From: The SANS Institute (sanssans.org)
Date: Fri Jun 06 2003 - 16:10:07 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SANS and GIAC Update
Edition 11

This is the eleventh status and update report we've sent since January
2000 and is packed with data that will help you get more value from SANS
and GIAC. We've included a number of calls for volunteers. SANS is a
community where we work to beat the bad guys through consensus projects.
This is your opportunity to help make a difference.

Be sure to also review the list of worldwide training opportunities
included in this note. Maybe even print it out and leave it on your
manager's desk! SN

Topics Covered
        
1) Security Awareness Program
2) Vendor Tools Survey
3) NIAL V
4) The Center for Internet Security Seeks Volunteers
5) Law Enforcement Volunteers Sought
6) SANS on GSA Advantage
7) Reading Room Revamped
8) PDA Security Update Project
9) Preliminary Call for Papers - Best Operational Practice for Security
   Devices
10) ISO 17799 Research Project Update
11) Worldwide Training Opportunities

1) Security Awareness Program

A good Security Awareness Program helps you secure your IT resources -
one user at a time. A broad base of informed employees is the most
cost-effective way to mitigate all the Internet risks that exist for
today's businesses. Many government and private sector organizations
already require security awareness training for all employees.

The trick is to build a great awareness program. If you have followed
the SANS mailings since Y2k, you know we have tried a couple of times
and never felt we had a product that we could be proud of. They say
the third time is the charm and we are ready to begin the beta phase of
SANS Security Awareness Training. The training is delivered via the
web. Real life stories illustrate the do's and don'ts of basic security
awareness and quiz questions are integrated to reinforce key concepts.
To receive information on SANS Security Awareness when the project is
released to the public please visit: http://www.sans.org/awareness/

2) Vendor Tools Survey

SANS attempts to always be vendor neutral, but we cannot do work without
tools. While our courseware covers a number of free tools, there are
situations where commercial tools are needed. This online survey is the
result of a number of paper surveys given at SANS conferences. If you
will take a minute to run through it and rate the number one tool in
each category that applies to you, that would be very valuable to us at
SANS, it will help us know where to focus our training efforts. It will
also be valuable to everyone that participates since they will receive
the results once the survey is complete, so that you will know what
tools your peers are using. Thank you to everyone that read to the
bottom of Update Edition 10 and provided feedback on how we could
improve the survey.

Visit http://portal.sans.org/surveys/tools.php to complete the tools
survey.

3) NIAL V

The National Information Assurance Leadership Conference is designed to
meet the unique needs of Information Assurance Leaders in the
government, military and private industry.

The two-day symposium is taught by the leaders of Information Security
and is being held in conjunction with SANSFIRE 2003.

There are still spaces available at NIAL V in Washington, DC, July 21
and 22. Take a look at the line up of speakers and agenda for this
year's meeting. http://www.sans.org/sansfire03/nial.php

The Capitol Hilton's discounted room rate will be in effect until June
20th.

4) The Center for Internet Security Seeks Volunteers

The members of The Center for Internet Security have recently decided
to proceed with the development of two new Unix related benchmarks:
Sendmail and FreeBSD. Based on recent survey results, these two items
ranked as being very much on the minds of Unix security administrators
everywhere.

To help facilitate the development of the benchmarks, CIS is looking
for people with expertise in these areas to join the consensus effort.
Whether you are a Sendmail or FreeBSD guru, or have a spare system or
two you can test on, your time and knowledge would be greatly
appreciated.

For more information concerning CIS, please visit their website at
http://www.cisecurity.org. The Center is always looking for qualified
and motivated people to participate in any of our teams.

If you have questions, or would like find out more about joining one of
the development teams, please email John Banghart,
jbanghartcisecurity.org.

5) Law Enforcement Volunteers Sought

SANS is seeking volunteers to support the development of an "Interfacing
with Law Enforcement FAQ" as part of this year's Cyber Defense
Initiative (CDI). The resulting brief document will help security
personnel, including information security officers, incident handlers,
and others, sort out the issues associated with dealing with law
enforcement. Incident handlers are often unaware of the legal and
tactical issues that arise in dealing with law enforcement. Some
security people are even intimidated at the thought of dealing with
these important authorities. This FAQ aims to dispel these concerns
and encourage solid interaction between the private sector and law
enforcement. The FAQ will include a variety of questions, such as:

- When might I want to call law enforcement for support?
- When must I call law enforcement?
- Should I call Federal, State, or Local authorities?
- What are law enforcement's goals in a cyber crime case?
- How does calling in law enforcement change the methods I can use in
my own investigation?

