Security Events
SOURCE Conference (Boston & Barcelona)
Showing posts with label Security Training. Show all posts
Showing posts with label Security Training. Show all posts
Tuesday, February 24, 2009
SANSFIRE 2009 in Baltimore, MD
SANS will be in Baltimore, MD for SANSFIRE 2009 on June 13-22 - once
again powered by the Internet Storm Center! We are assembling a program
that will surpass all past SANSFIRE events in terms of courses, talks,
vendor demonstrations, and opportunities for career advancement. At
SANSFIRE 2009 you will be provided with new information about new
threats, and you can acquire the solid foundation in InfoSec that you
need to stay on top of them. Why not choose SANSFIRE 2009 and Baltimore
as the backdrop for your training this summer?
(http://www.sans.org/info/38869 )
The course schedule for SANSFIRE 2009 features a full lineup of SANS
classics in the disciplines of audit, security, management, and legal.
"SANS offers the real-world experience that other training venues
can't." - Tom Boyd, Medco
Turbo-charge your career! Consider one of these BRAND NEW cutting-edge
courses:
- IT Security Audit Essentials Bootcamp (AUD429)
- ITIL Essentials for Security Management (MGT435)
- Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting (SEC434)
- Secure Code Review for Java Web Apps (DEV534)
- Secure Coding in .NET: Developing Defensible Applications (DEV544)
- Developing Exploits for Penetration Testers and Security Researchers (SEC709)
Three NEW Forensics Courses!
- Computer Forensic and E-discovery Essentials (SEC408)
- Network Forensics (SEC558)
- Drive and Data Recovery Forensics (SEC606)
Register early for these best selling courses below to ensure you'll get
a seat!
- Security 401: SANS Security Essentials Bootcamp Style
- Security 504: Hacker Techniques, Exploits & Incident Handling
- Security 560: Network Penetration Testing and Ethical Hacking
- Security 508: Computer Forensics, Investigation, and Response
- Management 512: SANS Security Leadership Essentials for Managers with Knowledge Compression(tm)
- Management 414: SANS(r) +S(tm) Training Program for the CISSP(r) Certification Exam
- Audit 507: Auditing Networks, Perimeters & Systems
- Security 503: Intrusion Detection In-Depth
- Security 610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- Security 301: Intro to Information Security
- Security 501: Advanced Security Essentials - Enterprise Defender - NEW
- Management 525: Project Management and Effective Communications for Security Professionals and Managers
To learn more about all the courses being offered at SANSFIRE 2009,
please visit http://www.sans.org/info/38874. There you will find a large
selection of classic and new courses.
Complete your SANS training experience with a GIAC certification
attempt! Many of our five- and six-day courses offered at SANSFIRE 2009
are associated with a GIAC Certification. Put the skills you'll learn
to practical use and join the thousands of GIAC certified professionals
who make the info sec industry safe! Visit
http://www.giac.org/info/38659 for more information and register for
your certification attempt today!
SANS training is well-known for being relevant and pragmatic. All SANS
instructors are industry leaders and experts who understand the
challenges you face on a daily basis. Their real-world experience
increases the practical value of the course material. Here are some
comments from SANSFIRE 2008 alumni:
"SANS is great about giving me both the knowledge and hands-on
experience needed to truly expand my security abilities and bring that
back to my job." - Brad Moore, A. Teichert & Son, Inc.
In addition to SANS courses held during the day, we offer you evening
events where you can learn about the new Web application honeynet. Come
and discover how to secure your service-oriented architectures and how
to deal with new forms of malware. At the evening talks the Internet
Storm Center incident handlers will provide extraordinary insights into
actual attacks that have taken place over the past year. These special
presentations are free to all registered attendees. You'll learn about
current threats and how the SANS Internet Storm Center can help you in
your fight against these threats. Nothing fosters information sharing
and trust building better than face-to-face meetings like SANSFIRE 2009.
Most of our volunteer incident handlers will be present at this event,
giving you unprecedented opportunities to get to know these fantastic
people.
