Upcoming free SANS Security Webinars

From SANS Newsletter:


 A Taste of SANS Security 660 – Exploit-Writing in a Modern World (Part III of III)
WHEN: Tuesday, March 15, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Stephen Sims

Sponsored By Core Security http://www.coresecurity.com/

 In part III of this webcast series Security 660 lead-author Stephen Sims will explain and demonstrate techniques used to discover and exploit bugs in Linux and Windows. Days four, five, and six in SANS SEC660 dive deep into discovering and writing exploits, accounting for modern OS controls such as data execution prevention (DEP), address space layout randomization (ASLR), stack/heap canaries, and many others. A senior penetration tester is often the final line of defense before deeming a technology or solution as reasonably secure and acceptable for deployment.  Product security testing is a growing practice, and the skill-level of both the competition and the bad guys is growing every day. If an exploit module in Core Impact or Metasploit fails, is it due to an OS control? Can it be defeated? Don’t let the bad guys answer it for you! 

Visit us on part III of this webcast trilogy on Tuesday March 15 (The Ides of March) to jump-start your skills for discovering bugs and exploiting vulnerabilities, and to get a sampling of the topics covered in SANS SEC660. 


Legal Practices and Expectations for Data Security and Investigations
WHEN: Friday, March 18, 2011 at 1:00 PM ET (1700 UTC/GMT)

Legal practices and expectations for electronic data are changing.

Lawmakers around the world are enacting demanding new laws for security, at a time when the threats to enterprise data (hackers, corporate spies, disgruntled employees) are rising and emerging technologies like cloud computing shift the playing field. E-data are becoming central to the resolution of lawsuits, internal investigations and law enforcement actions. As a consequence, all enterprises face a growing need for a more professional and sophisticated IT security team. In this webcast, Mr.  Wright will survey the big trends in data law and interpret what they mean for the modern enterprise


Managing Insiders (Contractors, Vendors and Employees) in SCADA Environments
WHEN: Wednesday, March 23, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Jonathan Pollet, Matthew E. Luallen, Lior Frenkel, Walter Sikora, & Ansh Patnaik

Sponsored By: ArcSight, an HP Company http://www.arcsight.com/, Industrial Defender http://www.industrialdefender.com/, and Waterfall Security http://www.waterfallsecurity.com/ 

This webcast will include discussion around the policies and controls needed to protect against insider threat specific to utility control networks, including access controls, application controls/whitelisting, end point controls, centralized logging, and security information event management. Key insight will be gained from security professionals involved in auditing SCADA and other utility control systems. 


Web 2.0 Security: Same Old But Different
WHEN: Thursday, March 24, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Johannes Ullrich & Eric Crutchlow

Sponsored By: SONICWALL http://www.sonicwall.com/ 

Web browsers have become a lot more then engines to render images and html. Instead, web browsers now execute code and provide rich user interfaces to interact with web services, a technology frequently called “Web 2.0”. What we have not yet figured out is how this new web application paradigm changes how we need to secure these applications.

More code will be executed outside of the server fortress and more data will be exchanged between client and server. We will discuss some of the application security issues that have to be considered and how things have changed and not changed with Web 2.0. 


EMEA Audience Webcast: Improve Firewall Security Odds: Prevent Misconfigurations and Compliance Concerns by Automating Firewall Audits
WHEN: Thursday, April 07, 2011 at 9:00 AM ET (1300 UTC/GMT) SPECIAL TIME FOR EMEA AUDIENCE
FEATURING: Michelle Cobb, VP of Marketing, Skybox Security

Sponsored By: Skybox Security http://www.skyboxsecurity.com/ 

Are your firewalls configured to block threats and keep you in compliance?  Do you spend too much time analyzing firewall rule changes and access problems? Join Michelle Cobb, VP of Product Marketing at Skybox Security to learn what automated firewall analysis can do for your organization. 


Internet Storm Center: Threat Update
WHEN: Wednesday, April 13, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Johannes Ullrich

Sponsored By: Core Security http://www.coresecurity.com/ 

This monthly webcast covers recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period. 


Analyst Webcast: Addressing the Top 20 Critical Security Controls with SIEM
WHEN: Thursday, April 14, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: James Tarala and Ansh Patnaik

Sponsored By: ArcSight, and HP Company http://www.arcsight.com/ 

In this webcast, the SANS analyst responsible for co-developing the Top

20 guidelines (and current but minor guideline updates), will discuss the development of the Top 20 controls. He will also discuss how SIEM can be applied to some of the key security and compliance challenges government agencies are struggling with. 

Register for this webcast and be among the first to receive an advance copy of the associated whitepaper also written by James Tarala.


So what is IPv6 Anyways, and why Should I care?

TCP/IP is the communication protocol that the internet and most computer networks use. Even a lot of phones use it now. It is basically the language that systems use to talk to each other.

The current version of the protocol that we are using is IPv4. IP stands for “Internet Protocol”, and it is the 4th revision of the language.

Every device connected to the internet has an address so it can be found by other systems. It is called an IP Address.

A sample address is
If you type this address into your web browser you will end up at iCorning.com.

One of Google’s several addresses is
Same thing, if you type this in, you end up at Google.

