SANS FAQ

General

 

What is the SANS Institute?

The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. The SANS Institute enables more than 165,000 security professionals, auditors, system administrators, and network administrators to share the lessons they are learning and find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. See http://www.sans.org/about.php for more information.

 

Is SANS hiring?

The SANS Institute, a high-tech education company is looking for an experienced education administrator. Ability to manage the Dean's calendar, document the educational process, write course descriptions and related educational collateral are requirements of the job. Must be detail oriented, accurate, skilled with Microsoft office, work well with others in a virtual environment, self starter and disciplined as much of the work is done from your home office. Please be prepared to show examples of previous work in accreditation, outcomes and assessment, or self assessment. Please send resumes in the body of the e-mail to alanpaller@sans.org and do not send attachments.

SANS Training/Education:

 

What are Job-based and Skill-based courses?

Job-Based (Long) Courses

These courses address a range of skill sets including entry level information security and broad based security essentials, as well as advanced subject areas like audit, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and Windows and Unix operating system security.

• Audit 410 :: IT Security and Control Essentials
• Audit 507 :: Auditing Networks, Perimeters, and Systems
• Legal 523 :: Legal Issues in Information Technology and Information Security
• Management 411 :: SANS 17799/27001 Security & Audit Framework
• Management 414 :: SANS +S Training Program for the CISSP Certification Exam
• Management 512 :: SANS Security Leadership Essentials for Managers with Knowledge Compression
• Security 301 :: Introduction to Information Security
• Security 401 :: SANS Security Essentials
• Security 502 :: Perimeter Protection In-Depth
• Security 503 :: Intrusion Detection In-Depth
• Security 504 :: Hacker Techniques, Exploits and Incident Handling
• Security 505 :: Securing Windows
• Security 506 :: Securing Unix/Linux
• Security 508 :: Computer Forensics, Investigation and Response
• Security 542 :: Web App Penetration Testing and Ethical Hacking
• Security 560 :: Network Penetration Testing and Ethical Hacking
• Security 610 :: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
• Security 617 :: Assessing and Securing Wireless Networks

Skill-Based (Short) Courses

Skill-based courses address a specific skill set in audit, legal, management and security.

• Audit 521:: Meeting the Minimum Standard for Protecting Credit Card and other Private Information PCI CISP: The Visa Digital Dozen
• AUDIT 528 :: Java Quality Assurance, Security Testing and Auditing
• Legal 412 :: Contracting for Data Security & Other Technology
• Legal 413 :: Law of Fraud and IT as an Instrument of Crime
• Legal 417 :: Legal Issues in Information Technology: InfoSec
• Security 531 :: Windows Command-Line Kung Fu In-Depth for Info Sec Pros
• Security 533 :: Windows PowerShell
• Security 550 :: Power Search with Google
• Security 553 :: Metasploit for Penetration Testers
• Security 650 :: FAT File System Forensics
• Developer 422 :: Web Application Security Essentials

 

Can I get a certificate of attendance for a webcast I attended?

Certificates of attendance for webcasts are not currently available. We hope to have them available through portal accounts soon.

 

How can I prove that I attended the webcasts as I need to show proof of attendance for CISSP?

Certificates of attendance for webcasts are not currently available. We hope to have them available through portal accounts soon.

 

How do I apply for the Gold certification?

Once an individual has earned GIAC Silver Certification, an option will appear in their Portal ( https://portal.sans.org ) account to apply for GIAC Gold. This option will only be available for as long as the individual maintains a valid GIAC Silver Certification.The individual has to maintain their GIAC Silver Certification while working on their GIAC Gold Certification. To apply for GIAC Gold Certification, an individual must complete the application form in the Portal account. The more initial information that is provided, the more likely it can be accepted promptly. Once the concept is accepted, the individual will need to pay the registration fee and will be contacted by their assigned GIAC Gold Adviser within 5 business days to begin setting the path to completion. The complete timeframe to complete the technical paper is six months.

 

What is SANS Training?

SANS Training provides a core set of educational courses designed to help you master the practical steps necessary for defending your systems and networks against the most dangerous threats - the ones being actively exploited. The courses were developed through the community consensus of hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and the in-depth technical aspects of the most crucial areas of information security. SANS Training courses can be taken on their own, or to help you prepare for the GIAC Certifications.

 

What SANS Training tracks/courses are available?