SANS needs volunteers from both inside of law enforcement and in the
private sector to collaborate on rounding out this list of questions
and devising answers. If you'd like to volunteer, please send e-mail
to lawfaqsans.org.

6) SANS on GSA Advantage

SANS is now available through GSA for all US Federal government
organizations. You will find by using GSA that you can now purchase
SANS training and GIAC certification through an easy to use procurement
process instead of spending large amounts of time putting together
purchase orders. Our contract number is GS-35F-0221N and is available
on our conference & on-line training and GIAC certification. For more
information please go to www.gsaadvantage.gov or contact our tuition
office at tuitionsans.org.

7) Reading Room Revamped

We were pleased to unveil a completely revised and updated SANS Infosec
Reading Room, with over 1000 quality white papers on almost 70 different
topics. We've added several new categories such as HIPAA, Does
Certification Matter?, Windows .NET, Book Reviews, and a Special Papers
category for featured papers. The new SANS Reading Room also contains
a much asked for list of the last 25 papers added, and a newly updated
Top 25 list of the most popular papers as well as a new peer rating
system. Want to participate in the rating? Just read a paper, then add
your vote. Papers are now posted as PDF files for easy printing, reading
and searching, so come check it out at http://www.sans.org/rr

8) PDA Security Update Project

Portable handheld devices such as Personal Digital Assistants (PDA's)
and SmartPhones are becoming more and more common in business and
personal use. Widespread deployment of these devices throughout
organizations means we should each examine our security policy and audit
procedures to ensure we have done a risk assessment for threat vectors
including:

- Malicious Code
- Physical Access, especially if the device is lost or misplaced
- Over the Air Attack
- Eavesdropping or Interception of Communications
- Denial of Service

There is an existing audit checklist available at:
http://www.sans.org/score/handheldschecklist.php

But it was designed for PDAs two generations ago and needs to be
updated. Also, there are a number of white papers available in the
reading room: http://www.sans.org/rr/catindex.php?cat_id=41

We really need to produce an up to date set of policies for
organizations to use. Eric Maiwald from Bluefire Security and author
of "Security Planning and Disaster Recovery," "Network Security: A
Beginner's Guide" has agreed to take a lead role in the project. If
you have recommendations for improving the SCORE checklist, or have
sample policies or checklists you are willing to contribute to the
project, please send email to pdasans.org.

NOTE: We are going to collect the email for about a week and try to
process in one shot so please be patient with us.

9) Preliminary Call for papers - Best Operational Practice for Security
    Devices

Why does everyone have to follow the rules for deploying computer and
network devices except security? I was addressing an interagency
meeting of bank regulators and I asked two questions. Are you allowed
to use free, or non-supported software in your banks. Every head nodded
no. I then asked, who runs Nessus as a vulnerability scanner, about a
third of the audience raised their hands. It is completely
understandable, Nessus is a very good tool, but if the rule is no
unsupported software, how do they run it and in banking environments no
less? Let me share two more examples related to firewalls and intrusion
detection systems and then let's see if we can make progress on finding
ways to improve.

If you are interested enough to read this call for papers, your
organization almost certainly has a firewall. How do you handle
patches for the firewall? When you change the firewall ruleset, what
level of documentation is kept to understand the reason for the new
rule? In most organizations, there is no change control for firewalls,
no roll back, to ability to re-provision an operating system/firewall
application/rule set from a known good state in a couple of minutes
instead of attempting to troubleshoot.

Intrusion detection systems are often run by the security department.
How are patches handled, log management, changes to the rule set. Is
the IDS based on the core operating system? Bill Shinn, presented a
partial solution to running an IDS in an manner that is sensitive to
good operational practice at the Audit and Security Controls that Work
project last May in Baltimore. It is posted at :
http://www.sans.org/rr/audittech/Bill_Shinn_WP.pdf

For that matter, have you even installed an appliance device on your
network and wondered just what, exactly, is under the hood?

This Preliminary Call for Papers can also be considered a test for
interest. If there was a small (no more than 75 attendees with 35 - 50
considered optimal), two day, workshop on Best Operational Practice for
Security Devices would you be interested in attending? And of course
there can't be a workshop if there is not content. SANS is looking for
about a dozen authors that have found solutions, partial solutions, or
tried approaches that did not work that are willing to share. If this
topic sounds important enough to you that you are willing to attend or
participate, please drop us a note to BOPSsans.org. SANS is interested
in discussing talk topics, hearing your suggestions, understanding some
of the largest problem areas and also knowing who would benefit from
attending. Please note that I am going to collect responses for about
10 days so that when we get back with you we will have considered
everyone's input before we start replying, so be patient with us, we
will respond to everyone!

