Security for a day

Another SANS conference wraps up for the year. I had the opportunity to pick the brains of a number of my fellow students, the organisers (Shearwater), the instructors and even the volunteer minions

The normal mixed bunch of students, from different environments, back grounds and skills populated the five classes during the week. The instructors and their classes were Chris Brenton (502), Mark Hofman (401), Mike Poor (560), James Shewmaker (504) and Dr. Johannes Ullrich (542).This year’s motley crew of volunteers of Sharon, Mike, Julian, Roy and Damian, with a little help from yours truly, did a top notch job of keeping things flowing smoothly despite the caffeine running out with remarkable frequency and the new addition of capture the bell. Where this desk bell appeared from, no-one is quite certain, but it quickly became the new method of taunting fellow instructors and forcing the minions to do their utmost to snag the bell for their respective instructor. Some did better than others.

The Thursday night panel consisted of all five instructors talking on the current issues of the day. Two topics that had a great deal of interest were virtualisation and antivirus software.

Virtualisation was a hot button, with the concerns that virtual technology is taking over and little thought is going in to its needs for defence in depth applied to it, keeping it and its virtual hosts safe. Mike gave some background on his company, Inguardians, work on breaking out of the virtualized environment from the guest to the hosts, proving it’s not just theory.

The old “is AV still able to provide a reasonable level of protection” question popped up. Johannes is the CEO of DShield and manages the Internet Storm Centre, and Mark is one of the handlers. They gave some clear testimonies and anecdotes that AV can’t keep up with the wave after wave of malware out there, despite vendor’s claims.

The Hacker Techniques, Exploits & Incident Handling (504) course delivered is normal heavy weight punch to it students. James Shewmaker of Bluenotch on his first trip to Oz with SANS, kept the room captivated and bouncing along. The first team to capture the flag on day 6 were a pretty organised crew at the back of the room, plus they nailed it in a very respectable time, with only a little bit of guidance.

The Network Penetration Testing and Ethical Hacking (560) course, run for the first time in Oz, proved to be addictive for it students. They hardly saw the light of day as the battled against the labs and their goals to breach systems working through the courseware. Mike Poor, did a awesome job of keeping the class entertained, on track and gobbling up the material. The day six challenge went down to the wire with three different teams attempting to claw, hack and subvert their way to the finishing line. At the last dying moments of the day, did one team prove victorious and get the final winning piece. Word is that it’s a devilish puzzle of many pieces and a very worthy, just frustrating, challenge. Some very skilled penetration testers struggled with overcoming the challenge. Better luck next time Damian

The Web App Penetration Testing and Ethical Hacking (542) course got some odd comments that it needed more meat to it and wasn’t hands on enough. After talking with a couple of folks, they were looking for a more rounded out session, similar to other SANS tracks where you have a challenge at the end to master. Perhaps the six day version, when it reaches the light of day, will be what they are after.

The SANS Security Essentials Bootcamp Style (401) course, was delivered with Mark’s Ozzie charms. Being the widest scope of all SANS courses, more than a few 401 students required alcohol to get them over the shell shock and keep them going. With only one casualty, self induced, the group survived the six day trial and came out a lot more paranoid

Looking forward to what new SANS training comes to these shores in 2009.