-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SANS/GIAC Update Version 9
February 22, 2002

Table of Contents:
1) ALERT - GCIA Exam Compromise
2) Call for Participation - ISO 17799 Implementation
3) Audit and Security Controls That Work
4) Call for Participation - Center for Internet Security
5) Stephen's Picks for Great Conference Opportunities
6) New Onsite Courses - Reverse Engineering Malware and Securing Apache
7) Can't get away for six days? SANS Newest Program Can Help
8) FREE WEBCASTS - Wireless Intrusion Detection and also Legal Liability
9) GIAC Announces The First GSE Candidates
10) HIPAA Final Security Rule Summarized

+++

1) ALERT - GCIA Exam Compromise

I regret to report that a training organization in China is copying
slides from the SANS Intrusion Detection in Depth Training and has
illegally and ineptly attempted teaching this material. In addition,
we now have evidence they are circulating past GCIA exam questions
as a part of a GCIA certification exam preparation course.

Each GCIA exam is unique and we are able to determine exactly which
exam was stolen. SANS is conducting analysis to identify who else may
be involved in this ethics violation to ensure that the integrity of
the GCIA remains intact. As our question bank is sizeable, we do not
expect many certifications to come into question. As a reminder, any
holder of a GIAC certification may be asked to retest at any time. It
is likely we will require a small number of recent GCIA professionals
to take a short test to verify their credentials.

We have temporarily removed the GCIA exam challenge testing from our
website (http://www.giac.org/program.php) and may elect to restructure
all challenge testing. In the future, the Director of Certification
for GIAC will consider GCIA challenge candidates individually before
permitting them to attempt the challenge exam. Rest assured this is
being done to verify the intentions of the certification candidates
and the integrity of the testing process, not to limit the possibility
for challenge. Fortunately, the current Intrusion Detection exam has
undergone a total rewrite so we can continue to offer certification
for conference and online students.

Take a moment and think about the damage a lack of ethics did to the
audit profession. We can neither act in an unethical manner nor
tolerate those who do. Technical skill is not enough; information
security professionals must be trustworthy in light of the sensitivity
of the information to which they have access. GIAC has a code of
ethics; if we do not vigorously enforce that code, the certifications
so many have worked so hard to achieve will have no value.

To my friends in China, please be mindful of the fact that the
individual offering this training has not done the field research for
the material he is teaching, and there is no evidence that he or his
organization has any actual experience in the field. He is not equipped
to teach you intrusion detection or incident handling. Access to
stolen questions will not facilitate certification since the entire
exam bank for all certifications is rewritten regularly. What you
need is access to excellent instructors who actually know the material.

Most surprising is the fact that the illegitimate course with
certification ends up costing you more money than you would spend
taking the course through The SANS Institute itself. Clearly,
you would be throwing your money away to seek training through any
organization that has stolen SANS intellectual property, in addition
to forcing GIAC to restrict you from attempting any certification
for a period of years for ethics violations. Quite simply, if a
course is not advertised on www.sans.org it is probably counterfeit.
If you want real training, I suggest that you consider attending SANS
in Hong Kong, April 28 - May 3, 2003, http://www.sans.org/hongkong03/

Regards,

Stephen Northcutt - The SANS Institute
David Hoelzer - GIAC Certification Program

+++

2) Call for Participation - ISO 17799 Implementation

We have received many requests for 17799 training. If there is enough
interest to form a field research team, I would be happy to help
develop a Step-by-Step book using the SANS consensus research process.
If you are interested in participating, please write Stephensans.org

+++

3) Audit and Security Controls That Work Registration Now Open
April 5 - 6, 2003
Sheraton Inner Harbor Hotel
http://www.sans.org/audittech/

NOTE: Audit and Security Controls That Work is not a standard SANS
conference; it is a workshop designed to break into new territory led
by Michele Guel and Gene Kim. We are offering a one-track technical
conference in a workshop setting on how to make auditable controls a
part of your everyday business process. This is not about how to pass
your audit, or get better audit results. Instead, you can be part of
an emerging initiative and learn from forward thinking organizations
that have viewed auditable controls as one of the most important
capabilities in running a secure and efficient IT shop. Attendance
will be limited to 150 people. We are soliciting an audience who is
willing to participate during the workshop, apply what they learn in
the workplace, and share their improvements with others. We hope to
see you there!

+++

4) Call for Participation - Center for Internet Security

If you haven't been to the CIS website lately (www.cisecurity.org)
I recommend it. They continue to turn out wonderful tools to measure
the security settings of computer systems. Working on a CIS team
can be your opportunity to jumpstart your career and contribute to
the community to improve security. Currently they are seeking team
members on projects for SQL Server, Apache, IIS, PIX and CatOS.
If you are interested, contact jbanghartcisecurity.org

+++

5) Stephen's Picks for Great Conference Opportunities

SANS '03, the National Conference in San Diego, is really selling
well and looks like it will be a great show. I am excited about going,
but if there is one disadvantage to a national, it is that the class
sizes can get pretty large.

