-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SANS Training and GIAC Certification Update
Edition 9, December 19, 2002

Greetings, this note is the 9th ever briefing since Y2K on changes
and new opportunities related to the SANS and GIAC programs. So much
has happened that this is a long note. I have organized it so you can
see the topics this note contains in the Table of Contents below.

Warmly,

Stephen Northcutt - The SANS Institute

- -------------------------------------------------

Table of Contents

1) SANS Information Security Officer Track is now CompTIA approved
   for their Security+ certification

2) Heads Up - Snail Mail List Changes - Read and Respond if you like
   SANS brochures and posters

3) Win a Trip to SANS

4) Featured papers - Two great new papers in the reading room

5) Upcoming Training - All the tracks are listed in this section for
   your convenience

   - January 2003 New Orleans, San Antonio, Austin
   - February 2003 Sydney Australia, Orlando, Honolulu, Toronto
   - March 2003 SANS 2003 San Diego, New York City

6) April 2003 Audit and Security Controls That Work - Baltimore
   Inner Harbor -- Call for papers

7) How to change your subscription or unsubscribe

   "SANS has gathered some of the best instructors in the country to
   teach a curriculum developed by a consensus of the best minds in
   the security industry - what more could any individual or company
   ask for?" Daniel Burhard, Co Biz Inc.

- -------------------------------------------------

1) SANS Security Officer Track is now CompTIA approved for their
   Security+ certification

SANS Basic Information Security Officer track is now a designated
CompTIA Authorized Quality Curriculum (CAQC) for the Security+
certification.* This gives people first entering the field a chance to
come up to speed fast. Employers can invest in a single six-day course
that provides the essential foundation for participants planning
to take either the GISO and/or Security+ certification exams.
SANS strongly recommends students take the Security+ exam first
if you wish to do both. There is no requirement for a practical;
we believe it is a bit easier than the GISO exam and would serve as
knowledge reinforcement.

The Information Security Officer track is designed to empower
corporate and government Information Security Officers (ISOs) to
effectively secure their organizations' information and information
resources. The CompTIA Security+ vendor-neutral certification exam
is the worldwide standard of competency for foundation-level security
practitioners. Its standards were established in conjunction with
numerous organizations including the Federal Bureau of Investigation
(FBI), United States Secret Service, United States Customs, National
Institute of Standards Technology (NIST), Microsoft, Sun Microsystems,
IBM/Tivoli Software, Novell, Motorola, Olympus Security Group, RSA
Security, VeriSign, Entrust, Information Systems Security Association,
Information Systems Audit and Control Association, as well as others.

The Information Security Officer track is offered as part of the SANS
Institute's Cyber Defense Initiative in San Antonio, January 25-30,
2003, and is available at upcoming SANS conferences.
Please visit http://www.sans.org/CDI03SanAntonio/ for more information
about CDI San Antonio.

The CompTIA Authorized Quality Curriculum (CAQC) program is a quality
assurance initiative designed to review and identify courseware
products that specifically support CompTIA certifications with a high
level of quality and 100 percent correlation to the exams.

The CompTIA Security+ certification is designed to close the gap
between staffing needs and the number of trained and certified
individuals available to fill frontline security-related positions. To
earn Security+ certification, information technology professionals
must pass a comprehensive examination testing a core body of
knowledge in five domains: general security concepts, communications,
infrastructure, basic cryptography, and operational and organizational
security.

CompTIA <http://www.comptia.org/>, the Computing Technology Industry
Association, is a not-for-profit trade association providing the
technology community standards in the areas of Internet-enabled service
provision, e-commerce, vendor-neutral technical certification, CRM,
public policy, workforce development and training.

*Security+ is a registered trademark of CompTIA, Inc.

   "SANS is a highly efficient way to continue learning in a dynamic
   industry and stay up to date." Lee Beausoleil, Scitor Corporation

   "SANS provides the most comprehensive tools. Sit in a session and
   immediately improve." Charles K. Johnson, U.S. Navy

   "SANS is the best training for security because it is dedicated
   to teaching security." Claudia Mouery, Northrop Grumman

- -------------------------------------------------
2) Heads Up - Snail Mail List Changes

The other day I was poking around the SANS warehouse and found cases
of brochures that had never been mailed. I asked why and was told
there are bogus addresses and the brochure team hadn't realized that.
If you have ever experienced the joy of "cleansing" a database you
know it is really easy to throw out good records with the bad. If you
want to make sure you continue to receive SANS posters and brochures,
I strongly advise you to visit http://www.sans.org/sansurl and enter
your SD number or email address (from the header of this email.) You
will receive your personal URL via email which you can use to make
sure our contact data for you is correct.