Please see our SANS Course Map at http://www.sans.org/sanscourses.php

 

Where can I find information about the SANS Masters Programs?

The URL for the SANS Technology Institute is http://www.sans.edu

 

Can I transfer a SANS course and GIAC Certification into the Master's program of SANS Technology Institute?

SANS courses and GIAC Certifications that are related to the curriculum of the SANS Technology Institute's Master's Degree program can be grandfathered into the Master's program provided that the GIAC Certification is current and the related Silver exam scores average 80 or higher. In addition, as an important prerequisite to admission to the Master's Program, applicants must already hold a current GIAC Gold Certification (written paper) in at least one major Certification related to the Master's curriculum with related Silver exam scores averaging 80 or higher.

 

How do the tracks/courses relate to each other?

The courses are designed to be taken either independently, or in series. Students can take individual courses to focus on specific areas of interest or responsibility. Or, courses can be taken sequentially, to provide a progressive education in information security, from basic concepts to in-depth technical knowledge.

 

Do I have to take SANS Security Essentials courses before I take any Subject Area courses?

No. SANS Security Essentials is a good starting point if you are new to security, or if you want a broad overview of security topics as opposed to focusing on a specific technology, but it is not a prerequisite. Students are free to take any courses in any order that they like.

 

Of the different methods to take SANS training, which one is best?

The method that is best for you will depend on a number of factors, including time, cost, and how you learn best. Some students prefer conferences because the material is presented live, in a short period of time, and you can interact directly with an instructor to ask questions. Some prefer online training because it is convenient and you can work at your own pace, though it takes discipline to make the time in your schedule to learn the material. Others prefer the Mentor Sessions as they are smaller classes; taught at a slower pace and in a local setting.

 

Are there any prerequisites for the courses?

There are no official prerequisites. However, students should be aware of the technical level of the course they wish to take. Information Security Officer training is intended as an introductory level track for those just getting started in security. SANS Security Essentials is basic level course, targeted at students who have at least some familiarity with security concepts, networking, and operating system administration. Tracks 2 & 3 assume that the student has a working knowledge of the technology in question and a firm grasp of TCP/IP. To test your knowledge of TCP /IP see www.sans.org/conference/tcpip_quiz.php.

 

What is the SANS Partnership Series?

The SANS Institute is the leading provider of information security training and the trusted source for information security certification and research. Part of the SANS mission is to ensure that information security practitioners in critical organizations have the skills needed to protect national security.

The SANS Partnership Series is an outreach program created to provide highly discounted training to support constituencies that have:

1) A clear impact on national security 2) Large numbers of information security practitioners 3) Budget constraints that limit access to necessary training

Current eligible critical constituencies include:

- Educational Institutions - State & Local Law Enforcement - State & Local Government - Developing Nations/International Partners to the US

The secret to this successful program is cost reduction realized by delivering the courses to large classes (125 or more).

“The OnSite program allowed many of our members to attend that have had restrictions on out of state travel. Additionally, all who attended appreciated the lower cost of hotel and other amenities compared to the larger cities where SANS events are hosted.” - Randy Raw, Manager, Network Security, University of Missouri.

"Security Awareness, Training and Education are still the best-return-on-investment for your security program and SANS is the strategy to meet that goal/objective…We hope to continue to offer this type and level of training not just for UGA, but 'outside the ARCH' both regionally and nationally." - Stan Gatewood, UGA Chief Information Security Officer.

Please visit https://www.sans.org/partnership/ page for a list of classes.

 

What is the Upcoming Schedule for the Partnership Series?

Please visit our https://www.sans.org/partnership/ page for a list of classes.

 

What is COINS?

COINS is the acronym for Community Of Interest for Network Security. It was developed as a way of supporting local professional information and cyber security groups by offering SANS instructors and SANS Content to local InfoSec Chapters all over the U.S and Canada. We support associations like: Information System Security Association (ISSA), Information Systems Audit and Control Association (ISACA) , High Tech Crimes Association (HTCIA), Infragard and others.

We provide you with one of our qualified SANS Instructors that can teach on various topics. For more information on how we can work with your organization. For more information on scheduled training events, go to http://www.sans.org/coins/.

 

How does the OnSite training work?

SANS OnSite Training is a cost-effective alternative to our conferences. If your organization has 25 or more people (35 or more outside of the US) who have similar training needs, then consider SANS training at your facility. Our OnSite training offers about a 20-35% discount off our conference fees per student while saving approximately $50,000 in travel expenses for 25 students. For more information see, http://www.sans.org/onsite.