10) ISO 17799 Research Project Update

The goal of the project is to help provide the "how to", to support the
various 7799 implementations. The researchers on the project felt that
the material divides well into 6 books, or days if the final product is
taught as a course. Volunteers are working in groups on each of the
books. Book 1 is by far the most complete. I have been reviewing it
this weekend and hope to have a hardcopy draft available for review by
SANSFIRE. Book 5 is in need of the most help. Let me share the very
high level, major themes only, outline the community has developed,
because I find the topics fascinating.

Book 5: The key process areas at Level 5 cover the issues that address
continuous improvement of methods for developing security competency,
at both the organizational and the individual level. They are:

- Personal security competency development
- Coaching
- Continuous workforce security innovation
- Security Awareness Program

If you have any experience with continuous workforce security
innovation, or even continuous innovation in a different subject area,
I would love to hear from you. Please drop me a line: Stephensans.org

11) Worldwide Training Opportunities

SANS continues to expand our training opportunities around the world.
The list below is long, but we encourage you to take a few moments to
look it over. If you don't see a class near you, please visit
http://www.sans.org as we are constantly adding class locations. You
can even define your own locations through our Onsite and Mentor
Programs.

Onsite Classes
SANS On-Site Training is a cost-effective alternative to our conferences
for organizations that are looking at training 25 individuals or above
(35 outside of US and Canada) in the same class. Our on-site training
provides about a 25-45% discount off our catalog prices while saving as
much as $50,000 in travel expenses.

SANS onsite training offers:
- The same top-notch instructors that teach at the SANS major
conferences.
- The ability to discuss issues that might not be discussed in a public
class.
- The convenience of having your staff in close proximity
- The freedom for them to be home at night.
- Flexibility in scheduling training on both weekdays and weekends
- Opportunities for satellite office to interface in one location.
For more information please go to http://www.sans.org/onsite/ or contact
Barbara Basalgete at bbasalgetesans.org.

Local Mentor Program
For organizations that cannot release personnel from work for longer
than a couple of hours each week, but still want personalized SANS
training, the SANS local mentor program offers the flexibility of our
online program along with hands-on mentor-led interaction through
sessions where students can try the exercises, discuss the material,
ask and answer questions, and help each other prepare for certification.
Local mentors are individuals who have completed SANS training and
received GIAC certification with honors. Each class exists only for
the duration of the applicable course and usually involves 10 meetings
with the mentor and the other students. For more information please go
to http://www.sans.org/onlinetraining/mentor or contact Scott Weil
at sweilsans.org

--------------------------------------------
National Conferences
--------------------------------------------
SANSFIRE 2003 - Washington, DC -Jul 14-19, 03
http://www.sans.org/sansfire03
 - T1: SANS Security Essentials Bootcamp and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T6: Securing Unix
 - T7: Auditing Networks, Perimeters and Systems
 - T8: System Forensics, Investigations, and Response
 - T9: SANS Security +S
 - T12: SANS Security Leadership Essentials for Managers
 - Securing Windows 2000 Hands-on Training for the Gold Standard
 - Reverse-Engineering Malware: Tools and Techniques - Hands-on
 - Securing Apache
 - Business Law and Computer Security
 - Honeypots: Tracking Hackers
 - SANSNight
 - Vendor Expo
National Information Assurance Leadership (NIAL) Conference V -
Washington, DC -Jul 21-22, 03
http://www.sans.org/sansfire03/nial.php
 - Featuring talks by: Alan Paller, Ed Skoudis, Ryan Barnett, Richard
 Bejtlich, Richard Clarke, Ron Gula, Chad Harrington, Gene Kim, Eric
 Cole, David Rice, Ron Ritchey, Marty Roesch, Glen Sharlun, and Marcus
 Sachs

--------------------------------------------
Eastern US Conferences:
--------------------------------------------
SANS Peachtree 2003
http://www.sans.org/peachtree03/
Atlanta, GA -Jun 02-07, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains - SOLD OUT
 - T7: Auditing Networks, Perimeters and Systems

SANS .NET - Tysons Corner
http://www.sans.org/dn_tysons03/
Vienna, VA -Jul 24, 03
 - Special: SANS Windows .NET

SANS Virginia Beach 2003
http://www.sans.org/virginiabeach03/
Virginia Beach, VA -Aug 24-29, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T4: Hacker Techniques, Exploits and Incident Handling

SANS New England 2003
http://www.sans.org/newengland03/
Boston, MA -Sep 15-20, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T7: Auditing Networks, Perimeters and Systems
 - Vendor Expo

SANS New York 2003
http://www.sans.org/newyork03/
New York, NY -Oct 09-14, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T7: Auditing Networks, Perimeters and Systems
 - T8: System Forensics, Investigations, and Response

