- SANS Training/Education
- SANS Training/Education - General Info
- SANS and GIAC - How they fit together
- SANS Account Dashboard
- SANS Web Site
CISSP members can fill in their CISSP ID# when they register for conference training and SANS will submit a request to CISSP for the attendee to receive credit for SANS CPEs earned.
If you participated in training other than conference training, such as the Mentor Program, SANS OnDemand or vLive!, you may logon to your account and download a copy of your certificate of completion. CPEs are not awarded for recertification.
SelfStudy students can obtain a Certificate of Completion when the corresponding SANS OnDemand Bundle or GIAC certification exam attempt has been successfully completed. When the OnDemand Bundle is not available for a SelfStudy course, downloading all course mp3 files is the requirement for obtaining the SelfStudy Certificate of Completion. To obtain a SelfStudy Certificate of Completion, you must email firstname.lastname@example.org.
You earn 1 CPE credit for ISC2 per hour of SANS training. A conference usually lasts 6 days for 6 hours a day, which would be 36 credits. Students can earn CPE credits through the Mentor Program, Securing The Human, vLive!, OnDemand, Onsite, and Conferences.
SANS will submit CPE credits to ISC2 if you enter your CISSP# when registering.
Job-Based (Long) Courses
These courses address a range of skill sets including entry level information security and broad based security essentials, as well as advanced subject areas like audit, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and Windows and Unix operating system security.
- Audit 410 :: IT Security and Control Essentials
- Audit 507 :: Auditing Networks, Perimeters, and Systems
- Legal 523 :: Legal Issues in Information Technology and Information Security
- Management 411 :: SANS 17799/27001 Security & Audit Framework
- Management 414 :: SANS +S Training Program for the CISSP Certification Exam
- Management 512 :: SANS Security Leadership Essentials for Managers with Knowledge Compression
- Management 525 :: Project management and Effective Communications for Security Professionals and Managers
Security 301 :: Introduction to Information Security
- Security 401 :: SANS Security Essentials Bootcamp Style
- Security 502 :: Perimeter Protection In-Depth
- Security 503 :: Intrusion Detection In-Depth
- Security 504 :: Hacker Techniques, Exploits and Incident Handling
- Security 505 :: Securing Windows
- Security 506 :: Securing Unix/Linux
- Security 542 :: Web App Penetration Testing and Ethical Hacking
- Security 560 :: Network Penetration Testing and Ethical Hacking
- Security 617 :: Assessing and Securing Wireless Networks
- Forensic 408 :: Computer Forensic Essentials
- Forensic 508 :: Computer Forensic Investigations and Incident Response
- Forensic 610 :: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Skill-Based (Short) Courses
Skill-based courses address a specific skill set in audit, legal, management and security.
- Audit 305 :: Technical Communication and Presentation Skills for Security Professionals
- Audit 429 :: IT Security Audit Essentials Bootcamp
- Audit 440 :: 20 Critical Security Controls: Planning, Implementing, and Auditing
- Audit 521:: Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant
- Developer 532 :: Essential Secure Coding in ASP.NET
- Developer 541 :: Secure Coding in Java/JEE: Developing Defensible Applications
- Developer 544 :: Secure Coding in .NET: Developing Defensible Applications
- Forensic 526 :: Advanced Filesystem Recovery and Memory Forensics
- Management 305 :: Technical Communication and Presentation Skills for Security Professionals
- Management 404 :: Fundamentals of Information Security Policy
- Management 421 :: SANS Leadership and Management Competencies
- Management 438 :: How to Establish a Security Awareness Program
- Management 442 :: Information Security Risk Management
- Security 434 :: Log Management in-Depth: Compliance, Security, Forensics, and Troubleshooting
- Security 464 :: Hacker Detection for Systems Administrators with Continuing Education Program
- Security 517 :: Cutting-Edge Hacking Techniques
- Security 531 :: Windows Command-Line Kung Fu In-Depth for Info Sec Pros
- Security 546 :: IPv6 Essentials
- Security 550 :: Information Reconnaissance: Competitive Intelligence and Online Privacy
- Security 569 :: Combating Malware in the Enterprise: Practical Step-by-
- Security 577 :: Virtualization Security Fundamentals
- Security 580 :: Metasploit Kung Fu for Enterprise Pen Testing
Certificates of attendance for webcasts can be found by clicking on "My Webcasts" under "Account Details" on your account dashboard.