 

How does SANS handle the visually impaired or deaf?

SANS Institute is committed to assisting course participants subject to disabilities. SANS will provide the following at no additional cost to the employers of participants with disabilities: an additional seat in the classroom and an additional set of course materials for Auxiliary Aides and/or the course notes in computer-readable format, as requested by the participant's employer. The employer of the participant shall be responsible for all other costs of any necessary accommodation, including arranging and paying for Auxiliary Aides. The employer may call 713-306-3122 to request that SANS Institute make the arrangements for Auxiliary Aides and bill the costs to the employer. It is the responsibility of the employer to confirm with SANS all such arrangements at least four weeks before the course.

 

Can I transfer my self study or online course materials to another student?

You cannot transfer, share or give your self study material to another person. The following is noted when you access your course material through your portal account.

"Important Notice: By accessing the SANS GIAC online course material, practice tests, exams, and related files, the student agrees to the following.

I understand that my license to use SANS electronic course materials is exclusively for my individual professional development. I will not transfer nor will I allow others to use the course materials or the test questions. I will not use any part of this material for teaching others nor will I incorporate it, nor allow it to be incorporated, in any other training materials or publications, electronic or print, without prior specific written consent of the SANS Institute."

 

Can I use the information I obtained in training for a College paper?

We appreciate your inquiry and you can cut out a paragraph or two at a time from the books but we ask that you don't duplicate full pages of the course material. Please give SANS reference where it is used.

 

Can you tell me how many certified students you have in specific countries?

At this point in time we are unable to give out geographical information on certified students. That may change, but for now, it's the case.

 

What is the difference between Silver and Gold certification?

GIAC Gold will distinguish itself from the existing exam-only 'GIAC Silver' certification by requiring candidates to complete a technical report covering an important area of security related to the certification the student is seeking. After completing the exams necessary to pass the GIAC Silver certification, students will have the option to pursue the GIAC Gold Certification. Candidates will work closely with an adviser through the process of developing their technical report. Once complete, the technical report will be reviewed for acceptance into the SANS Reading Room and the student earning GIAC Gold. All GIAC certified professionals who previously completed a practical assignment under the old GIAC requirements are already considered GIAC Gold certified.

 

Can I earn Continuing Professional Education credits, CPEs?

CISSP members can fill in their CISSP ID# when they register for conference training and SANS will submit a request to CISSP for the attendee to receive credit for SANS CPEs earned.

If you participated in training other than conference training, such as the Mentor Program, SANSonDemand or SANS@Home, you may logon to your portal and download a copy of your certificate of completion. CPEs are not awarded for recertification.

Self study students can submit CPEs, but we no longer supply Certificates of Completion since we have no way of knowing the material was completed. We recommend Self Study students complete their GIAC certification which is evidence of completion.

 

How many credits do I earn for ISC2 Continuing Education when I take a SANS course?

You earn 1 CPE credit for ISC2 per hour of SANS training. A conference usually lasts 6 days for 6 hours a day, which would be 36 credits. Students can earn CPE credits through the Mentor Program, SANS@Home, OnDemand, Onsite, and Conferences.

SANS will submit CPE credits to ISC2 if you enter your CISSP# when registering.

 

Can I get college credit for taking SANS courses?

The SANS Institute is not an accredited educational institution that issues college credits that can be transferred. However, applicable SANS courses and GIAC Certifications can be grandfathered into the Master's Program of SANS Technology Institute as described above. Also, some other colleges offer degrees that accept life experience and other training for credit; so please check with individual schools to see if they will accept training for credit from the SANS Institute since it is known for the quality of its training. 

Are CPE credits submitted to ISC2 as Type A or B?

All credits are submitted as Type A credits.

 

What is a Bootcamp Session?

Bootcamp sessions are evening hands-on sessions that allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Laptops are required.

 

Are Bootcamp sessions optional?

Bootcamp sessions are optional, but highly recommended, especially for students who are attempting certification. These hands on sessions reiterate what students learn during the day sessions.

 

For SEC 401 are laptops required ALL DAY or only for the Bootcamp sessions in the evenings?

Students only need laptops in the evening for the hands-on labs during bootcamp. The 9am to 5pm class is lecture only.

