SANS Institute

Special Events

SANSFIRE 2007 Registration Welcome Reception

- Wednesday, July 25: 5pm - 7pm

Please join us for refreshments at the SANSFIRE 2007 Registration Welcome Reception. This is a great opportunity to network and have fun in a relaxed environment and to register early. You'll be surprised at how many people you will recognize throughout the week after meeting them at the reception!

Vendor Expo

- Friday, July 27: 5pm - 9pm

All attendees are invited to meet with leading providers of firewalls, intrusion detection/ prevention systems and enterprise security management who will be demonstrating their latest solutions. The SANSFIRE 2007 Vendor Expo showcases product offerings from key technology providers in the commercial tools and services market. Vendors arrive prepared to interact with SANS technically savvy audience, presenting technical demonstrations and explanations.

SANSFIRE 2007 Keynotes

- Tony Sager, Chief, Vulnerability Analysis and Operations Group
- Information Assurance Directorate
- National Security Agency
- July 26, 7:00pm-9:00pm

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Department of Defense (DoD) and our other federal customers. This presentation will highlight some of the ways that the VAO Group is translating vulnerability knowledge in cooperation with many partners, into countermeasures and solutions that scale across the entire community. This includes the development and release of security guidance through the NSA public website (http://www.nsa.gov) and sponsorship of a number of community events like the Cyber Defense Initiative and the Red Blue Symposium. It also includes support for, or development of, open standards for vulnerability information (like CVE, the standard naming scheme for vulnerabilities); the creation of the extensible Configuration Checklist Description Format (XCCDF) to automate the implementation and measurement of security guidance; and joint sponsorship, with the National Institute of Standards and Technology (NIST) and the Defense Information Systems Agency (DISA), of the Information Security Automation Program (ISAP), to help security professionals automate security compliance and manage vulnerabilities. The presentation will also discuss the cultural shift we have been making to treat network security as a community problem, one that requires large — scale openness and cooperation with security stakeholders at all points in the security supply chain — operators, suppliers, buyers, authorities and practitioners.

Learn About the DoD 8570 Directive
- George Bieber, DISA
- Thursday, July 26th
- 5:30pm - 6:00pm

Understand how the 8570 Directive will impact your Professional Services staff and the DoD client base that's required to implement its content. We will explore tools that are needed to assess your and your client's needs and determine the necessary training and certifications to meet the 8570 standards. Hear from training experts on how to effectively manage the many training options to insure certification completion. We will review all the certification options and properly identify and categorize the IA workforce and match job functions by certification.

Topics

• IA WIP Strategy , 8570 Requirements
• Implementation Status
• Tools and Resources , Supporting Initiatives
• Lessons Learned & Looking Ahead

GIAC Objective and Curriculum
- Jeff Frisk, GIAC
- Thursday, July 26th
- 6:00pm - 6:30pm

This presentation goes over the objectives and curriculum on the GIAC Certification Program (Global Information Assurance Certification) including what to expect, what will be covered, and how to study for the exam. GIAC is unique in the field of information security certifications by not only testing a candidate's knowledge, but also testing a candidate's ability to put that knowledge into practice in the real world. Learn more from the Director of GIAC in preparation for taking the exam along with tips and ideas of how to succeed through the certification process. This presentation is a must for anyone who is considering going for certification after finishing with SANS training!

Meet the SANS 8570 Team
- Thursday, July 26th
- 6:30pm - 7:00pm

"Virtual Machine Security Issues"
- Ed Skoudis and Tom Liston
- Friday, July 27th
- 8:00pm-9:00pm

This presentation describes security issues associated with virtual machine environments, such as VMware, Microsoft Virtual Server, Xen, and others. We will analyze the possibility of information leakage between virtual machines, and discuss the concerns associated with virtual machine escape. We'll look at the dangers of some of the ease-of-use features of virtual machines, such as file drag-and-drop and cut and paste. The session will conclude with specific recommendations for architectural deployment and configuration issues to improve the security of virtual server consolidation projects and safer client-side virtual machine usage.

Birds of a Feather (Bof)

- Friday, July 27 9pm - 10pm

Birds of a Feather (Bof)

- Saturday, July 28 9pm - 10pm

Birds of a Feather (Bof)

- Sunday, July 29 9pm - 10pm

Birds of a Feather (Bof)

- Monday, July 30 9pm - 10pm