- Training
- Training - ALL
- Training - US / Canada
- Training - EMEA
- Training - International
- Training - Virtual
- SANS Courses
- Courses - Best Sellers
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Career Roadmap
- Certified Instructors
- Work Study
- Group Discounts
- Events Archive
- DoD 8570
- Voucher Credit Program
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Information and Computer Security Resources
SANS/FBI Top 20 Vulnerabilities List
Developed by SANS and the FBI, the list is segmented into two categories, covering Windows Vulnerabilities, and Unix Vulnerabilities.
- Top 20 List: The Experts' Consensus | Tools that Test for the Top Twenty (PDF)
Top 15 Malicious Spyware Actions
Spyware authors have ramped up their malicious code to invade users' privacy at unprecedented levels. This document describes some of the most malicious activities of today's spyware, illustrating the need for solid antispyware defenses.
- Top 15 Malicious Spyware Actions
Information Security Reading Room
The SANS Institute's Information Security Reading Room is a collection of over 1698 articles on 73 areas of information security. The Reading Room is a free resource that is open to the community to improve the overall state of information security.
- Information Security Reading Room
SANS Security Policy Samples
The SANS Security Policy Resource page is a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.
- SANS Security Policy Samples
SANS Webcasts
SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Portal account. If you don't have an account, just go to the SANS Portal page and fill in the simple registration form, it's free. Once you have an account you can also access an archive of past webcasts.
- SANS Webcasts
Computer Security Newsletters and Digests
SANS NewsBites is a weekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Wednesday.
- SANS Newsbites
The Critical Vulnerability Analysis and the Security Alert Consensus have merged to become @RISK: The Consensus Security Alert. Delivered every Monday morning, @RISK first summarizes the three to eight vulnerabilities that matter most, tells what damage they do and how to protect yourself from them, and then adds a unique feature: a summary of the actions 15 giant organizations have taken to protect their users. @RISK adds to the critical vulnerability list a complete catalog of all the new security vulnerabilities discovered during the past week. Thus in one bulletin, you get the critical ones, what others are doing to protect themselves, plus a complete list of the full spectrum of newly discovered vulnerabilities. This is also the subscription list that receives SANS Flash Alerts when they come out two or three times a year. More than 130,000 people are subscribers.
- @RISK: The Consensus Security Alert
"Wow! This is the first security awareness document that our users really like! Thank you, SANS!" That note came from the CISO of an 8,000 employee organization. Ouch! is the first consensus monthly security awareness report for end users. It shows them what to look for and how to avoid phishing and other scams plus viruses and other malware -- using the latest attacks as examples. It also provides pointers to great resources like the amazing Phishing Self-Test. 460 organizations, large and small, helped make it a useful service. More than 100 security officers check each issue for accuracy, and readability before it is distributed to the community. If you want to distribute Ouch! to all your users you may either forward it or subscribe a single address that is a mailing list.
- SANS Ouch!
The Internet Guide To Popular Resources On Information Security
This FAQ provides answers to common information requests about computer security and links to additional reading.
- The Internet Guide To Popular Resources On Information Security
Intrusion Detection FAQ
SANS most widely read FAQ -- Intrusion Detection experts share answers to Frequently Asked Questions.
- Intrusion Detection FAQ
Malware FAQ
The Internet's most trusted site for vendor neutral malware information.
- Malware FAQ
S.C.O.R.E.
Security Consensus Operational Readiness Evaluation was developed by the SANS Institute/GIAC in cooperation with the Center for Internet Security (CIS). SCORE is a community of security professionals working to develop consensus regarding minimum standards and best practice information. The SCORE project is always looking for more help and ideas if you are interested in getting involved contact score@sans.org. - S.C.O.R.E.
Vendor Related Resources
Searching for security tools, services or professional/career agencies can be a lengthy, difficult process. Which vendors are "serious" and which are less so? The resources provide a starting point for your research.
Free Security Tool White Papers
Vendor Related Resources
Glossary of Security Terms
Updated in May of 2003, the new SANS Glossary of Terms Used in Computer Security and Intrusion Detection was developed in conjunction with our popular SANS Security Essentials and the CISSP CBK track.
- Glossary of Security Terms
Center for Internet Security
A global, cooperative initiative through which industry, government, and research leaders are establishing basic operational security benchmarks and keeping them up-to-date. SANS is a founding member.
- Center for Internet Security
Additional Resources
- The Ten Most Important Security Trends of the Coming Year
- Top 5 Essential Log Reports
- Interfacing with Law Enforcement FAQ
- Security for Non-technical Executives
- IT Code of Ethics
- SANS News Browser Service
- IPv6 TCP-IP Pocket Guide (PDF)
- TCP/ IP and tcpdump Flyer (PDF)
- FBI's "Hunting the Wiley Hacker" Presentation (PDF)
- Avoiding Macro Viruses
- Roadmap to Defeating DDoS
- DDoS Roadmap: Steps 1 & 2 NOW!
- The 7 Top Management Errors that Lead to Computer Security Vulnerabilities
- Mistakes People Make that Lead to Security Breaches
- Old Security Alerts
- Intrusion Discovery - Windows 2000/XP Pocket Reference Guide
- Intrusion Discovery - Linux Pocket Reference Guide
- Perl Script for Analyzing Network Traffic
- Automated Auditing in a Windows 2k Environment
- Recommendations for Thwarting Spyware
Check Them Out!
This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC
