To help you get 2003 off to a strong start, SANS has five gifts for you
that we hope will be of value in improving security for your employers
and your clients. The gifts include webcasts, weekly digests, research
papers, and policy assistance all designed to be immediately useful:

1. Top Ten SysLog Signs You Have Been Hacked (Webcast)
2. The Top Twenty Internet Security Vulnerabilities - Stage Two:
Advanced Guidance On How To Eliminate Them From Your Systems (Webcasts)
3. Weekly Updates Of The Newest Critical Vulnerabilities And How To
Fix Them
4. One Thousand Three Hundred Original Research Papers from Security
Practitioners, Plus Twenty-Five Security Vendor White Papers
5. Security Policy Templates - with new updates

Each of the gifts is described below along with pointers to get to
them. Between the gift descriptions, separated by lines of asterisks
(****), you'll also find notes about important upgrades to some of
our courses, conferences, and books.

Gift 1. Web Broadcast Wednesday, January 8, 2003 at 1 PM EST (1800 UTC)
Top Ten SysLog Signs You Have Been Hacked

Nearly every system administrator knows how important it is to
monitor logs for hacker activities, but very few can decipher the
cryptic coding systems used in the logs, and even fewer know exactly
what they hope to find. In this authoritative web cast, Tina Bird
of Stanford University (previously with Counterpane) provides the
type of guidance that can usually be found only in SANS courses.
Tina will take you through ten specific (and common) attacks and show
you exactly what would have been recorded in the logs.
To register:
http://www.sans.org/webcasts/010803.php
You'll find more information on monitoring logs in the logging section
of the SANS Reading Room: http://www.sans.org/rr/logging/

********* SANS Security Education Tracks Upgraded To Hands On *********

SANS courses are by far the highest rated programs in security
education, but students had one frequent request: hands-on exercises
during classes that let them know whether they have mastered
the material. Beginning next week, January 12, 2003, every SANS
full-week track includes integrated hands-on exercises. Just bring
your laptop along to the classes. In the first quarter of 2003 alone,
SANS offers 39 five- or six-day, hands-on security training tracks on
topics ranging from the basics that every security practitioner must
know to survive, to the most advanced intrusion detection, auditing,
firewalls, and hacker exploits programs. You'll find them in 11
cities in 3 countries. The schedule is posted at http://www.sans.org

If you are uncertain which program to attend, you'll find the largest
selection of courses, the largest tools exposition, the most SANSNIGHT
programs, and the National Information Assurance Leadership Conference
all held in conjunction with SANS 2003 Annual Conference in San Diego
in early March. That's also the home of the second Women in Security
conference. See http://www.sans.org

***********************************************************************

Gift 2: The Top Twenty Internet Security Vulnerabilities - Stage Two:
Advanced Guidance On How To Eliminate Them From Your Systems (Webcasts)

On October 2, 2002, the FBI, SANS, the US General Services
Administration, the US Office of Cyber Security in the White House
and that office's counterpart organizations in the UK and Canada
jointly announced a consensus list of the top 20 Internet Security
vulnerabilities (http://www.sans.org/top20). As a result, thousands
of user organizations have searched for these vulnerabilities and
attempted to eliminate them. But it's often more difficult to
rid your systems of these vulnerabilities than we all would like.
For organizations that are serious about making their Windows and
UNIX systems safe, SANS offers six-day, in-depth, hands on courses
to teach precisely how to make Windows and UNIX installations secure
(Tracks 5 and 6, see http://www.sans.org for schedule).

We recognize that many people cannot come to SANS courses, so
we asked our top Windows teacher and our top UNIX teacher to
develop short courses (60-90 minutes) to provide guidance just
on the Top 10 Windows and Top 10 UNIX vulnerabilities. The
Windows program is scheduled for February 5. Details
and registration at http://www.sans.org/webcasts/020503.php
The UNIX program will be scheduled shortly, and we'll email you
with details.

********* New: A Step-by-Step Guide To Securing Oracle ************
           (and also one for Securing Cisco Routers)

After nearly a year of collaboration involving Oracle security experts
from more than six different countries, SANS is pleased to announce
the imminent availability of the 270 page definitive guide to securing
Oracle databases. There is nothing like it anywhere. "If you have
an Oracle database, you don't want to deploy it if you haven't read
this book." Even the Oracle engineers have spoken highly of it.

It will be back from the printer in two weeks. Pre-publication you'll
be able to order it for $49.95 instead of the regular $99.95. Or, if
there are several people at your department who need it, you may buy a
departmental license for the PDF for $299 instead of the regular $499.
And for large organizations such as government agencies and large
corporations, you may buy an organization-wide PDF license for $1,800
instead of the regular $2,995. These pre-publication prices end on
January 31, 2003.

Order at the SANS Online Bookstore at http://store.sans.org/. At that
site you'll also find Step By Step guides for securing Cisco IOS,
Solaris, Windows 2000, Windows NT, and for Incident Handling and
Disaster Recovery.

***********************************************************************

Gift 3. Weekly Updates Of Critical Vulnerabilities And How To Fix Them

Dozens of organizations pay $6,000 per year per administrator for
access to real-time information on new vulnerabilities. SANS cannot
provide that level of service, but we can provide weekly summaries
of similar vulnerability information. With the help of Tipping
Point, Neohapsis, Cisco, and fifteen large user organizations,
we distribute (nearly every Monday morning) a list of the three to
eight newly discovered vulnerabilities that can do real harm, what
systems they impact, how they can be countered and (something that
no other service offers) what the fifteen user organizations have
already done to protect themselves. It's called the CVA (Critical
Vulnerability Analysis) and you can get it for free by registering
at http://www.sans.org/newsletters/

That's also where you can register for SANS other free email digests
- Newsbites that summarizes the top twenty news stories each week,
and the Security Alert Consensus that provides a complete list of all
new vulnerabilities - not just the critical ones covered in the CVA.