"This was very good. There is a reason I come to SANS -- to really
learn something. Especially now that you guys do things for the
non-technical." - Pat Reddic, DTRA, another SANSFIRE 2008 alumnus
Classes will be held at the Hilton Baltimore. This full-service, upscale
hotel places you within walking distance of Baltimore's Inner Harbor,
Harborplace and the Gallery, Oriole Park at Camden Yards, and the
National Aquarium in Baltimore. Discounted rates are available for SANS
students, and they include complimentary high-speed Internet in your
guest room. The SANS rate of $197 S/D is available through June 13, so
take advantage of this special offer and make your reservations today!
http://www.sans.org/info/38879
"Getting hands-on experience with the latest tools and having fun
learning gives SANS an edge no other training organization has yet
mastered." - Jason Fowler, UBC
Get the training you need to work better and faster as a security
professional. Start making your training and travel plans now to join
us for SANSFIRE 2009! (http://www.sans.org/info/38869 )
Kind regards,
Stephen Northcutt
President
The SANS Technology Institute, a postgraduate computer security college
**************************
SANS is pleased to announce our new Training and Events Calendar - an
easy way to see what opportunities are available to you during the
coming month! The current calendars are now available for download from
http://www.sans.org/info/7926. For another option, consider SANS' seven
ways to Train Without Travel at: http://www.sans.org/info/28689.
SANS' Webcasts are free live Web broadcasts that allow you to hear a
knowledgeable speaker while viewing presentation slides that you
download in advance. To learn more or to subscribe to our Webcast
calendar go to http://www.sans.org/info/13271.
again powered by the Internet Storm Center! We are assembling a program
that will surpass all past SANSFIRE events in terms of courses, talks,
vendor demonstrations, and opportunities for career advancement. At
SANSFIRE 2009 you will be provided with new information about new
threats, and you can acquire the solid foundation in InfoSec that you
need to stay on top of them. Why not choose SANSFIRE 2009 and Baltimore
as the backdrop for your training this summer?
(http://www.sans.org/info/
The course schedule for SANSFIRE 2009 features a full lineup of SANS
classics in the disciplines of audit, security, management, and legal.
"SANS offers the real-world experience that other training venues
can't." - Tom Boyd, Medco
Turbo-charge your career! Consider one of these BRAND NEW cutting-edge
courses:
- IT Security Audit Essentials Bootcamp (AUD429)
- ITIL Essentials for Security Management (MGT435)
- Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting (SEC434)
- Secure Code Review for Java Web Apps (DEV534)
- Secure Coding in .NET: Developing Defensible Applications (DEV544)
- Developing Exploits for Penetration Testers and Security Researchers (SEC709)
Three NEW Forensics Courses!
- Computer Forensic and E-discovery Essentials (SEC408)
- Network Forensics (SEC558)
- Drive and Data Recovery Forensics (SEC606)
Register early for these best selling courses below to ensure you'll get
a seat!
- Security 401: SANS Security Essentials Bootcamp Style
- Security 504: Hacker Techniques, Exploits & Incident Handling
- Security 560: Network Penetration Testing and Ethical Hacking
- Security 508: Computer Forensics, Investigation, and Response
- Management 512: SANS Security Leadership Essentials for Managers with Knowledge Compression(tm)
- Management 414: SANS(r) +S(tm) Training Program for the CISSP(r) Certification Exam
- Audit 507: Auditing Networks, Perimeters & Systems
- Security 503: Intrusion Detection In-Depth
- Security 610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- Security 301: Intro to Information Security
- Security 501: Advanced Security Essentials - Enterprise Defender - NEW
- Management 525: Project Management and Effective Communications for Security Professionals and Managers
To learn more about all the courses being offered at SANSFIRE 2009,
please visit http://www.sans.org/info/38874
selection of classic and new courses.
Complete your SANS training experience with a GIAC certification
attempt! Many of our five- and six-day courses offered at SANSFIRE 2009
are associated with a GIAC Certification. Put the skills you'll learn
to practical use and join the thousands of GIAC certified professionals
who make the info sec industry safe! Visit
http://www.giac.org/info/38659 for more information and register for
your certification attempt today!
