Summary: Security Training - SANS

From: <bramblet_at_fuller.com>
Date: Tue, 27 Feb 2001 11:25:04 -0600

My original question:
    I am sorry that this may be off topic but I believe that some of us who
work for small companies have many hats. One such hat is security.
Has anyone gone to a  SANS (System, Network, and Security
Administration) conference??
Is it worth while to attend?? What do you think about the track 6
Securing Unix  of the 2001 conference in Baltimore??
How did you get the money man to go for sending you to the conference??

I received 11 responses. Of those 11 7 had attended  previous conferences. General responses were it it worth the money to learn and to network with other people with similar experiences.

AndyC_at_dice.com wrote:

Hi Ron,

I went in 1999, though I'm sure not much changes year-to-year.  Something
like SANS is good for someone who "wears many hats" -- You can attend a
variety of seminars on different topics.  It's almost like going to 5 or 6
classes in one (for the money, anyway).   Good luck...

Andy

Theodore.A.Neuville_at_WellsFargo.COM wrote:

I went to Orlando last year, but didn't take a specified "track". I just
selected 5 classes that interested me. Of the 5, I would say that 4 of them
were excellent, with one just average. Still, average is better than a lot
of the classes you can take. I didn't have to worry about funding, since my
company does set aside money for training budgets. I recommended that some
of my colleagues go to other SANS conferences, and everyone who's gone has
found them very worthwhile.

"William H. Magill" wrote:

I can't say if the SANS conference is any good anymore. I haven't been
since the first one. However, even then it was pretty light weight.
ESPECIALLY, if you were not running SCO or SUN.

The usual problems with this sort of conference is that it is either
incredibly generic, or else SUN centric, with a possible session for AIX,
and HP-UX users. You won't find anything about Alpha or Tru64 there, and
probably won't even find people there who know that it exists. I doubt that
anybody there (except maybe the IBM reps) even knows what C2 or the Orange
Book even is. And as far as I know, Tru64 has no plans to exhibit
there...

Since you are running Tru64 on an Alpha, you should consider making the
EncompasUS conference in the Fall in Anaheim.
        http://www.compaq.com/events/cets2001/

There is virtually no information about the event yet, but if you look
at http://www.decus.org/encompass/CETS2000/, you can get an idea of what
went on last year -- look at the Knowledge Exchange link at the bottom.

It is an all Compaq event. We do have the Tru64 Engineers on-site (as well
as marketing types) to do presentations and answer questions...
Cost is probably around $1500 plus airfare and hotel. Lunch is included,
and there are usually food events every night. (We'll be taking over either
Disneyland or Disneyland's new California for a night! Disney and Compaq
are now even bigger partners than in the past.)

Now... How to justify...
1- you build contacts with the people who write the code
2- you make contact with others doing similar things on similar hardware
        with similar software
3- you can ask specific to you questions of the engineers and get answers
        back.
4- if you sign the Non-Disclosure paperwork, you can find out what's in the
        next release (the one not yet in beta testing)...

Keep in mind -- contact building is also called "networking," depending
        upon the age of the boss.

CETS2001 is a Compaq event -- it is specific to Compaq hardware and
software and in that vein, it is very different from any other event that
you would attend. The event is "Enterprise" oriented. So, while you will
see the "Industry Standard Division" (ie Intel Based systems) represented,
it will be in the guise of the 20 processor Unisys box that Compaq is
re-selling as an enterprise server, not in the form of stand alone
desktops.

--
                        www.tru64unix.compaq.com
                              www.tru64.org
                             comp.unix.tru64

T.T.F.N.
William H. Magill                          Senior Systems Administrator
Information Services and Computing (ISC)   University of Pennsylvania
Internet: magill_at_isc.upenn.edu             magill_at_acm.org
http://www.isc-net.upenn.edu/~magill/

Allen Carpenter wrote:

I attended the SANS track 6 training in Monterey last year.  Although they
will cover some things you already know very well it as very worthwhile.
The best part may be the ability to compare notes and procedures with like
minded people.  The instructors are very knowledgeable and will take the
time to answer your questions and concerns offline.  That being said a large
portion of the conference will concentrate on Linux and Solaris.