Certificates of attendance for webcasts can be found by clicking on "My Webcasts" under "Account Details" on your account dashboard.
Once an individual has earned GIAC Silver Certification, an option will appear in their Account Dashboard (https://www.sans.org/account/) to apply for GIAC Gold. This option will only be available for as long as the individual maintains a valid GIAC Silver Certification. The individual has to maintain their GIAC Silver Certification while working on their GIAC Gold Certification. To apply for GIAC Gold Certification, an individual must complete the application form in the Account Dashboard. The more initial information that is provided, the more likely it can be accepted promptly. Once the concept is accepted, the individual will need to pay the registration fee and will be contacted by their assigned GIAC Gold Adviser within 5 business days to begin setting the path to completion. The complete timeframe to complete the technical paper is six months.
SANS Training provides a core set of educational courses designed to help you master the practical steps necessary for defending your systems and networks against the most dangerous threats - the ones being actively exploited. The courses were developed through the community consensus of hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and the in-depth technical aspects of the most crucial areas of information security. SANS Training courses can be taken on their own, or to help you prepare for the GIAC Certifications.
Please see our SANS Course Map at http://www.sans.org/sanscourses.php
Please see our list of SANS Courses at http://www.sans.org/courses/
The URL for the SANS Technology Institute is http://www.sans.edu
Can I transfer a SANS course and GIAC Certification into the Master's program of SANS Technology Institute?
SANS courses and GIAC Certifications that are related to the curriculum of the SANS Technology Institute's Master's Degree program can be grandfathered into the Master's program provided that the GIAC Certification is current and the related Silver exam scores average 80 or higher. In addition, as an important prerequisite to admission to the Master's Program, applicants must already hold a current GIAC Gold Certification (written paper) in at least one major Certification related to the Master's curriculum with related Silver exam scores averaging 80 or higher.
The courses are designed to be taken either independently, or in series. Students can take individual courses to focus on specific areas of interest or responsibility. Or, courses can be taken sequentially, to provide a progressive education in information security, from basic concepts to in-depth technical knowledge.
No. SANS Security Essentials is a good starting point if you are new to security, or if you want a broad overview of security topics as opposed to focusing on a specific technology, but it is not a prerequisite. Students are free to take any courses in any order that they like.
The method that is best for you will depend on a number of factors, including time, cost, and how you learn best. Some students prefer conferences because the material is presented live, in a short period of time, and you can interact directly with an instructor to ask questions. Some prefer online training because it is convenient and you can work at your own pace, though it takes discipline to make the time in your schedule to learn the material. Others prefer the Mentor Sessions as they are smaller classes; taught at a slower pace and in a local setting.
SANS OnDemand is the world's leading provider of e-learning for information security professionals. With OnDemand you can access more than 40 SANS courses whenever and wherever you want from your PC/laptop (Windows, Mac, and UNIX) or iPad. You can read more at: http://www.sans.org/ondemand/
For the motivated student who enjoys working independently we offer the SANS SelfStudy program. Students receive SANS course books (and CDs when applicable) and online access to MP3 files of SANS' world-class instructors teaching the material. You can read more at: http://www.sans.org/selfstudy/
SANS vLive allows you to attend SANS courses from the convenience of your home or office. Simply log in at the scheduled times and join your instructor and classmates in an interactive virtual classroom. You can read more at: http://www.sans.org/vlive
Mentor classes offer live training over the course of several weeks so there is no need to travel outside your local area. You can read more at: http://www.sans.org/mentor/about or contact email@example.com.
SANS offers both National and Regional Conferences which may feature additional evening talks, Vendor expo and lunch activities and the networking opportunity with many other attendees.
Community SANS takes the exact same content you would get at conferences on the road to your local community. The size of the class is smaller (approximately 20 people). With this live, local training you may have little to no travel time or costs, offering you more value for your training budget.
Community SANS events offer their own advantages (smaller class vs. more people, lower travel/hotel cost vs. additional activities) and of course schedule or travel can sometimes be the determining factor. These community events feature fully trained SANS instructors who are real world practitioners. The events are held in various locations around the world and offer you the opportunity to network with professionals from your own local community.
These are Mentor lead classes at your workplace. Classes usually can be scheduled to work around your organization's needs as they can meet over multiple sessions, days, evenings and even weekends! Visit: http://www.sans.org/mentor/at-work for more information or contact firstname.lastname@example.org.