 

What is the purpose of the CISSP Bootcamp?

The CISSP Bootcamp is utilized to take the 10 domain quizzes, grade them and then discuss the right and wrong answers. The quizzes are done with pencil and paper. No laptop is required,

 

What is the comparison between CISSP and GIAC?

The primary difference is that the CISSP focuses on concepts, which is of course essential. GIAC covers concepts, but focuses more on the practical skills needed to apply those concepts on the job. Another difference is that you must be a security professional with a minimum of three years of experience in the field before you are even allowed to sit for the CISSP. There is no experience requirement to sit for any of the GIAC certifications. Additional information on GIAC can be found at the FAQ link, above, or the GIAC home page at http://www.giac.org/.

Registration/Tuition:

 

Are SANS courses eligible for the United States GI Bill?

The GI Bill provides financial aid for courses taken through an accredited educational institution. SANS is an independent organization, and courses taken directly through SANS do not qualify for assistance under the GI Bill, However GIAC Certification is eligible. See http://www.giac.org/overview/faq.php#165 for details.

 

Can I add certification after the conference?

Students have until 1:00pm on the last day of a conference to add
certification for $499.

 

Can I send someone in my place if I cannot attend a conference that I registered for?

You may substitute another person in your place at any time by e-mailing registration@sans.org

 

Can I switch classes at the conference if I find it's not for me?

We do have a policy that if you attend the first day's class and want to switch it can be done OnSite. It has to be done on the first day but we also allow students to scan the course material at the bookroom to see if it would be a good fit for them to attend later on in the week. The only catch is we cannot switch if a class sells out.

 

Does SANS have a GSA contract?

Yes, SANS has a GSA contract. The contract number is GS-35F-0221N.

As of 12/1/07, the schedule items for this contract have been modified. Federal government agencies and eligible federal government contractors may use the SANS GSA Contract to purchase training through the OnSite program ( https://www.sans.org/onsite/ ). Federal government contractors are required to provide a GSA Authorization letter from their contracting agency in order to purchase through SANS’ GSA contract.

SANS Training Events, Community SANS, OnDemand, Mentor, @Home, and Self Study are not available for purchase through GSA and do not have discounted GSA pricing.

For a list of the OnSite classes offered through GSA, please see http://www.gsaadvantage.gov/. If you have any questions regarding the SANS GSA contract, please address them to gsa@sans.org. 

Does SANS have multiple discounts or a volume discount program?

We offer the following group discounts for organizations registering multiple people for the same conference, SANSonDemand Mentor Program or SANS@Home program. Group discounts do not apply toward GIAC Certification fees.

• 4 or more people - 5%
• 8 or more people - 10%
• 12 or more people - 15%

Challenge certification and Self Study are not eligible for group discounts.

To register with a discount you must:

• Obtain a discount code BEFORE you register, codes cannot be applied after registration is completed
• Use the discount code on the registration form
• Register at the same time (within 48 hours)

In order to obtain your discount code for registering, complete the discount code request form at http://www.sans.org/conference/discounts.php

All registrations using discount codes will be verified 48 hours after code is issued. Those using a code that do not meet the required group level will be subject to the fee difference between their discount registration and the discount level they meet.

 

Does SANS offer an attendee list for conferences?

SANS publishes an attendee list which will be available at the conference as part of your registration packet. Not all of the attendees will be on the list as they can choose not to be included on their registration form.

 

Does SANS send out letters of invitation?

Students should be able to attend based on the information provided from their registration. We no longer send letters of invitation.

 

I don't want to enter my credit card information on the registration form. Can I call in my credit card payment?

Credit card payments can be made by telephone. First complete the on-line registration form, and select Credit Card by fax or phone as the payment method. After you receive your invoice number, call (301) 654-SANS (7267) to provide your credit card details.

 

My credit card was denied. Can you tell me why?

You will need to contact your credit card company to resolve the issue. We are not given any other information other than whether it is charged or denied.

 

My credit memo expired can I still use it towards training?

If your credit memo expires you can no longer use it towards payment of a course. Credit memos must be used by their expiration date.

 

We are a Tax exempt organization. How do we receive the tax exempt price?

Place your order and then email store@sans.org and ask to have the tax removed. Be sure to include should include the store order number in the request and do it promptly after placing the order.

 

What do I need to do once I arrive for training at the conference?