   "This was my first SANS conference and won't be the last! Next time,
   I'll bring others!" David Murray, GE Mortgage Insurance

   "Put your seatbelt on and hold on tight! You'll love it!" Willie
   Veno

   "A rollercoaster ride through highly diverse areas of security
   that leaves you exhausted and exhilarated." Richard Haylerl, GCB

- -------------------------------------------------
3) Win A Trip To SANS 03

If your budget is tight, but your luck is good, you might just win
a free trip to SANS - grand prize package consists of:

 - SANS tuition to the Track of your choice at SANS2003 March 7-12 in
   San Diego, California
 - Course materials
 - Opportunity to test for GIAC Certification
 - Airfare to SANS2003, up to $1000
 - Accommodations at the conference hotel the night before each day of class.
 - $50 allowance at the SANS bookstore

25 Second place prizes of a SANS TCP/IP T-shirt will also be awarded.

Enter at http://www.sans.org/SANS2003/winatrip.php

   "I learned more in one day at SANS than in a week at some
   classes." David Frymyer, Nationwide Insurance

- -------------------------------------------------
4) Featured papers - Two great new papers in the reading room

Is IEEE 802.1X Ready for General Deployment? by Scott Baily

Wireless LANs have been recognized as insecure for some time,
especially for their lack of data confidentiality and access
control. This paper examines the suitability of deploying IEEE
802.1X as the principal authentication mechanism for Colorado State
University's wireless network. After careful consideration of wireless
security issues and how 802.1X addresses those issues, it was decided
that CSU should not incorporate 802.1X into its wireless network at
this time.

Full paper available at http://rr.sans.org/casestudies/deployment.php

Biometric Selection: Body Parts Online by Steven M. Walker GSEC,
CISSP, ABCP

The purpose of this paper is to provide information that will assist
a biometric implementer evaluate and select biometric technology. The
scope of this paper is limited to the selection of biometric technology
as an authenticator in a networked environment. Biometrics as a
physical access, e-commerce, and monitoring technology is beyond the
scope of this paper. As a security consultant and systems integrator,
I will attempt to point out the "fine print issues" of this technology,
as well as, dispel biometric misconceptions, cover generally available
biometric technology, and explore selection considerations. Biometric
technology has great promise and application, but only as a component
of an organization's overall risk management program. As with all
security mechanisms and countermeasures, improper selection, planning
and implementation will leave an organization vulnerable to threats.

Full paper available at http://rr.sans.org/authentic/parts_online.php

- -------------------------------------------------
5) Upcoming Training
 
SANS CDI 2003 - Austin
Austin, TX - January 12-17, 2003
Track 6: Securing Unix Systems
More Information available at http://www.sans.org/CDI03Austin

SANS CDI 2003- New Orleans
New Orleans, LA - January 13-18, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 2: Firewalls, Perimeter Protection, and VPNs
Track 3: Intrusion Detection In-Depth
Track 4: Hacker Techniques, Exploits, and Incident Handling
Track 5: Securing Windows
Track 7: Auditing Networks, Perimeters and Systems
Reverse-Engineering Malware: Tools and Techniques Hands-On
Vendor Expo
More Information available at http://www.sans.org/CDI03NewOrleans

SANS CDI 2003 - San Antonio
San Antonio, TX - January 25-30, 2003
Track 3: Intrusion Detection In-Depth
Track 8: System Forensics, Investigations, and Response
Track 9: Information Security Officer Training
More Information available at http://www.sans.org/CDI03SanAntonio

SANS Darling Harbour 2003
Sydney, Australia - February 3-8, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 2: Firewalls, Perimeter Protection, and VPNs
Track 3: Intrusion Detection In-Depth
Track 7: Auditing Networks, Perimeters and Systems
Track 8: System Forensics, Investigations, and Response
More Information available at http://www.sans.org/darlingharbour03

SANS Orlando
Orlando, FL - February 4-9, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body of
Knowledge
Track 3: Intrusion Detection In-Depth
Track 4: Hacker Techniques, Exploits, and Incident Handling
More Information available at http://www.sans.org/orlando

   "Great value - six days of productive gold mining!" Don Cheong,
   Australian Bureau of Statistics

SANS Aloha 2003
Honolulu, HI - February 11-16, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 7: Auditing Networks, Perimeters and Systems
More Information available at http://www.sans.org/aloha03

   "SANS has gathered some of the best instructors in the country to
   teach a curriculum developed by a consensus of the best minds in
   the security industry. What more could any individual or company
   ask for?" Daniel Burhard, Co Biz Inc.