There are no official prerequisites. However, students should be aware of the technical level of the course they wish to take. Information Security Officer training is intended as an introductory level track for those just getting started in security. SANS Security Essentials is a basic level course, targeted at students who have at least some familiarity with security concepts, networking, and operating system administration. To test your knowledge of TCP /IP see www.sans.org/conference/tcpip_quiz.php.
The SANS Institute is the leading provider of information security training and the trusted source for information security certification and research. Part of the SANS mission is to ensure that information security practitioners in critical organizations have the skills needed to protect national security.
The SANS Partnership Series is an outreach program created to provide highly discounted training to support constituencies that have:
- A clear impact on national security
- Large numbers of information security practitioners
- Budget constraints that limit access to necessary training
Current eligible critical constituencies include:
- Educational Institutions
- State & Local Law Enforcement
- State & Local Government
- Developing Nations/International Partners to the US
The secret to this successful program is cost reduction realized by delivering the courses to large classes (125 or more).
Please visit https://www.sans.org/partnership/ page for a list of classes.
Please visit our https://www.sans.org/partnership/ page for a list of classes.
COINS is the acronym for Community Of Interest for Network Security. It was developed as a way of supporting local professional information and cyber security groups by offering SANS instructors and SANS Content to local InfoSec Chapters all over the U.S and Canada. We support associations like: Information System Security Association (ISSA), Information Systems Audit and Control Association (ISACA) , High Tech Crimes Association (HTCIA), Infragard and others.
We provide you with one of our qualified SANS Instructors that can teach on various topics. For more information on how we can work with your organization. For more information on scheduled training events, go to http://www.sans.org/coins/.
SANS Institute is committed to assisting course participants subject to disabilities. SANS will provide the following at no additional cost to the employers of participants with disabilities: an additional seat in the classroom and an additional set of course materials for Auxiliary Aides and/or the course notes in computer-readable format, as requested by the participant's employer. The employer of the participant shall be responsible for all other costs of any necessary accommodation, including arranging and paying for Auxiliary Aides. The employer may call (301) 654-7267 or email email@example.com to request that SANS Institute make the arrangements for Auxiliary Aides and bill the costs to the employer. It is the responsibility of the employer to confirm with SANS all such arrangements at least four weeks before the course.
You cannot transfer, share or give your self study material to another person. The following is noted when you access your course material through your account.
"Important Notice: By accessing the SANS GIAC online course material, practice tests, exams, and related files, the student agrees to the following.
I understand that my license to use SANS electronic course materials is exclusively for my individual professional development. I will not transfer nor will I allow others to use the course materials or the test questions. I will not use any part of this material for teaching others nor will I incorporate it, nor allow it to be incorporated, in any other training materials or publications, electronic or print, without prior specific written consent of the SANS Institute."
We appreciate your inquiry and you can cut out a paragraph or two at a time from the books but we ask that you don't duplicate full pages of the course material. Please give SANS reference where it is used.
At this point in time we are unable to give out geographical information on certified students. That may change, but for now, it's the case.
GIAC Gold will distinguish itself from the existing exam-only 'GIAC Silver' certification by requiring candidates to complete a technical report covering an important area of security related to the certification the student is seeking. After completing the exams necessary to pass the GIAC Silver certification, students will have the option to pursue the GIAC Gold Certification. Candidates will work closely with an adviser through the process of developing their technical report. Once complete, the technical report will be reviewed for acceptance into the SANS Reading Room and the student earning GIAC Gold. All GIAC certified professionals who previously completed a practical assignment under the old GIAC requirements are already considered GIAC Gold certified.
All credits are submitted as Type A credits.
Bootcamp sessions are evening hands-on sessions that allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Laptops are required.
Bootcamp sessions are optional, but highly recommended, especially for students who are attempting certification. These hands on sessions reiterate what students learn during the day sessions.
Students only need laptops in the evening for the hands-on labs during bootcamp. The 9am to 5pm class is lecture only.
The CISSP Bootcamp is utilized to take the 10 domain quizzes, grade them and then discuss the right and wrong answers. The quizzes are done with pencil and paper. No laptop is required,
The primary difference is that the CISSP focuses on concepts, which is of course essential. GIAC covers concepts, but focuses more on the practical skills needed to apply those concepts on the job. Another difference is that you must be a security professional with a minimum of three years of experience in the field before you are even allowed to sit for the CISSP. There is no experience requirement to sit for any of the GIAC certifications. Additional information on GIAC can be found at the FAQ link, above, or the GIAC home page at http://www.giac.org/.