E-mail alerts will be sent to you before the conference with registration times, registration locations, and laptop requirements (if applicable). Upon your arrival all you will need to do is check in at the SANS registration desk. To check in you will need to present a photo ID. At the registration desk you will receive your SANS badge, applicable course materials, and information you will need while you are at the conference.

 

What is the deadline to register for the certification when attending a conference?

The deadline to add or drop GIAC certification from your SANS conference registration is the last day of the conference. If you decide to add GIAC exams after you register, contact the SANS registration office (registration@sans.org or 301-654-SANS(7267) ).

 

What payment options are available for SANS training?

We accept credit cards (American Express, MasterCard, Visa, and Diners Club), checks, wire transfers, and US & Canadian federal government purchase orders.

 

What will happen if I can't attend the entire conference?

It is not a problem with SANS if it is not a problem with the student. Students will have to pay for the entire track and will be given all the course materials for the entire track; but if the student is unable to come the last day or any of the other days, and still wants to participate in the track - that's fine.

 

Will SANS accept purchase orders other than US federal government and Canadian government purchase orders?

The SANS Institute expects payment in advance for all courses. If you are an employee of the United States federal government or the Government of Canada, you are permitted to submit a valid purchase order or federal training authorization form in advance as your prepayment.

SANS does not accept state, provincial, corporate, or university purchase orders as prepayment for training. Your tuition fee must be paid in advance by check, bank transfer, or credit card. We realize that your organization may still need to use a purchase order internally as part of the payment process. To obtain an invoice for your accounts payable department, please take the following steps:

1. Register for your training online. At the end of the registration process, you will be prompted to print your own invoice. Please do this.
2. Take the unpaid invoice to your accounts payable department so that they can match the purchase order with this invoice and generate payment to SANS by check, credit card, or bank transfer.

Please remember that SANS must receive your tuition payment prior to the start of your course.

 

How do I register?

1. Go to http://www.sans.org/sans_training.php and select the training you would like to register for.
2. Complete the online registration form. (SANS does not take registrations by phone.) Even if you prefer not to submit your payment information online, you should still complete the online form. Offline payment options are available once the online form is completed and you have your invoice number.
3. Print your own invoice at the end of the online registration process.
4. An immediate e-mail confirmation is sent to you when the registration is submitted properly. If you have not received e-mail confirmation within two business days of registering, please call the SANS Registration office at 301-654-SANS(7267). You may also contact us by e-mail at registration@sans.org.
5. Submit payment for your SANS registration invoice. Please note that SANS requires payment in advance for all training.

 

How much does the training cost?

Registration fees vary depending on what type of training format you choose, what track/course you choose, location you choose, and when you register & pay. In order to find out how much the track/course fee is you can do one of two things:

• Check the "Tuition Information" section on the web page for the specific location/type of training you chose.

**Check the on-line registration page for the fees and cut off dates.

 

Does SANS offer any work-study programs?

The SANS Work Study Program provides a means for students to attend a SANS conference track at a much reduced rate in exchange for working at the conference and assisting with written technical work. Students are still responsible for any costs associated with food, lodging, and transportation. For information, see http://www.sans.org/training/volunteer.php

 

How can I get a copy of my invoice or receipt?

You can logon to your portal account at https://portal.sans.org/ with your email address that you registered with.

If you do not remember your password, you can use the "Forgot Your Password? Reset Password" to reset it.

Then click onto the "Attendance History" link in the upper right hand corner.

You will be able retrieve a copy of your INVOICE/RECEIPT

 

Can you send me a copy of my invoice?

Yes, we can fax or email a copy of your invoice. Please send an email to registration@sans.org, and include your name and invoice number.

 

What is your refund policy for conference attendees?

If you find that you cannot attend a conference and you have no one to replace you, please submit your refund request in writing to registration@sans.org To find the specific deadline dates for your conference please go to the conference link on our webpage, www.sans.org and then go to the cancellations link. Please pay attention to the last date that refunds will be given.

SANS and GIAC - How they fit together:

 

If I take the course, do I have to take the certification?

No. SANS Training and GIAC Certification are separate programs (though they are related). SANS Training is intended to provide students with the best available education in the key areas of information security. GIAC Certification is designed to provide an objective "benchmark" to show that an individual meets a minimum standard of skill and knowledge, for people who want to demonstrate this ability for themselves, or for a current or prospective employer. Students do not have to take the certification if they take the course, though they have the option to do so.