A system exists called DNS that converts these numbered addresses to the more human readable addresses that we are used to using.

When IPv4 was created it allowed for about 4.3 billion addresses. Which seemed a lot at the time, but this was a long time ago, before there were smart phones and internet connected devices, and before many third world countries were starting to hook systems up to the web.

Now, new IPv4 addresses are all but depleted.

IPv6 was created to fix this issue, and to address some of the security issues in IPv4. There are 2^128 IPv6 Addresses, that is, oh roughly:

340,282,366,920,938,463,463,374,607,431,768,211,456 unique IPv6 adresses.
So we shouldn’t be running out anytime soon.

They look something like this:

The problem is that the US is switching to IPv6 very slowly. I believe that we are behind China and Japan in the switchover. And many US companies have no immediate plans to even make the transition. Google currently has a single Linux box set up to handle the IPv6 Google traffic. But eventually we will all be using IPv6.

This is a response that I wrote to a forum question about IPv6 on iElmira.com.

The End of IPv4 Addresses and Free IPv6 Certification

2012 may truly mark the end of the world. Well, the end of the IPv4 world that is. Some say it doesn’t even have that long. According to a new FoxNews article, there are only enough new IP addresses left for about 340 more days of growth.

Here is the problem. TCP/IP is the communication protocol your computer uses to talk to each other and to communicate over the internet. Each computer or device must have a unique address, so they can communicate with each other.

When TCP/IP IPv4 was implemented, address space was issued for a certain number of users (about 4 Billion). With the explosive growth of connected devices these addresses have been devoured. IPv6 was defined as a standard in 1998, to remedy the problem.

IPv4 uses 32 bits of information for addressing, while IPv6 uses 128 bits. This allows for extraordinary growth. How much growth you say? Well, IPv4 allowed about 4 Billion addresses, IPv6 allows for about 340,282,366,920,938,000,000,000,000,000,000,000,000!

That’s a lot of addresses! A security instructor once said that he thought that was roughly the number of grains of sand on the planet. This should allow for us to connect all the world users, their phones, fridges, cars and hair care products. For more information see Wikipedia.

Okay, on to the free IPv6 Certification. Many IP professionals have put off learning IPv6 for a long time. Well, the time draws near, and it is time to learn it if you haven’t all ready. Hurricane Electric offers free IPv6 certification and training. Hurricane Electric is an internet backbone and co-location provider. (From their web site:)

Welcome to the Hurricane Electric IPv6 Certification Project. This tool will allow you to certify your ability to configure IPv6, and to validate your IPv6 servers configuration.

Through this test set you will be able to:

  • Prove that you have IPv6 connectivity
  • Prove that you have a working IPv6 web server
  • Prove that you have a working IPv6 email address
  • Prove that you have working forward IPv6 DNS
  • Prove that you have working reverse IPv6 DNS for your mail server
  • Prove that you have name servers with IPv6 addresses that can respond to queries via IPv6
  • Prove your knowledge of IPv6 technologies through quick and easy testing

Check it out!

Book Review: “OWNED: Why Hacking Continues to be a Problem” by Mister Reiner

Mister Reiner gave me a copy of this book quite a while ago. I have finally gotten around to reading it and I was pleasantly surprised. With so many quality titles out there on computer security, honestly I was a bit skeptical, but this book brings in a breath of fresh air.

I loved Mister Reiner’s introduction. I feel that his battle of convincing co-workers that their network has in fact been penetrated is echoed in many workplaces around the world. Sometimes the hardest people to convince that there has been a computer intrusion are those who are in charge of securing the network.

With the majority of my experience being in the small business field I was very impressed with chapter 2, “The Standard Security Template”. This is probably one of the best step by step views of securing a new small network system that I have yet seen in print. Most books focus on large corporate networks, but Mister Reiner has provided an excellent setup guide for securing a small network. Mister Reiner also covers the basic knowledge needed to secure a system and the importance of system documentation.

Next, Mister Reiner takes a look at hackers and their tactics. Chapter 5, “Hacking 201 – Getting more technical” is one of my favorite chapters. In this chapter, Mister Reiner gives you a unique, over the shoulder view of a hack in progress. Even though it is not a technical, in-depth, step by step how to, it still gives you an amazing view into what hackers target and how they would operate against an online database server.

Mister Reiner continues with a look at the different skill level of hackers and how their skill level determines their operational techniques. This includes recon, mapping of a network, and using E-Mail to penetrate a system. Once penetrated, Mister Reiner shows some of the techniques hackers use to consolidate their hold on the network using smart Trojans and sleepers.

Finally, Mister Reiner wraps up the book with a look at the monumental task of deciphering and catching malicious traffic through logs and intrusion detection systems. With the holes in operating systems and applications, volumes of data to monitor and the ever present human factor, I wholeheartedly agree with Mister Reiner’s summation. Which is, to completely secure a system, we need to “Throw out all the hardware, operating systems and applications we use now – and reengineer everything from scratch.”

OWNED: Why Hacking Continues to be a Problem” gives a very good look at network security, the tactics of hackers and the struggles of securing systems against these threats. The book is not overly technical and is easy to read. If you are new to computer security and want to know more, I highly recommend this book.