Here are the instructions for upgrading your iPad to iOS 4.3.
- Connect your iPad to your computer.
- Open iTunes on your computer.
- You should see a message stating that a new iPad software version (4.3) is available.
- If you see this message, click "Download and Update".
- If the message does not appear, click on your iPad under the Devices heading in the left panel of iTunes. Under the Summary tab, click the "Update" button. You will see a message that iTunes will update your iPad to iOS 4.3 and verify the update with Apple. Click the "Update" button.
- In the iPad Software Update window that appears, click Next then agree to the Software License Agreement.
- Wait for the Update process to complete.
- Disconnect your iPad from your computer.
Our courseware is created by our leading instructors and are updated on a regular basis as technology evolves. OnDemand is also proven to be one of the most effective ways for preparing for GIAC certifications ( https://www.giac.org/certifications ).
For a complete list of OnDemand courses available, please visit https://www.sans.org/ondemand/courses.php
If I have a specific question about the materials the instructor is presenting or about the hands-on materials, who can I contact? Will there be accessibility to an instructor via email or phone?
Each class has an OnDemand Subject Matter Expert who the student will have email access to during the course. To contact the OnDemand Subject Matter Expert, please send your questions in an email to firstname.lastname@example.org.
For organizations with multiple employees taking SANS training courses, the SANS Voucher Program is an easy to use, flexible training management solution. Based on the number of anticipated students and investment, you may be eligible to receive, from SANS, bonus funds. Your investment and bonus funds can be used for classroom and online training, and can also be used to purchase GIAC certifications. Visit our Voucher Program page for more details and to contact SANS.
You may substitute another person in your place at any time by e-mailing email@example.com
We do have a policy that if you attend the first day's class and want to switch it can be done on site. It has to be done on the first day but we also allow students to scan the course material at the bookroom to see if it would be a good fit for them to attend later on in the week. The only catch is we cannot switch if a class sells out.
Students should be able to attend based on the information provided from their registration. We no longer send letters of invitation.
I don't want to enter my credit card information on the registration form. Can I call in my credit card payment?
Credit card payments can be made by telephone. First complete the on-line registration form, and select
Credit Card by fax or phone as the payment method. After you receive your invoice number, call (301) 654-SANS (7267) to provide your credit card details.
You will need to contact your credit card company to resolve the issue. We are not given any other information other than whether it is charged or denied.
If your credit memo expires you can no longer use it towards payment of a course. Credit memos must be used by their expiration date.
Place your order and then email firstname.lastname@example.org and ask to have the tax removed. Be sure to include the store order number in the request and do it promptly after placing the order.
E-mail alerts will be sent to you before the conference with registration times, registration locations, and laptop requirements (if applicable). Upon your arrival all you will need to do is check in at the SANS registration desk. To check in you will need to present a photo ID. At the registration desk you will receive your SANS badge, applicable course materials, and information you will need while you are at the conference.
The deadline to add or drop GIAC certification from your SANS conference registration is the last day of the conference. If you decide to add GIAC exams after you register, contact the SANS registration office (email@example.com or 301-654-SANS(7267) ).
We accept credit cards (American Express, MasterCard, Visa, Discover Card and Diners Club), checks, wire transfers, and US & Canadian federal government purchase orders.
It is not a problem with SANS if it is not a problem with the student. Students will have to pay for the entire track and will be given all the course materials for the entire track; but if the student is unable to come the last day or any of the other days, and still wants to participate in the track - that's fine.
Will SANS accept purchase orders other than US federal government and Canadian government purchase orders?
The SANS Institute expects payment in advance for all courses. If you are an employee of the United States federal government or the Government of Canada, you are permitted to submit a valid purchase order or federal training authorization form in advance as your prepayment.
SANS does not accept state, provincial, corporate, or university purchase orders as prepayment for training. Your tuition fee must be paid in advance by check, bank transfer, or credit card. We realize that your organization may still need to use a purchase order internally as part of the payment process. To obtain an invoice for your accounts payable department, please take the following steps:
- Register for your training online. At the end of the registration process, you will be prompted to print your own invoice. Please do this.