SANS training is well-known for being relevant and pragmatic. All SANS
instructors are industry leaders and experts who understand the
challenges you face on a daily basis. Their real-world experience
increases the practical value of the course material. Here are some
comments from SANSFIRE 2008 alumni:
"SANS is great about giving me both the knowledge and hands-on
experience needed to truly expand my security abilities and bring that
back to my job." - Brad Moore, A. Teichert & Son, Inc.
In addition to SANS courses held during the day, we offer you evening
events where you can learn about the new Web application honeynet. Come
and discover how to secure your service-oriented architectures and how
to deal with new forms of malware. At the evening talks the Internet
Storm Center incident handlers will provide extraordinary insights into
actual attacks that have taken place over the past year. These special
presentations are free to all registered attendees. You'll learn about
current threats and how the SANS Internet Storm Center can help you in
your fight against these threats. Nothing fosters information sharing
and trust building better than face-to-face meetings like SANSFIRE 2009.
Most of our volunteer incident handlers will be present at this event,
giving you unprecedented opportunities to get to know these fantastic
people.
"This was very good. There is a reason I come to SANS -- to really
learn something. Especially now that you guys do things for the
non-technical." - Pat Reddic, DTRA, another SANSFIRE 2008 alumnus
Classes will be held at the Hilton Baltimore. This full-service, upscale
hotel places you within walking distance of Baltimore's Inner Harbor,
Harborplace and the Gallery, Oriole Park at Camden Yards, and the
National Aquarium in Baltimore. Discounted rates are available for SANS
students, and they include complimentary high-speed Internet in your
guest room. The SANS rate of $197 S/D is available through June 13, so
take advantage of this special offer and make your reservations today!
http://www.sans.org/info/38879
"Getting hands-on experience with the latest tools and having fun
learning gives SANS an edge no other training organization has yet
mastered." - Jason Fowler, UBC
Get the training you need to work better and faster as a security
professional. Start making your training and travel plans now to join
us for SANSFIRE 2009! (http://www.sans.org/info/
Kind regards,
Stephen Northcutt
President
The SANS Technology Institute, a postgraduate computer security college
**************************
SANS is pleased to announce our new Training and Events Calendar - an
easy way to see what opportunities are available to you during the
coming month! The current calendars are now available for download from
http://www.sans.org/info/7926. For another option, consider SANS' seven
ways to Train Without Travel at: http://www.sans.org/info/28689
SANS' Webcasts are free live Web broadcasts that allow you to hear a
knowledgeable speaker while viewing presentation slides that you
download in advance. To learn more or to subscribe to our Webcast
calendar go to http://www.sans.org/info/13271
Friday, December 12, 2008
SANS OnDemand Security Times Newsletter
SECURITY TIMES SPECIAL
As a thank you for receiving our SANS OnDemand Security Times
Newsletter, you may take an additional 5% off our listed current
specials through December 26.
For single courses, see http://www.sans.org/info/35939 for our current
offer. Use discount code "T1_add5" for a total of 30% off any OnDemand
course.
For groups or multiple courses, take an additional 5% off our lowest
listed pricing at http://www.sans.org/info/35944.
Check out our Free OnDemand Demos at http://www.sans.org/info/35949
************************************************************************
WHAT'S UPCOMING?
For courses currently being developed in OnDemand, take advantage of our
30% Development Discount. For a full list of upcoming courses, go to
http://www.sans.org/info/35954
************************************************************************
EARN REWARDS POINTS
Receive one OnDemand Reward Point for every dollar that you spend for
SANS OnDemand training, including the OnDemand Bundle. To begin
receiving reward points, visit http://www.sans.org/info/35959
************************************************************************
SECURITY TIP
Whether you are a small Mom & Pop shop or a multinational corporation,
your employees are almost certainly leveraging sites with user generated
content. User generated content sites (e.g. Myspace, Youtube, Facebook,
Craigslist, Blogger, and Flickr) are routinely in the top 20 most
visited websites.
From a numbers perspective, it goes without saying that your
employees/colleagues/superiors, and likely you, are users of these
popular sites. Although the most obvious risk posed by employee usage
of these sites is productivity loss [1], perhaps the more serious risk
is posed by the break-neck speed with which these sites are allowing
active user generated content and applications to flourish [2][3].
