Dear Colleague,

Please join us in Washington D.C. for our hottest SANSFIRE Conference yet! This is the third year the SANS Internet Storm Center is hosting SANSFIRE, and we promise quite a bit of excitement. The Internet Storm Center is sponsoring our SANS@Night sessions with talks focused on a difficult subject: Accurate information sharing between computer security professionals.

What better place to learn about and practice information sharing than at a SANS conference!

That is in addition to 18 in-depth hands-on immersion training tracks as well as special one and two-day courses and evening sessions, all taught by the nation's highest rated instructors.

In the past year the Internet Storm Center was very active in the early detection of malicious activity on the Internet and has become the first choice of system administrators world-wide for accurate and timely information. Several of our incident handlers will be present at SANSFIRE this year, and you will certainly want to make time to meet and get to know our fantastic team.

Handlers will provide a number of evening talks featuring events they covered as part of their handler duties. Be ready to learn about botnets, current reverse-engineering techniques to bypass traps left by malware authors and more from the people that know it best!

SANS conferences offer much more than just training. This is the place to meet other information security professionals, to discuss new products with vendors, to participate in online challenges and listen to world-class guest speakers. Come enjoy our hands-on technical training, audit offerings, and leadership courses! You can always count on the SANS promise: What you learn in the course, you will be able to apply the day you get back to the office.

See you in Washington!

Marcus Sachs, Director, SANS Internet Storm Center
Johannes Ullrich, Chief Research Officer, SANS

SANSFIRE 2006 Welcome Reception

- Thursday, July 6th 5pm - 7pm

Please join us for refreshments, snacks and activities at the SANSFIRE 2006 Welcome Reception. There will be plenty of time to network with your peers as well as visit with vendors' technical staff to get an up-close look at emerging technology and live interactive demonstrations. This is a great opportunity to network and have fun in a relaxed environment. You'll be surprised at how many people you will recognize throughout the week after meeting them at the reception!

Vendor Reception

- Friday, July 7th 5pm - 7pm

Throughout SANSFIRE 2006 vendors will be hosting a number of events including presentations, a two-day vendor solutions expo and various receptions. Experience the latest in network security tools, meet industry leaders and share your thoughts on developments you would like to see in the pipeline. Details of the vendor Special Events can be found at: www.sans.org/sansfire06/vendor.php.

Vendor Expo

- Thursday July 6th: 12pm - 1:30pm; 5pm - 7:30pm
- Friday, July 7th: 12pm - 1:30pm; 5pm - 7:30pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANSFIRE 2006 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS technically savvy audience, presenting technical demonstrations and explanations. It's about having your questions answered! For a list of exhibiting vendors see: www.sans.org/sansfire06/vendorexpo.php.

SANSFIRE 2006 Keynotes

- Networks Under Fire: The SANS Internet Storm Center
- Johannes Ullrich, CTO, SANS Internet Storm Center
- Thursday, July 6th 7pm - 9 pm

The SANS Internet Storm Center (ISC) is the trusted source to refer to for advice while under fire from attacks. Using immediate and unfiltered information sharing and analysis provided by our handler team, the ISC is able to provide timely information to information security practitioners. This talk will outline the inner workings of the ISC. You will learn how information is shared and how the group of volunteer incident handlers are able to assess, analyze and counter threats of global scale. In this presentation, the New Years WMF vulnerability will be used to illustrate how the ISC used its own research, community contributions and vendor input to assess the risks to the community from this exploit. Find out what measures the ISC took to counter the risk and how information was disseminated in order to alert system administrators of the immediate threat to their systems.

- Network Early Warning Systems
- Mike Poor, Intelguardians
- Friday, July 7th 7pm - 9pm

Mobile malicious code quickly exposes the weaknesses of our critical infrastructure. The time delta between the release of patches and worms is diminishing. The security community needs simple information gathering and sharing tools and methods to combat current and future fast spreading threats. In this keynote presentation, we will examine global and local network methods that can be applied to prevent, detect and respond to mobile malicious code.