***** Security Training, In Your City, Without Time Off From Work *****

One of the pleasant surprises in security training has been the
enormous success and great ratings students have given the Local
Mentor program. This program combines SANS online training program
with a series of weekly meetings -- in the evenings or week-ends --
led by a local mentor who has gotten great scores on the related
GIAC certification exams. You take the course on line, but then you
meet regularly with your mentor group (usually 7 to 20 people) where
you discuss the material, get questions answered, and work through
the exercises. The mentor also helps you get an effective start on
your practical, which is required for certification. You really get
to know the other students and develop a support group of security
professionals in your city. You may even sponsor a SANS local mentor
program exclusively for employees of your organization. SANS has
scheduled sixty of these programs to begin in cities across the US
and in several other countries - just in the next 60 days.

***********************************************************************

Gift 4: One Thousand Three Hundred Original Research Papers from
Security Practitioners, Plus Twenty-Six Security Vendor White Papers

Looking for carefully researched information on some aspect of
security? Try the SANS Reading Room. Every month, more than 100
new original research reports are submitted to the SANS Reading
Room. Today, it holds more than 1,300 papers on 65 topics. And as
a new feature, we maintain continually updated list of the 25 most
popular papers. More than 35,000 security professionals use the
Reading Room every week. You'll find it at http://www.sans.org/rr/
and you can use the search feature to find papers discussing topics
of interest (such as applications or vendors).

To complement the Reading Room, every six months we create a roadmap
to tools and services in security and invite security vendors to post
research white papers that they have prepared. Most of the papers
are quite good, sometimes written by independent researchers and
sometimes by the vendor staff. Sadly, a few are just marketing fluff.
You'll find a form to request the white papers and the new Roadmap
to Security Tools at http://www.sans.org/tools.php

* Audit and Security Controls That Work, Baltimore Harbor, April 5, 6 *

Admission to Audit and Security Controls That Work is free, but
only if you submit a paper and it is accepted. We hope to make this
one of the most important initiatives of 2003. A few organizations
demonstrate incredible server-to-system-administrator server ratios,
sometimes more than a hundred servers per system administrator,
along with excellent operational efficiencies such as high uptimes
and repeatable builds. Those organizations are also head and shoulders
above others in terms of security. They demonstrate that what is good
for security is good for operations.

Why are these organizations so good? They have controls in place that
actually work. Gene Kim and Stephen Northcutt have been searching for
these outstanding organizations and individuals and have found some
that know how to build an IT infrastructure that is better than most.
These in-the-trenches experts have agreed to share the lessons they
have learned in a workshop setting largely because it gives them a
chance to interact with others who have similarly useful solutions.
If you are interested in being part of this program, submit a
paper. The Call for Papers is at: http://www.sans.org/audittech/cfp.php

Best In Class Security Tools
Since many controls are based on protective and detective tools, as
part of the "Tools that Work" project we have been running surveys
to determine which tools that you use and like. Most of the results
were no surprise. You use Checkpoint Firewall One and Cisco Pix for
your perimeter defense; ISS, Nessus and Nmap for your vulnerability
scans; Snort, ISS and Cisco for intrusion detection. A number of
you mentioned that you are evaluating solutions for other security
challenges ranging from patch management, email content monitoring,
to VPNs, to endpoint security management, to security awareness, to
security policy enforcement and PKI. If you rely on a tool in these
areas or others that made your life better and your organization more
secure and/or more efficient, and you are willing to write a paragraph
about it telling us the problem it solved, about what it cost to buy,
how much time it takes to run it weekly for an organization with how
many people, and send that paragraph to securitytoolssans.org we will
compile them post them, as appropriate, on our web page. Be sure to
include your contact information and organization. We will only post
your name and organization, but cannot accept entries without phone,
address and email contact information.

***********************************************************************

Gift 5: Security Policy Templates - with new updates

Sharing solutions to common problems is a hallmark of the SANS
community and nowhere is this sharing more apparent than in SANS
Security Policy Templates. You can pay a consulting firm tens of
thousands of dollars for policies or just find the ones you need
from the SANS Policy Project. The project has compiled 25 separate
policy templates ranging from Acceptable Use Policy to Wireless
Communication Policy. They are all available for your use at
http://www.sans.org/resources/policies/

And as a bonus, just this week, we added a set of forms for trade
secret, copyright, trademark and service mark types of incidents to
the forms we provide for incident handling. Many organizations are
struggling to deal with intellectual property theft and these forms
can help guide you through the rocks and shoals.
They are posted at http://www.sans.org/incidentforms/.

===

That's it for now. We'd love to have your feedback on any of these
programs or resources, and if you have developed resources that can be
useful to others and want to share them with the SANS community, please
let us know. Write us at the SANS Research Office sansrosans.org.

All of us at SANS hope you and your families have a healthy, safe,
and prosperous 2003.

To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number or email
address (from the headers.) You will receive your personal URL
via email. Unsubscribing will take you off any news bulletin lists
for Newsbites or Security Alert Consensus as well as any conference
information notes.

You may also email <sanssans.org> with complete instructions and your
SD number for subscribe, unsubscribe, change address, add other digests,
or any other comments.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]