Therein lies part of the appeal, but so too, some of the risks. In order
for these sites to be useful, users configure their browsers to allow
this content to run virtually unfettered. However, the risk posed by
active content isn't the point of this article either [4]...
A somewhat less discussed "feature" of sites containing user generated
content is the significant information disclosure posed by users from
your organization. Imagine, if you will, that you were being targeted
by an attacker. Of course, _you_ aren't being targeted, but just bear
with me... Perhaps you have really done a bang up job hardening your
perimeter, patching systems, etc., such that you feel relatively secure
in your overall security program and architecture. If an attacker could
find a trusted insider that was willing to disclose details regarding
the products, programming languages, patch levels, etc., in use at your
organization, could it subvert some of those feelings of security? In
effect, social networking sites are a veritable treasure trove for
attackers wishing to gain this type of intelligence. What's more,
sometimes they are able to gain this information without engaging in
even the most rudimentary of social engineering attacks. For instance,
users with profiles on LinkedIn frequently list their resume, including
both specialties and employers, for the world to see. This and other
information is like gold to an attacker. This type of information,
coupled with attackers armed with information mining tools like Maltego
(i.e., Rapleaf and Spock transforms) can really lower the bar for a
successful targeted attack [5].
Now that the little thought experiment is over, let's think about the
primary assumption - you are being targeted by an attacker. Some of you
fully accept this as a given, but most of you likely dismiss this
without much thought (we are too small, no one has heard of us, why
would anyone come after us). Well, consider that restaurants in West
Monroe, LA (pop. 12,951)[6] were part of a group of restaurants in
Mississippi and Louisiana targeted by a ring of thieves harvesting
credit card numbers [7]. If something as innocuous as a family owned
diner can be targeted for an attack, then certainly any organization can
become a likely target.
The risks associated with websites, in general, and social networking
sites, in particular, are discussed in several SANS courses available
via OnDemand (AUD507, MGT512, SEC401 and SEC502). The social
engineering and reconnaissance exposure made possible by these sites is
explored in SEC560.
For more info on these courses, visit:
AUD507: Auditing Networks, Perimeters & Systems
(http://www.sans.org/link.php?id=1032&mid=6 )
MGT512: SANS Security Leadership Essentials For Managers
(http://www.sans.org/link.php?id=1032&mid=62 )
SEC401: SANS Security Essentials
(http://www.sans.org/link.php?id=1032&mid=61 )
SEC502: Perimeter Protection In-Depth
(http://www.sans.org/link.php?id=1032&mid=17 )
SEC560: Network Penetration Testing and Ethical Hacking
(http://www.sans.org/link.php?id=1032&mid=937 )
Seth Misenar
SANS OnDemand Virtual Mentor
1: "Facebook 'costs businesses dear' " -
http://news.bbc.co.uk/2/hi/technology/6989100.stm
2: More than 33,000 Facebook applications -
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/23/BU7C11TAES.DTL
3: More than 400,000 registered Facebook developers -
http://www.facebook.com/press/releases.php?p=48242
4: "Elaborate Facebook Worm Spreading" -
http://www.techcrunch.com/2008/08/07/elaborate--facebook-worm-virus-spreading/
5: "Maltego Part I - Intro and Personal Recon" -
http://www.ethicalhacker.net/content/view/202/24/
6: U.S. Census Bureau, 2007 Population Estimates -
http://factfinder.census.gov
7: "Attacks Continue on Retail Stores, Restaurants" -
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=211201193
As a thank you for receiving our SANS OnDemand Security Times
Newsletter, you may take an additional 5% off our listed current
specials through December 26.
For single courses, see http://www.sans.org/info/35939 for our current
offer. Use discount code "T1_add5" for a total of 30% off any OnDemand
course.
For groups or multiple courses, take an additional 5% off our lowest
listed pricing at http://www.sans.org/info/35944
Check out our Free OnDemand Demos at http://www.sans.org/info/35949
******************************
WHAT'S UPCOMING?