SANS Triangle Park 2003
http://www.sans.org/trianglepark03/
Raleigh, NC -Oct 13-18, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth

--------------------------------------------
Central US Conferences
--------------------------------------------
SANS Business Law - Dallas 2003
http://www.sans.org/bl_dallas03/
Dallas, TX -Jun 26, 03
 - Special: Business Law & Computer Security

SANS Rocky Mountain 2003
http://www.sans.org/rockymountain03/
Denver, CO -Aug 14-19, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T8: System Forensics, Investigations, and Response
 - Vendor Expo
 
--------------------------------------------
Western US Conferences
--------------------------------------------
SANS Computer Security Bootcamp 2003
http://www.sans.org/bootcamp03/
Monterey, CA -Jun 11-16, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T7: Auditing Networks, Perimeters and Systems
 - Vendor Expo

SANS Golden Gate 2003
http://www.sans.org/goldengate03/
San Francisco, CA -Jun 18-23, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains - SOLD OUT
 - T12: SANS Security Leadership Essentials for Managers

SANS Los Angeles 2003
http://www.sans.org/losangeles03/
Los Angeles, CA -Sep 29-Oct 04, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T9: SANS Security +S
 - Vendor Expo

--------------------------------------------
European Conferences:
--------------------------------------------
SANS Parliament Square 2003
http://www.sans.org/hammersmith03/
London, U.K. -Jun 23-28, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits and Incident Handling
 - T5: Securing Windows
 - T7: Auditing Networks, Perimeters and Systems

SANS Spain
http://www.sans.org/spain03/
Madrid, ES -Sep 08-13, 03
 - T3: Intrusion Detection In-Depth
 - T7: Auditing Networks, Perimeters and Systems

SANS Amsterdam 2003
http://www.sans.org/amsterdam03/
Amsterdam, NL -Oct 27-Nov 01, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 - T4: Hacker Techniques, Exploits and Incident Handling
 
--------------------------------------------
Australian Conferences
--------------------------------------------
SANS Down Under 2003
http://www.sans.org/downunder03/
Melbourne, AUS -Jul 28-Aug 02, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T7: Auditing Networks, Perimeters and Systems

--------------------------------------------
Canadian Conferences
--------------------------------------------
SANS Parliament Hill 2003
http://www.sans.org/parliamenthill03/
Ottawa, ON -Aug 11-16, 03
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls Perimeter Protection and VPNs
 _ T7: Auditing Networks, Perimeters and Systems

--------------------------------------------
Online Offerings
--------------------------------------------
SANS e-Symposium on Enterprise Infrastructure Protection
http://www.sans.org/esymposium2003/
 - October 7, 2003 on the World Wide Web
 
Instructor Led Online Training
http://www.sans.org/onlinetraining/ilot/
 - ILOT V: Track 4 July 22 - August 28

Online Training
http://www.sans.org/onlinetraining/
 - T1: SANS Security Essentials and the CISSP 10 Domains
 - T2: Firewalls, Perimeter Protection, and VPNs
 - T3: Intrusion Detection In-Depth
 - T4: Hacker Techniques, Exploits, and Incident Handling
 - T5: Securing Windows
 - T6: Securing Unix
 - T9: SANS Information Security Officer Training
 - Gold Standard Security Benchmark Training: Securing Windows 2000
 - Securing Microsoft's IIS 5.0
 - E-Money and E-Commerce
 
--------------------------------------------
Local Mentor Program
http://www.sans.org/onlinetraining/mentor/
--------------------------------------------
Track 1: SANS Security Essentials and the CISSP 10 Domains
 - June 4 Grand Rapids, MI
 - June 12 Boca Raton, FL
 - June 21 Raleigh, NC
 - June 24 Rochester, NY
 - June 24 Honolulu, HI
 - June 24 Detroit, MI
 - June 26 Harrisburg, PA
 - June 30 San Diego, CA

Track 2: Firewalls, Perimeter Protection and VPNs
 - June 11 Brisbane, AU
 - June 17 St. Louis, MO
 - June 17 Boston, MA
 - June 19 Singapore
 - June 25 Allentown, PA

Track 5: Securing Windows
 - June 24 Calgary, AB
 - May 3 Atlanta, GA
 - May 3 Kenosha, WI
 - May 10 Savage, MN
 - May 13 Huntsville, AL
 - May 14 Boston, MA
 - June 30 Wilmington, DE

Securing Windows 2000 - The Gold Standard
 - June 14 Okemos, MI
 - June 25 Fullerton, CA

--------------------------------------------

To change your subscription, address, or other information, visit
http://portal.sans.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]