As for getting the money I would remind your money man what the expense of
lax security can be.  The most critical may be the loss of customer data and
therefore customer trust.  I don't know what your company actually does for
its customers but I do know that if you surrender information about a
customer you will likely surrender the customer as well.  You also have to
potential to open yourself a huge liability if you handle such things as
credit card transactions, confidential records or proprietary data.

Allen

jreed_at_appliedtheory.com wrote:

I went to the SANS 1999 conf. in New Orleans. It was a
tremendous experience, exposed me to so many aspects of
security that I hadn't really considered, deepened my
understanding of others. I did 2 days of IDS training,
and one day of training on developing a security policy.
I also did the 2 day conf., sampling a variety of things.

Track 6 looks like a good base-level introduction to
all aspects of UNIX security. You should come out of it
with a sound foundation to secure your UNIX servers, and
the certification would seem to carry some weight. It looks
like they cover the gamut of things that it could take
years to learn by trial and error.

I'm hoping to take track 7, Auditing Networks, Perimeters,
and Systems. These conferences are quite a bit of $$,
but if you are on the front line and there is no specific
security group in your organization, the skills and knowledge
you gain in a short time will be a crucial investment in
protecting their resources - they need someone to have these
skills if they connect to the internet.

Good luck, hth!

Judith Reed
jreed_at_appliedtheory.com

MASSARDA_at_mail.suny.edu wrote:

Ron,

I took a "Digital Unix security management" class given by Global Knowledge
about three years ago...  I didn't think it was worth the money - about
$1200.00 for two days.  They didn't even touch on C2 security.  It was
mostly how to handle groups, how to set up auditing, problems with the
set UID command, how to disable services like TFTP, etc...  If you have
the Digital Unix Security book, it's better reading than attending the
class was....  Just my $0.02.

                                        -Dave

"Hollingshead, Tim" wrote:

Ron,

 My company is putting on a SAN seminar next Monday in cooperation with Veritas and Compaq. Not any training, but it is a nice introduction.  Just thought I'd check and see if we are in the same part of the country or not.

Tim

J Bacher wrote:

I haven't been to a SANS due to scheduling conflict but I will be in
Baltimore if it's the one later this year.

My jusitification:  it's cheap insurance.  If you have a UNIX server on the
Internet, you must know whatever it takes to secure it.

"Thomas M. Payerle" wrote:

I work for a large department in a large state university, and still have
to wear many hats:)

I attended a few days of the conference last time in Baltimore, about 2 years
ago.  2 of the 3 courses I thought were excellent (Matt Bishop's course on
secure programming, and a course on Oracle DBA for Sysadmins that I didn't
see offered this time were great.  Brad Johnson's What Hacker's Know about
you was rather mediocre and I wouldn't recommend).  I am planning on taking
the other courses by Matt Bishop this time around, plus a couple of others
if can get the funding for it.  The courses are a bit pricey, but doubt you
can find a better workshop on security related issues.

No idea on how to get the money.  This is basically the only (non-free) training
I requested since last SANS Baltimore, and might not get the 4 courses I
asked for.  Part of it depends on your company's view of computer security---
at the university this is difficult because no one considers the data on the
machines I administer particularly valuable (at least as long they can access
it, i.e. whenever I have time to try to talk up security).   Biggest problem
is use of university machines to attack others, which could lead to lawsuits
(a campus in California I think was recently sued for such) and certainly
negative publicity.

If security is important to your company, this is the conference to attend.
Why don't you request them to send you to California or whatever for LISA
for a week and see if they'll settle for SANS Baltimore:)

Tom Payerle
Dept of Physics                         payerle_at_physics.umd.edu
University of Maryland                  (301) 405-6973
College Park, MD 20742-4111             Fax: (301) 314-9525

Richard C Bond wrote:

I went in 99, and will go this year.

Good classes / tracks for midrange admins

exposure to lots of folks/ideas about how to do your job

Your company should send folks to some in-service training to retain
good people and enhance their in-house ability.

rcb

Richard Bond (rbond_at_mbt.washington.edu  (206) 605-3561
System Administrator                          K-351, Health Sciences Center
Department of Molecular Biotechnology         Box 357730
University of Washington                      Seattle, WA 98195

-- 
Ron Bramblett
Systems Adminstrator
Fuller Brush Company

  Received on Tue Feb 27 2001 - 17:24:40 NZDT