For courses currently being developed in OnDemand, take advantage of our
30% Development Discount. For a full list of upcoming courses, go to
http://www.sans.org/info/35954
******************************
EARN REWARDS POINTS
Receive one OnDemand Reward Point for every dollar that you spend for
SANS OnDemand training, including the OnDemand Bundle. To begin
receiving reward points, visit http://www.sans.org/info/35959
******************************
SECURITY TIP
Whether you are a small Mom & Pop shop or a multinational corporation,
your employees are almost certainly leveraging sites with user generated
content. User generated content sites (e.g. Myspace, Youtube, Facebook,
Craigslist, Blogger, and Flickr) are routinely in the top 20 most
visited websites.
From a numbers perspective, it goes without saying that your
employees/colleagues/
popular sites. Although the most obvious risk posed by employee usage
of these sites is productivity loss [1], perhaps the more serious risk
is posed by the break-neck speed with which these sites are allowing
active user generated content and applications to flourish [2][3].
Therein lies part of the appeal, but so too, some of the risks. In order
for these sites to be useful, users configure their browsers to allow
this content to run virtually unfettered. However, the risk posed by
active content isn't the point of this article either [4]...
A somewhat less discussed "feature" of sites containing user generated
content is the significant information disclosure posed by users from
your organization. Imagine, if you will, that you were being targeted
by an attacker. Of course, _you_ aren't being targeted, but just bear
with me... Perhaps you have really done a bang up job hardening your
perimeter, patching systems, etc., such that you feel relatively secure
in your overall security program and architecture. If an attacker could
find a trusted insider that was willing to disclose details regarding
the products, programming languages, patch levels, etc., in use at your
organization, could it subvert some of those feelings of security? In
effect, social networking sites are a veritable treasure trove for
attackers wishing to gain this type of intelligence. What's more,
sometimes they are able to gain this information without engaging in
even the most rudimentary of social engineering attacks. For instance,
users with profiles on LinkedIn frequently list their resume, including
both specialties and employers, for the world to see. This and other
information is like gold to an attacker. This type of information,
coupled with attackers armed with information mining tools like Maltego
(i.e., Rapleaf and Spock transforms) can really lower the bar for a
successful targeted attack [5].
Now that the little thought experiment is over, let's think about the
primary assumption - you are being targeted by an attacker. Some of you
fully accept this as a given, but most of you likely dismiss this
without much thought (we are too small, no one has heard of us, why
would anyone come after us). Well, consider that restaurants in West
Monroe, LA (pop. 12,951)[6] were part of a group of restaurants in
Mississippi and Louisiana targeted by a ring of thieves harvesting
credit card numbers [7]. If something as innocuous as a family owned
diner can be targeted for an attack, then certainly any organization can
become a likely target.
The risks associated with websites, in general, and social networking
sites, in particular, are discussed in several SANS courses available
via OnDemand (AUD507, MGT512, SEC401 and SEC502). The social
engineering and reconnaissance exposure made possible by these sites is
explored in SEC560.
For more info on these courses, visit:
AUD507: Auditing Networks, Perimeters & Systems
(http://www.sans.org/link.php?
MGT512: SANS Security Leadership Essentials For Managers
(http://www.sans.org/link.php?
SEC401: SANS Security Essentials
(http://www.sans.org/link.php?
SEC502: Perimeter Protection In-Depth
(http://www.sans.org/link.php?
SEC560: Network Penetration Testing and Ethical Hacking
(http://www.sans.org/link.php?
Seth Misenar
SANS OnDemand Virtual Mentor
1: "Facebook 'costs businesses dear' " -
http://news.bbc.co.uk/2/hi/
2: More than 33,000 Facebook applications -
http://www.sfgate.com/cgi-bin/
3: More than 400,000 registered Facebook developers -
http://www.facebook.com/press/
4: "Elaborate Facebook Worm Spreading" -
http://www.techcrunch.com/
5: "Maltego Part I - Intro and Personal Recon" -
http://www.ethicalhacker.net/
6: U.S. Census Bureau, 2007 Population Estimates -
http://factfinder.census.gov
7: "Attacks Continue on Retail Stores, Restaurants" -
http://www.darkreading.com/
Subscribe to:
Posts (Atom)
Posts