- Take the unpaid invoice to your accounts payable department so that they can match the purchase order with this invoice and generate payment to SANS by check, credit card, or bank transfer.
Please remember that SANS must receive your tuition payment prior to the start of your course.
- Go to http://www.sans.org/sans_training.php and select the training you would like to register for.
- Complete the online registration form. (SANS does not take registrations by phone.) Even if you prefer not to submit your payment information online, you should still complete the online form. Offline payment options are available once the online form is completed and you have your invoice number.
- Print your own invoice at the end of the online registration process.
- An immediate e-mail confirmation is sent to you when the registration is submitted properly. If you have not received e-mail confirmation within two business days of registering, please call the SANS Registration office at 301-654-SANS(7267). You may also contact us by e-mail at firstname.lastname@example.org.
- Submit payment for your SANS registration invoice. Please note that SANS requires payment in advance for all training.
Registration fees vary depending on what type of training format you choose, what track/course you choose, location you choose, and when you register & pay. In order to find out how much the track/course fee is you can do one of two things:
- Check the "Tuition Information" section on the web page for the specific location/type of training you chose.
The SANS Work Study Program provides a means for students to attend a SANS conference track at a much reduced rate in exchange for working at the conference and assisting with written technical work. Students are still responsible for any costs associated with food, lodging, and transportation. For information, see http://www.sans.org/training/volunteer.php
You can logon to your Account Dashboard at https://www.sans.org/account/ with your email address that you registered with.
If you do not remember your password, you can use the "Forgot Your Password? Reset Password" to reset it.
Then click onto the "Attendance History" link in the upper right hand corner.
You will be able retrieve a copy of your INVOICE/RECEIPT
Yes, we can fax or email a copy of your invoice. Please send an email to email@example.com, and include your name and invoice number.
SANS and GIAC - How they fit together
No. SANS Training and GIAC Certification are separate programs (though they are related). SANS Training is intended to provide students with the best available education in the key areas of information security. GIAC Certification is designed to provide an objective "benchmark" to show that an individual meets a minimum standard of skill and knowledge, for people who want to demonstrate this ability for themselves, or for a current or prospective employer. Students do not have to take the certification if they take the course, though they have the option to do so.
GIAC certification was developed to help the industry by providing a standard that not only tested theoretical knowledge but also the ability to apply that knowledge in real life. SANS training is organized in tracks that correspond to the various subject areas of the GIAC certification program provides certification in. The training is developed independently from the certification process to ensure that those attending SANS training are well rounded in the area they have chosen to train in, and not just learning how to pass a test.
The GIAC FAQ can be found at http://www.giac.org/about/faq
SANS Account Dashboard
The audio files can be listened to with any MP3 player you choose. Information on WinAmp is available as it tends to be the most popular MP3 player. However, most default installations of the Microsoft Windows operating system include the Windows Media Player (WMP) which will work just as well. It is recommended that you only choose to "stream" the audio if you have a high bandwidth connection to the internet.
Go to the login page at https://www.sans.org/account/login. At the bottom the login page is the "Reset Password" link located by the text "Forgot Your Password?" Click this and follow the directions.
Log into your SANS Account Dashboard at https://www.sans.org/account/. Then click the Study Files link.
I purchased SANS Self Study with Certification or a GIAC Challenge certification. How do I access my Practice Exams that were included as part of my certification package?
There are two ways to access your practice exams. The first is to access the practice exams is to log into your Account Dashboard and click the "Practice Exams" link located next to the "Bookstore Orders" link on your main page. Secondly you can log into your SANS account at https://www.sans.org/account/. Then click the "Bookstore Orders" link. On this page is the following: Practice Exams Click here to access your practice exams.
I can't find my certification exams link or audio files in my account, where are they? Be sure that you are logging on with the email address that you registered with.
Pdf documents are no longer available. Hard copies of the course books were provided to you at the conference or mailed to you for online training. Through your account you'll have access to mp3 recordings (when available) of your course being presented at a recent conference. You can download the mp3s. Some people like to burn these to a CD or put on their Ipod to listen on their commute or while traveling. You'll have access to the mp3s in your account for a six month period.
SANS Web Site
Can I use material from SANS web site or a SANS published work in a dissertation, research paper, or other scholarly work?