 

How does GIAC Certification fit with SANS Training?

GIAC certification was developed to help the industry by providing a standard that not only tested theoretical knowledge but also the ability to apply that knowledge in real life. SANS training is organized in tracks that correspond to the various subject areas of the GIAC certification program provides certification in. The training is developed independently from the certification process to ensure that those attending SANS training are well rounded in the area they have chosen to train in, and not just learning how to pass a test.

SANS Portal

 

How do I listen to the audio files?

The audio files can be listened to with any MP3 player you choose. Information on WinAmp is available as it tends to be the most popular MP3 player. However, most default installations of the Microsoft Windows operating system include the Windows Media Player (WMP) which will work just as well. It is recommended that you only choose to "stream" the audio if you have a high bandwidth connection to the internet.

 

I forgot my SANS Portal password. What do I do?

Go to the portal at http://portal.sans.org. At the bottom the login page is the "Reset Password" link located by the text "Forgot Your Password?" Click this and follow the directions.

 

How do I access my SANS Self Study files?

Log into your SANS portal account at http://portal.sans.org/. Then click the Study Files link.

 

I purchased SANS Self Study with Certification or a GIAC Challenge certification. How do I access my Practice Exams that were included as part of my certification package?

There are two ways to access your practice exams. The first is to access the practice exams is to log into your portal account and click the "Practice Exams" link located next to the "Bookstore Orders" link on your main portal page. Secondly you can log into your SANS portal account at http://portal.sans.org/. Then click the "Bookstore Orders" link. On this page is the following: Practice Exams Click here to access your practice exams.

I can’t find my certification exams link or audio files in my portal account, where are they? Be sure that you are logging on to the portal with the email address that you registered with.

 

Where are the PDF's in my portal account, can you tell me how to access them?

Pdf documents are no longer available. Hard copies of the course books were provided to you at the conference or mailed to you for online training. Through your portal account you'll have access to mp3 recordings (when available) of your course being presented at a recent conference. You can download the mp3s. Some people like to burn these to a CD or put on their Ipod to listen on their commute or while traveling. You'll have access to the mp3s in your portal account for a six month period.

SANS Web Site

 

Can I use material from SANS web site or a SANS published work in a dissertation, research paper, or other scholarly work?

You may use SANS copyrighted material in a scholarly work as long as it is properly referenced (you must give the material a footnote or endnote citing SANS and the source). Under US Copyright Law, you do not need permission to include small amounts of copyrighted material in a learning exercise. However, your paper may not be copied for distribution outside your classroom without violating copyright law.

 

How do I read the SANS Training Matrix (home page)?

The SANS Training Matrix lists all upcoming conferences and training opportunities. The matrix lists all events down the left side by location/type of training. To the right of the events there is a grid with what tracks/course are offered at that particular event. To get detailed information on an event simply click on the event name/location. To get detailed information on a track/course click the icon in the grid corresponding to the track/course you are interested in. The is a key to the icons on the matrix at: http://www.sans.org/index.php#key

 

How do I sign up to receive updates from SANS?

SANS offers several security newsletters and other update mailings designed to keep you informed of both industry security information and SANS training and participation opportunities. To sign up for these updates go to http://www.sans.org/newsletters.

 

I'm looking for specific information, where's the best place to start?

The majority of information on the SANS site is accessible directly from the SANS home page. There are links to all major areas of the site at the top of the page, and a detailed training matrix a little further down on the home page. The training matrix gives easy access to all conference and training information, including: conference locations, tracks/courses offered, course descriptions, hotel and travel information (in applicable), fees, and registration.

There is also a site search engine available in the top right corner of most pages on the SANS web site, the search engine that lets you search the entire SANS web site to locate the information you need.

 

Is it OK to post information from the SANS web site on my own web site?

Information posted at the SANS web site is protected by copyright and is not to be reproduced at other web sites, except where noted otherwise. If you wish to share information from the SANS web site with students, employees or others, you may post or link the URL where the information is found.

 

May I include information from the SANS web site in materials that will be printed?

Information posted at the SANS web site is protected by copyright and is not to be reproduced without permission. If you working on a book and want to use small quantities of our online material that is properly credited, you may request permission by sending us the pertinent sections of the draft manuscript.

 

What is the Information Security Reading room?