SANS Toronto
Toronto, ON - February 17-22, 2003
Track 3: Intrusion Detection In-Depth
http://www.infopeople.ca/forms/registration.pdf

   "Action packed! A roller coaster ride of IDS Information!" Jonathan
   Van Houten, Research Planning, Inc.

San Diego, CA - March 5-12, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 2: Firewalls, Perimeter Protection, and VPNs
Track 3: Intrusion Detection In-Depth
Track 4: Hacker Techniques, Exploits, and Incident Handling
Track 5: Securing Windows
Track 6: Securing Unix Systems
Track 7: Auditing Networks, Perimeters and Systems
Track 8: System Forensics, Investigations, and Response
Track 9: Information Security Officer Training
Track 10: IT Security Audit Essentials
Track 12: SANS Security Leadership Essentials Bootcamp for Managers
National Information Leadership Conference (NIAL) IV
Reverse-Engineering Malware: Tools and Techniques Hands-On
Wireless Networks (2 Days)
Building a syslog Infrastructure
Securing Windows 2000 Hands-on Training for the Gold Standard
Vendor Expo
ID'Net
More Information available at http://www.sans.org/SANS2003

   "I have had over 1,000 hours of professional training in the
   computer networking field and this is the best vendor neutral
   training I have ever received." Keith Nelson, Deployment
   Technologies

SANS Women in IT Security II
San Diego - March 7-12, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 7: Auditing Networks, Perimeters and Systems
More Information available at http://www.sans.org/womenIT2

   "No room for technical improvement. As far as I'm concerned, SANS
   is the 'Cadillac' of training." Susan Shirley, National Gypsum Co.

SANS Big Apple 2003
New York, NY - March 24-29, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 2: Firewalls, Perimeter Protection, and VPNs
Track 4: Hacker Techniques, Exploits, and Incident Handling
Track 5: Securing Windows
More Information available at http://www.sans.org/bigapple03

   "This was the best overview of security issues I have ever seen. The
   approach of 'here's the attack, here's the defense' was great! I'll
   be back for more." Bob Lombard, SPAWAR SYSCEN

SANS Computer Security Bootcamp 2003
Monterey, CA - June 11-16, 2003
Track 1: SANS Security Essentials Bootcamp & the CISSP Common Body
of Knowledge
Track 2: Firewalls, Perimeter Protection, and VPNs
Track 3: Intrusion Detection In-Depth
Track 4: Hacker Techniques, Exploits, and Incident Handling
Track 5: Securing Windows
Track 7: Auditing Networks, Perimeters and Systems
More Information available at http://www.sans.org/bootcamp03

   "SANS provides people the opportunity to learn from experts in
   their field." Brian Clemson, AT&T

 
- --------------------------------------------
6) Preliminary Call for Papers - Audit & Security Controls That Work
Baltimore Harbor Maryland - April 2003
http://www.sans.org/audittech/cfp.php

There are a few organizations that demonstrate incredible system
administrator to server ratios, sometimes less than a single admin
for a hundred servers and excellent operational efficiencies such as
high uptimes and repeatable builds. They are also head and shoulders
above other organizations in terms of security. They prove beyond a
shadow of doubt that what is good for security is good for operations.
What makes these organizations so good? They have controls in place
that actually work.

We are all facing a bit of an economic downturn, and I think you
will agree that we need to make the most of our budgets and one key
to doing that is to invest in technology that really works. And,
if you can agree with the basic assertion that tools that work as
controls lead to efficiencies of operations and that what is good for
security is good for operations, then we want to be on the lookout
for tools that work well for both prevention and detection.

This is the purpose of the two day technical conference, Audit &
Security Controls That Work. Attendance will be limited to encourage
networking and focus. In addition, this is going to run as a
single track so that everyone can hear all of the presentations.
This is a learning opportunity that is relevant, practical and
respectful designed for people that take audit, governance, security,
management, seriously and have a burning desire to work in a five
nines environment.

