Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: The SANS Institute (sans_at_sans.org)
Date: Sun Feb 23 2003 - 01:36:02 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hash: SHA1

    SANS/GIAC Update Version 9
    February 22, 2002

    Table of Contents:
    1) ALERT - GCIA Exam Compromise
    2) Call for Participation - ISO 17799 Implementation
    3) Audit and Security Controls That Work
    4) Call for Participation - Center for Internet Security
    5) Stephen's Picks for Great Conference Opportunities
    6) New Onsite Courses - Reverse Engineering Malware and Securing Apache
    7) Can't get away for six days? SANS Newest Program Can Help
    8) FREE WEBCASTS - Wireless Intrusion Detection and also Legal Liability
    9) GIAC Announces The First GSE Candidates
    10) HIPAA Final Security Rule Summarized


    1) ALERT - GCIA Exam Compromise

    I regret to report that a training organization in China is copying
    slides from the SANS Intrusion Detection in Depth Training and has
    illegally and ineptly attempted teaching this material. In addition,
    we now have evidence they are circulating past GCIA exam questions
    as a part of a GCIA certification exam preparation course.

    Each GCIA exam is unique and we are able to determine exactly which
    exam was stolen. SANS is conducting analysis to identify who else may
    be involved in this ethics violation to ensure that the integrity of
    the GCIA remains intact. As our question bank is sizeable, we do not
    expect many certifications to come into question. As a reminder, any
    holder of a GIAC certification may be asked to retest at any time. It
    is likely we will require a small number of recent GCIA professionals
    to take a short test to verify their credentials.

    We have temporarily removed the GCIA exam challenge testing from our
    website (http://www.giac.org/program.php) and may elect to restructure
    all challenge testing. In the future, the Director of Certification
    for GIAC will consider GCIA challenge candidates individually before
    permitting them to attempt the challenge exam. Rest assured this is
    being done to verify the intentions of the certification candidates
    and the integrity of the testing process, not to limit the possibility
    for challenge. Fortunately, the current Intrusion Detection exam has
    undergone a total rewrite so we can continue to offer certification
    for conference and online students.

    Take a moment and think about the damage a lack of ethics did to the
    audit profession. We can neither act in an unethical manner nor
    tolerate those who do. Technical skill is not enough; information
    security professionals must be trustworthy in light of the sensitivity
    of the information to which they have access. GIAC has a code of
    ethics; if we do not vigorously enforce that code, the certifications
    so many have worked so hard to achieve will have no value.

    To my friends in China, please be mindful of the fact that the
    individual offering this training has not done the field research for
    the material he is teaching, and there is no evidence that he or his
    organization has any actual experience in the field. He is not equipped
    to teach you intrusion detection or incident handling. Access to
    stolen questions will not facilitate certification since the entire
    exam bank for all certifications is rewritten regularly. What you
    need is access to excellent instructors who actually know the material.

    Most surprising is the fact that the illegitimate course with
    certification ends up costing you more money than you would spend
    taking the course through The SANS Institute itself. Clearly,
    you would be throwing your money away to seek training through any
    organization that has stolen SANS intellectual property, in addition
    to forcing GIAC to restrict you from attempting any certification
    for a period of years for ethics violations. Quite simply, if a
    course is not advertised on www.sans.org it is probably counterfeit.
    If you want real training, I suggest that you consider attending SANS
    in Hong Kong, April 28 - May 3, 2003, http://www.sans.org/hongkong03/


    Stephen Northcutt - The SANS Institute
    David Hoelzer - GIAC Certification Program


    2) Call for Participation - ISO 17799 Implementation

    We have received many requests for 17799 training. If there is enough
    interest to form a field research team, I would be happy to help
    develop a Step-by-Step book using the SANS consensus research process.
    If you are interested in participating, please write Stephensans.org


    3) Audit and Security Controls That Work Registration Now Open
    April 5 - 6, 2003
    Sheraton Inner Harbor Hotel

    NOTE: Audit and Security Controls That Work is not a standard SANS
    conference; it is a workshop designed to break into new territory led
    by Michele Guel and Gene Kim. We are offering a one-track technical
    conference in a workshop setting on how to make auditable controls a
    part of your everyday business process. This is not about how to pass
    your audit, or get better audit results. Instead, you can be part of
    an emerging initiative and learn from forward thinking organizations
    that have viewed auditable controls as one of the most important
    capabilities in running a secure and efficient IT shop. Attendance
    will be limited to 150 people. We are soliciting an audience who is
    willing to participate during the workshop, apply what they learn in
    the workplace, and share their improvements with others. We hope to
    see you there!


    4) Call for Participation - Center for Internet Security

    If you haven't been to the CIS website lately (www.cisecurity.org)
    I recommend it. They continue to turn out wonderful tools to measure
    the security settings of computer systems. Working on a CIS team
    can be your opportunity to jumpstart your career and contribute to
    the community to improve security. Currently they are seeking team
    members on projects for SQL Server, Apache, IIS, PIX and CatOS.
    If you are interested, contact jbanghartcisecurity.org


    5) Stephen's Picks for Great Conference Opportunities

    SANS '03, the National Conference in San Diego, is really selling
    well and looks like it will be a great show. I am excited about going,
    but if there is one disadvantage to a national, it is that the class
    sizes can get pretty large.