You may use SANS copyrighted material in a scholarly work as long as it is properly referenced (you must give the material a footnote or endnote citing SANS and the source). Under US Copyright Law, you do not need permission to include small amounts of copyrighted material in a learning exercise. However, your paper may not be copied for distribution outside your classroom without violating copyright law.
The SANS Training Matrix lists all upcoming conferences and training opportunities. The matrix lists all events down the left side by location/type of training. To the right of the events there is a grid with what tracks/course are offered at that particular event. To get detailed information on an event simply click on the event name/location. To get detailed information on a track/course click the icon in the grid corresponding to the track/course you are interested in. The is a key to the icons on the matrix at: http://www.sans.org/index.php#key
SANS offers several security newsletters and other update mailings designed to keep you informed of both industry security information and SANS training and participation opportunities. To sign up for these updates go to http://www.sans.org/newsletters.
The majority of information on the SANS site is accessible directly from the SANS home page. There are links to all major areas of the site at the top of the page, and a detailed training matrix a little further down on the home page. The training matrix gives easy access to all conference and training information, including: conference locations, tracks/courses offered, course descriptions, hotel and travel information (in applicable), fees, and registration.
There is also a site search engine available in the top right corner of most pages on the SANS web site, the search engine that lets you search the entire SANS web site to locate the information you need.
Information posted at the SANS web site is protected by copyright and is not to be reproduced at other web sites, except where noted otherwise. If you wish to share information from the SANS web site with students, employees or others, you may post or link the URL where the information is found.
Information posted at the SANS web site is protected by copyright and is not to be reproduced without permission. If you working on a book and want to use small quantities of our online material that is properly credited, you may request permission by sending us the pertinent sections of the draft manuscript.
The Information Security Reading Room is a collection of papers that explore in-depth, various areas of computer and information security. This is a community resource that is free to all.
The SANS PGP key is available from either http://www.us.pgp.net or from our local server ( http://www.sans.org/key.txt ).
All information and events that are new to the SANS web site are listed at http://www.sans.org. New training events are also listed on the SANS Training Matrix at http://www.sans.org and are indicated with a "New - Just Added" icon.
By submitting your practical to GIAC, you are giving us the right to post it on our web site. We are also giving you the opportunity to be published. All certified students can find their practicals posted under the appropriate certification listing here: http://www.giac.org/certified_professionals/. Naturally some papers are stronger or hold more community value than others. The best of the papers will also be placed in the Reading Room, although it is mostly made up of GSEC papers. It is an honor to be posted there beyond the listing of all students.
SANS has several projects that you can get involved in, including:
- S.C.O.R.E (http://www.sans.org/score/ )
- Local Mentor Program. Candidates who have taken SANS training and received GIAC certification in their subject are eligible to act as Mentors for their community or within their organization. In designated cities where it has been determined that there is sufficient interest and we are able to locate an available qualified mentor and an acceptable venue, we may choose to form a class. Each class exists only for the duration of the applicable course and usually involves 10 meetings with the mentor and the other students to discuss the material, ask and answer questions, and help each other prepare for certification. If you are interested in becoming a Mentor, please contact Scott Weil at firstname.lastname@example.org
SANS requires the press to submit in a proposal beforehand about the article they wish to write along with proof of credentials. Only writers or editors will be accepted and freelance writers must provide some proof of their assignment on letterhead from the publication's editor. Publishers and salespeople will not be given press passes. Seats are limited and a $500 refundable deposit is required at registration. To receive back your deposit the actual article must be submitted to SANS and feature a direct link to our web site at www.sans.org. Books will not be given with the course but can be purchased at our bookstore. Distribution of press passes are at the discretion of SANS and can be done by contacting Brian Correia either by e-mail at email@example.com or via fax at 703-830-0520.
SANS has many opportunities for vendors to get involved, from conference expositions, to monthly webcasts, newsletters, and more! For full details on all the vendor opportunities SANS has to offer see http://www.sans.org/vendor.
Snort (http://www.snort.org ) is an open-source IDS tool. One of the default Snort rules for identifying bad traffic is:
alert ip any any 127.0.0.0/8 any (msg:"BAD-TRAFFIC loopback traffic"; classtype:bad-unknown; reference:url,rr.sans.org/firewall/egress.php; sid:528; rev:4;)
The "alert ip any any 127.0.0.0/8 any" portion says to generate an alert on IP traffic to or from any 127.x.x.x address. The "msg:" attribute contains the text of the alert. The "reference:" field can contain one or more references to external sites with information about this kind of traffic.