Colorado Springs, March 30 - April 4
We are offering our Security Essentials plus CISSP CBK training and
our popular Advanced Audit course. This is your opportunity for a
small class. I would guess 35 people or so per class with two great
instructors, David Rice and Ron Ritchey. David was my goto guy
when we were porting track nine to be CompTIA Security + compliant,
and Ron was the strongest author on the Inside Perimeter Security
team. He is one of the reasons that book is the highest rated firewall
book on the shelves. Of course, there is the late spring skiing
at Steamboat Springs, or any of the other 26 resorts in Colorado.
If the train is still running to Pikes Peak that is a blast, or if
you are used to breathing thin air, you can attempt hiking the peak.
Just for grins, I hit orbitz.com to check the prices of some flights:

- From Wash DC Reagan to Colorado Springs Airport $352
Atlanta to Colorado Springs Airport $361
Phoenix, AZ to Colorado Springs Airport $333
San Jose, CA to Colorado Springs Airport $316
NYC to Colorado Springs Airport $389
Dallas TX to Colorado Springs Airport $216

++

New York City, March 24 - 29
The friendliest people on the earth, Security Essentials + CISSP CBK,
Firewalls, Hacker Techniques, and Windows Security- what more could
you ask for? Stay an extra day, practice flagging down taxicabs,
visit Greenwich Village, Times Square, or Little Italy. This one
is selling fast so class sizes will be bigger than Colorado Springs,
but smaller than a national.

++

Baltimore at the Inner Harbor, April 7 - 12
It is too early to estimate how the class sizes are going to run, but
we have a great selection of courses and a special offering. Sondra
Schneider has agreed to teach her Security University course: PKI
Exposed Access, Authentication and Identity, (2003 is the year of
PKI if you haven't heard.) We will also be running a number of
SANS tracks:

SANS Security Essentials Bootcamp and the CISSP Common Body of
Knowledge Firewalls, Perimeter Protection and VPNs Intrusion Detection
In-Depth Hacker Techniques, Exploits and Incident Handling Securing
Windows Auditing Networks, Perimeters and Systems SANS Information
Security Officer Training (CompTIA Security + compliant)

+++

New Onsite Courses
Reverse Engineering Malware and Securing Apache, are both great
courses that can save you money by not having to travel or pay hotel.
http://www.sans.org/onsite/rem.php
http://www.sans.org/onsite/apache.php
See http://www.sans.org/onsite/ for the complete list of onsite
course offerings.

+++

Can't get away for six days? SANS' Newest Program Can Help!

The SANS Local Instructor Program may be coming to you soon. Perhaps
you desire instruction from the best instructors in the world,
but do not want to disrupt your work schedule and family routine by
being gone for seven to eight days. Many of us need to be billing
during the day, but at the same time, we need to acquire new skills
and get certified that we have acquired these skills. The SANS Local
Instructor Program is designed to meet these needs.

Students will meet with a SANS Instructor twice weekly over six
weeks, for a total of 48 instructional hours. Each session will be
four hours long, and will combine lecture/discussion with hands-on
workshops. The courses will be limited to 30 students per class to
make sure students get the individual attention they need. The initial
locations, courses and dates will be:

Location: Starting the week of: SANS Local Instructor: Course:
New York City March 24 Lenny Zeltzer Track 1
Dallas, TX March 24 Becky Pinkard Track 1
Rochester, NY March 24 Daniel Goldberg Track 2
San Jose, CA March 24 Hal Pomeranz Track 6
Chicago, IL March 24 Matt Luellan Track 1
Albuquerque, NM April 14 Jim Herbeck Track 1

The tuition fee for these courses will be the same as for the
conference courses -- $3,145 per student. Students will receive
hard copy text books and SANS on-line courseware, as well as one
certification attempt for the $3,145 tuition fee. The same volume
discounts apply for four or more students from the same organization
registering for the course.

For registration instructions, please contact Scott Weil,
sweilsans.org.

+++

8) FREE WEBCASTS - Wireless Intrusion Detection and also Legal
Liability

Top 3 Attack Tools Threatening Wireless LAN's

The idea for this webcast started when Joshua
Wright, an author of Securing Cisco Routers Step by
Step, the definitive guide for Cisco router security,
(http://store.sans.org/store_category.php?category=consguides),
sent me a URL to a paper he had written. This kid has been doing
field research on a wireless net with a sniffer to observe the
characteristics of various attack tools and techniques. This is
not your standard lame wireless talk, this is the real deal!
I expect this will sell out early, so "Push the Button".
http://www.sans.org/webcasts/030503.php

Legal Liability for Security Breaches - and Minimum Standards of
Due Care

The three high profile security breaches reported in last week's
NewsBites have raised a number of issues. Alan Paller, Director of
Research for SANS has asked top experts Mark Rasch and Hal Pomeranz
to develop a briefing to help SANS customers understand the US legal
liability implications of these events and upcoming trends.

http://www.sans.org/webcasts/022603.php

+++

9) GIAC Announces The First GSE Candidates

The GIAC Security Expert is our highest certification. To be a
candidate one must hold five level II certifications and have
an honors score in at least one of them. The exam is a grueling
combination of essay, multiple choice and hands on work. It lasts
for days. Very few people will ever qualify to even attempt this exam.
Please join me in saluting:

John P. Jenkinson, SAIC
Lenny Zeltser, Consultant

+++

10) HIPAA Final Security Rule Summarized

Steve Weil has just completed summarizing 289 pages of HIPAA
legislation in a 6.5 page word document that we have posted at:
http://www.sans.org/projects/hipaa.php

He did a fantastic job of laying out the issues; it could serve as
an outline for a community consensus research document. If you are
interested in contributing to a short book on Implementing HIPAA Step
by Step, drop me a note, stephensans.org.

Kind Regards,

Stephen Northcutt - The SANS Institute

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+WBcj+LUG5KFpTkYRAr1hAKCYRze05JqmEs8FVRNCJ248v/OkjACeKhkj
V1kubnGcyaZPSQ0wxMgDrSU=
=TC8d
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]