The Information Security Reading Room is a collection of papers that explore in-depth, various areas of computer and information security. This is a community resource that is free to all.

 

Where can I find the SANS PGP Key?

The SANS PGP key is available from either http://www.us.pgp.net or from our local server ( http://www.sans.org/key.txt).

 

Where is the best place to find new information/events?

All information and events that are new to the SANS web site are listed at http://www.sans.org /new.php"> http://www.sans.org /new.php . New training events are also listed on the SANS Training Matrix at http://www.sans.org and are indicated with a "New - Just Added" icon.

 

Why is my paper not posted in the SANS InfoSec Reading Room?

By submitting your practical to GIAC, you are giving us the right to post it on our web site. We are also giving you the opportunity to be published. All certified students can find their practicals posted under the appropriate certification listing here: http://www.giac.org/certified_professionals/. Naturally some papers are stronger or hold more community value than others. The best of the papers will also be placed in the Reading Room, although it is mostly made up of GSEC papers. It is an honor to be posted there beyond the listing of all students.

Miscellaneous:

 

How can I contribute to SANS Community Projects?

SANS has several projects that you can get involved in, including:

• S.C.O.R.E ( http://www.sans.org/score/ )
• Local Mentor Program. Candidates who have taken SANS training and received GIAC certification in their subject are eligible to act as Mentors for their community or within their organization. In designated cities where it has been determined that there is sufficient interest and we are able to locate an available qualified mentor and an acceptable venue, we may choose to form a class. Each class exists only for the duration of the applicable course and usually involves 10 meetings with the mentor and the other students to discuss the material, ask and answer questions, and help each other prepare for certification. If you are interested in becoming a Mentor, please contact Scott Weil at sweil@sans.org

 

What is SANS' policy on press passes?

SANS requires the press to submit in a proposal beforehand about the article they wish to write along with proof of credentials. Only writers or editors will be accepted and freelance writers must provide some proof of their assignment on letterhead from the publication's editor. Publishers and salespeople will not be given press passes. Seats are limited and a $500 refundable deposit is required at registration. To receive back your deposit the actual article must be submitted to SANS and feature a direct link to our web site at www.sans.org. Books will not be given with the course but can be purchased at our bookstore. Distribution of press passes are at the discretion of SANS and can be done by contacting Brian Correia either by e-mail at brian@sans.org or via fax at 703-830-0520.

 

What vendor opportunities does SANS have for exhibits/advertising?

SANS has many opportunities for vendors to get involved, from conference expositions, to monthly webcasts, newsletters, and more! For full details on all the vendor opportunities SANS has to offer see http://www.sans.org/vendor.

 

Why is SANS attacking me from http://rr.sans.org/firewall/egress.php?

Snort ( http://www.snort.org ) is an open-source IDS tool. One of the default Snort rules for identifying bad traffic is:

alert ip any any <> 127.0.0.0/8 any (msg:"BAD-TRAFFIC loopback traffic"; classtype:bad-unknown; reference:url,rr.sans.org/firewall/egress.php; sid:528; rev:4;)

The "alert ip any any <> 127.0.0.0/8 any" portion says to generate an alert on IP traffic to or from any 127.x.x.x address. The "msg:" attribute contains the text of the alert. The "reference:" field can contain one or more references to external sites with information about this kind of traffic.

In this case the reference includes the URL to a SANS Reading Room document which contains information about egress filtering on your network.

We have received a number of questions asking why we are attacking folks and it has almost always been the case that the person asking why SANS was attacking them was using the Kerio personal firewall. Kerio appears to use the Snort engine and default rules for their IDS capability. They also seem to be badly mangling the information in this specific signature so you think that they are reporting an attack from SANS.

The correct answer is that someone sent a probe/attack to your IP address and forged the source address to be 127.x.x.x.

If you are getting these attacks/probes at home on a cable/DSL connection, you cannot really do anything to prevent them. Your personal firewall is doing what it should to protect your individual computer. If you are getting these attacks/probes at work, then talk to you network administrators about adding ingress filters to block this traffic.

 

Can SANS recommend a security consultant?

Several of our instructors are consultants and you can read their bios at: http://www.sans.org/instructors.php

The instructors who are consultants listed on that page are: Chris Brenton, Eric Cole, Jason Fossen, David Hoelzer, Hal Pomeranz, Mike Poor, David Rice, Ed Skoudis, Steve Slater, and Lenny Zeltser