full-scale computer attack until it's too late.
In this session, you'll learn the attackers' tactics, as well as
actions you can use to pierce the bad guys' defenses.
The Defender's Toolbox - Ed Skoudis
In the arms race between computer attackers and defenders, it sometimes
feels like we just cannot keep up with the bad guys' increasingly
sophisticated arsenal. This session is designed to help level the
playing field, and even give the good guys an advantage. We will
highlight the most effective tools used by system administrators in
defending against computer attacks. The session will help you arm
yourself and your team with highly effective open source security
tools.
"Having access to some of the best minds in security is a once in a
lifetime opportunity." Jakub Pittner, Elytra Enterprises Inc.
Minimum Standards for Securing Popular Systems: The Center for Internet
Security - Hal Pomeranz
One of the most important responsibilities of a security manager
is to ensure the enterprise's systems are deployed safely. That's
much easier to say than do. The Center for Internet Security is the
international public/private partnership of large organizations working
to reach consensus on standard security configurations and providing
free tools to test systems against those standards. In this briefing
you'll learn about the first standards that have been completed
(including Windows 2000, NT, Solaris, IOS and more), about how to
get and use the free testing tools, and about how you can involve
your organization in helping to shape the standards.
"Where else can you pick the brains of top notch people in info
security!" Anees Mirza, Mountain Wave Inc.
The Coming Super Worms - Ed Skoudis
Worms have proven to be among the most damaging of computer attack
tools. However, we've only seen the tip of this iceberg. Attackers
are planning on major revolutionary strides in worm functionality.
This session discusses the new breed of worms we'll face in the next
two to five years, as well as tips for preparing for the onslaught.
We'll detail super worm features including hyper propagation,
multi-platform support, and poly/metamorphic code.
"Ed rocks!" Jeff Lahann, IBM
Recent Trends in Web Application Attacks - Ed Skoudis
Attackers have increasingly focused their sights on web applications,
which are often the easiest way to penetrate an organization. Using
techniques such as SQL injection, cross-site scripting, and session
hijacking, bad guys are compromising web sites at an alarming rate.
This session addresses this class of attacks and what you need to
know to inoculate your web site against them.
"Skoudis is extremely knowledgeable and sharp! I really regret that
I have to fly back to work tomorrow and have to miss some of his
presentations." Tam Knight, Learjet
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE929iq+LUG5KFpTkYRAmIHAJkBwqiSs0Edq9g+AjxcvgPDXd7EywCgnqui
1boBtJAP8lju6rGy35k5ccY=
=HkXO
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]