In this case the reference includes the URL to a SANS Reading Room document which contains information about egress filtering on your network.
We have received a number of questions asking why we are attacking folks and it has almost always been the case that the person asking why SANS was attacking them was using the Kerio personal firewall. Kerio appears to use the Snort engine and default rules for their IDS capability. They also seem to be badly mangling the information in this specific signature so you think that they are reporting an attack from SANS.
The correct answer is that someone sent a probe/attack to your IP address and forged the source address to be 127.x.x.x.
If you are getting these attacks/probes at home on a cable/DSL connection, you cannot really do anything to prevent them. Your personal firewall is doing what it should to protect your individual computer. If you are getting these attacks/probes at work, then talk to you network administrators about adding ingress filters to block this traffic.
Several of our instructors are consultants and you can read their bios at: http://www.sans.org/instructors.php
The instructors who are consultants listed on that page are: Chris Brenton, Eric Cole, Jason Fossen, David Hoelzer, Hal Pomeranz, Mike Poor, David Rice, Ed Skoudis, Steve Slater, and Lenny Zeltser
In order to teach for SANS one must first hold an active GIAC certification with an 85% or higher in the class they are interested in leading. Interested applicants can read more and apply by visiting: http://www.sans.org/mentor/teach
BY SUBSCRIBING TO A SANS OR GIAC MAILING LIST YOU AGREE TO ABIDE BY THIS ACCEPTABLE USE POLICY. IF YOU DISAGREE WITH THE TERMS OF THE ACCEPTABLE USE POLICY, YOU MAY IMMEDIATELY UNSUBSCRIBE FROM THE MAILING LIST BY SENDING AN EMAIL TO THE LIST ADMINISTRATOR.
- PURPOSE: The mailing lists provide an open, generally un-moderated environment intended to foster communication, debate, and the advancement of thought.
- TECHNICAL SERVICES PROVIDED THROUGH THE MAILING LIST HOST - E-mail that allows subscribers to communicate with peers throughout the world and engage in group discussions related to relevant security and technical matters.
- SANS LIMITATION OF LIABILITY
- SANS is not responsible for the accuracy or quality of the information obtained through or stored on the system.
- SANS does not assume liability for damages incurred resulting from use of this mailing list.
- DUE PROCESS
- In the event there is an allegation that a subscribed member violated this Acceptable Use Policy, the subscriber will be provided with notice of the alleged violation.
- The list Administrator may terminate account privileges of a member for violations of this Acceptable Use Policy.
- SANS will cooperate fully with local, state, or federal officials in any investigation concerning or relating to any illegal activities conducted through the SANS mailing list and web site.
- Members are responsible for the use of their individual account and should take all reasonable precautions to prevent others from accessing their account. Under no conditions should a user provide their mailing list account password to another person.
- Users will immediately notify the list Administrator if they identify a possible security problem.
- Users will not repost a message received from the mailing list in another forum without permission of the originating author.
- Subscribers will be courteous and respectful of other list members. Use of obscene or inflammatory language will be grounds for removal from the mailing list.
- Subscribers will adhere to the SANS and GIAC Codes of Ethics.
- Subscribers will make an effort to strip excessive email headers or other non-pertinent information prior to either posting a forwarded email, or replying to an email.
- Subscribers will not post any message that attacks the integrity, veracity or dignity, directly or indirectly, of any other subscriber-member.
- Subscribers will not use the list as a venue for airing SANS/GIAC customer service issues. Formal channels exist for resolving day-to-day customer service issues, as well as appeals and complaints, and such matters are not within the scope of this list.
- Subscribers will refrain from posting any of the following forms of personal or restricted data or links to sites with this data:
- Personally Identifiable Information (PII)
- Protected Health Information (PHI) and electronic Protected Health Information (ePHI)
- Credit card data regulated by the Payment Card Industry (PCI)
- Passwords providing access to restricted data or resources
- Sensitive information relating to an ongoing criminal investigation
- Court-ordered settlement agreements requiring non-disclosure
- Information specifically identified as restricted
- Information that would disclose trade secrets and/or proprietary data
- Classified or potentially-classified data
- Other information for which the degree of adverse effect that may result from unauthorized access or disclosure is material.
If you ever want to unsubscribe or change your subscription options (e.g., switch to or from digest mode, change your password, etc.), visit your subscription page.