The best way to get a seat in the conference is to submit a paper.
This may also be an opportunity for you to jumpstart your career.
Attendance at the technical conference is free if your paper and
presentation are accepted. SANS does not cover travel or hotel for
technical conference speakers, but we can offer you a 25% discount
on any track at the SANS Inner Harbor conference running just after
the technical conference, April 7 - 12.

Read through the following requirements and then send us a brief
proposal (two or three paragraphs) right away. We'll let you know
whether it has a chance of being accepted and that will help you
decide whether to write a complete proposal. Or if you like, just
send a complete proposal.

This call for participation is designed to enhance the value by
ensuring that four policies are met:

1. All presentations focus on actual challenges faced by auditors,
system and network administrators, security professionals, and managers
and then describe the control that has been employed to mitigate or
manage the challenge.
2. All presentations provide practical solutions that can be
implemented immediately; no theory talks.
3. All submissions should be free of vendor bias with the exception
of What Works presentations. What Works presentations are focused,
high quality how-to's that describe commercial, shareware and freeware
tools. This can be one of the most positive ways to "get the word
out". If you are a vendor, or software author and are interested in
presenting a What Works, state this clearly in your proposal.
4. All proposals come directly from the author, no agents accepted.

What's in it for you? Essentially you are entering a competition;
we aren't looking for a large number of talks, we are looking for
quality talks and papers. Being selected conveys an appreciation of
the value you are contributing to the field. That said, you don't have
to be solving the largest problems in order to have your proposals
accepted. In fact, none of us have all the answers, will you share
what works for you?

How to submit a complete proposal:

Send an email to infosans.org with the subject "Audit and Security
Control", on or before January 30, 2003. Include the following items
in your email:

1. Your name, email, phone, fax, employer, and surface mail address
2. The title of your proposed presentation
3. The length of your proposed presentation (50 minute presentation
or 2 hour short course). Be certain to include:
 a. The specific challenges or problems that the presentation will
 help the audience solve.
 b. The approach you used including any specific tools you created
 or used
 c. The evidence you have that proves that your approach works well
 and can be used by other people.

We are looking for top quality talks on tools and techniques and how to
implement them. In addition, we are looking for prospective writers to
develop their material into an advanced SANS training track after this
first presentation. Here are a few topics that may give you ideas.

- - What are the top three security controls that provide the best ROI
and IT audit results.

- - Auditing techniques that work - what should the auditors be looking
for? What tools should they be using? How should they deliver the
results to get the best impact from management?

- - Developing an internal IT Audit Team - Tight budgets don't allow
for regular IT audit. How can this function be developed internally?
What skill sets are needed? What tools should be used? How do you
identify audit areas?

- - Audit remediation strategies. We got the audit results, now how do
we fix all those problems?

- - Intrusion Prevention is a hot buzzword in marketing, do you have a
solution that works? We are interested in your approaches to balance
preventative controls, detection, reaction and repair.

- - One of the keys to efficiency is being able to operate systems
in a known state. We are interested in process and technology that
support repeatable builds for operating systems, allow for rollback
when problems are discovered after testing, approaches to allow for
testing of systems at a time when Microsoft and other vendors are
releasing multiple updates per month. We would also love to hear
from administrators that have managed to integrate a patch management
program in a four or five nines (99.99 or 99.999%) uptime environment.

- - Vulnerability reports are numerous, but also vague. We would love to
hear from organizations with a process to identify which vulnerability
reports apply to them and how they prioritize them.

- - Technology to support Human Resources when they have to deal with
inappropriate system or network use and preventative controls to
reduce the number of these cases.

And of course, the most important topic is the one you have been
thinking about! If you have any questions, please send email to
infosans.org, with the subject line Security and Audit Controls.

Thank you!

Michele Guel - Chair Audit & Security Controls That Work

Advisory Board
Alan Paller - Director of Research - The SANS Institute
Gene Kim - CTO Tripwire
Stephen Northcutt - Director of Training - The SANS Institute
Scott Weil - What Works Juror - The SANS Institute

- ---------------

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.

Unsubscribing will take you off any news bulletin lists for NewsBites
or Security Alert Consensus as well as any conference information
notes.

You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+ASGb+LUG5KFpTkYRAtkLAJ9QSviCp37biWkr6L07ldA+iKoCDwCcDgYZ
vcg8US0SGCK+7uyvhiUrgKw=
=xHqU
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]