    Colorado Springs, March 30 - April 4
    We are offering our Security Essentials plus CISSP CBK training and
    our popular Advanced Audit course. This is your opportunity for a
    small class. I would guess 35 people or so per class with two great
    instructors, David Rice and Ron Ritchey. David was my goto guy
    when we were porting track nine to be CompTIA Security + compliant,
    and Ron was the strongest author on the Inside Perimeter Security
    team. He is one of the reasons that book is the highest rated firewall
    book on the shelves. Of course, there is the late spring skiing
    at Steamboat Springs, or any of the other 26 resorts in Colorado.
    If the train is still running to Pikes Peak that is a blast, or if
    you are used to breathing thin air, you can attempt hiking the peak.
    Just for grins, I hit orbitz.com to check the prices of some flights:

    - From Wash DC Reagan to Colorado Springs Airport $352
    Atlanta to Colorado Springs Airport $361
    Phoenix, AZ to Colorado Springs Airport $333
    San Jose, CA to Colorado Springs Airport $316
    NYC to Colorado Springs Airport $389
    Dallas TX to Colorado Springs Airport $216


    New York City, March 24 - 29
    The friendliest people on the earth, Security Essentials + CISSP CBK,
    Firewalls, Hacker Techniques, and Windows Security- what more could
    you ask for? Stay an extra day, practice flagging down taxicabs,
    visit Greenwich Village, Times Square, or Little Italy. This one
    is selling fast so class sizes will be bigger than Colorado Springs,
    but smaller than a national.


    Baltimore at the Inner Harbor, April 7 - 12
    It is too early to estimate how the class sizes are going to run, but
    we have a great selection of courses and a special offering. Sondra
    Schneider has agreed to teach her Security University course: PKI
    Exposed Access, Authentication and Identity, (2003 is the year of
    PKI if you haven't heard.) We will also be running a number of
    SANS tracks:

    SANS Security Essentials Bootcamp and the CISSP Common Body of
    Knowledge Firewalls, Perimeter Protection and VPNs Intrusion Detection
    In-Depth Hacker Techniques, Exploits and Incident Handling Securing
    Windows Auditing Networks, Perimeters and Systems SANS Information
    Security Officer Training (CompTIA Security + compliant)


    New Onsite Courses
    Reverse Engineering Malware and Securing Apache, are both great
    courses that can save you money by not having to travel or pay hotel.
    See http://www.sans.org/onsite/ for the complete list of onsite
    course offerings.


    Can't get away for six days? SANS' Newest Program Can Help!

    The SANS Local Instructor Program may be coming to you soon. Perhaps
    you desire instruction from the best instructors in the world,
    but do not want to disrupt your work schedule and family routine by
    being gone for seven to eight days. Many of us need to be billing
    during the day, but at the same time, we need to acquire new skills
    and get certified that we have acquired these skills. The SANS Local
    Instructor Program is designed to meet these needs.

    Students will meet with a SANS Instructor twice weekly over six
    weeks, for a total of 48 instructional hours. Each session will be
    four hours long, and will combine lecture/discussion with hands-on
    workshops. The courses will be limited to 30 students per class to
    make sure students get the individual attention they need. The initial
    locations, courses and dates will be:

    Location: Starting the week of: SANS Local Instructor: Course:
    New York City March 24 Lenny Zeltzer Track 1
    Dallas, TX March 24 Becky Pinkard Track 1
    Rochester, NY March 24 Daniel Goldberg Track 2
    San Jose, CA March 24 Hal Pomeranz Track 6
    Chicago, IL March 24 Matt Luellan Track 1
    Albuquerque, NM April 14 Jim Herbeck Track 1

    The tuition fee for these courses will be the same as for the
    conference courses -- $3,145 per student. Students will receive
    hard copy text books and SANS on-line courseware, as well as one
    certification attempt for the $3,145 tuition fee. The same volume
    discounts apply for four or more students from the same organization
    registering for the course.

    For registration instructions, please contact Scott Weil,


    8) FREE WEBCASTS - Wireless Intrusion Detection and also Legal

    Top 3 Attack Tools Threatening Wireless LAN's

    The idea for this webcast started when Joshua
    Wright, an author of Securing Cisco Routers Step by
    Step, the definitive guide for Cisco router security,
    sent me a URL to a paper he had written. This kid has been doing
    field research on a wireless net with a sniffer to observe the
    characteristics of various attack tools and techniques. This is
    not your standard lame wireless talk, this is the real deal!
    I expect this will sell out early, so "Push the Button".

    Legal Liability for Security Breaches - and Minimum Standards of
    Due Care

    The three high profile security breaches reported in last week's
    NewsBites have raised a number of issues. Alan Paller, Director of
    Research for SANS has asked top experts Mark Rasch and Hal Pomeranz
    to develop a briefing to help SANS customers understand the US legal
    liability implications of these events and upcoming trends.



    9) GIAC Announces The First GSE Candidates

    The GIAC Security Expert is our highest certification. To be a
    candidate one must hold five level II certifications and have
    an honors score in at least one of them. The exam is a grueling
    combination of essay, multiple choice and hands on work. It lasts
    for days. Very few people will ever qualify to even attempt this exam.
    Please join me in saluting:

    John P. Jenkinson, SAIC
    Lenny Zeltser, Consultant


    10) HIPAA Final Security Rule Summarized

    Steve Weil has just completed summarizing 289 pages of HIPAA
    legislation in a 6.5 page word document that we have posted at:

    He did a fantastic job of laying out the issues; it could serve as
    an outline for a community consensus research document. If you are
    interested in contributing to a short book on Implementing HIPAA Step
    by Step, drop me a note, stephensans.org.

    Kind Regards,

    Stephen Northcutt - The SANS Institute

    Version: GnuPG v1.2.1 (GNU/Linux)

    -----END PGP SIGNATURE-----