CRIME Securing Windows 2000 - Hands on - Gold Standard, September 23, 2002 (fwd)

From: Toby (toby@private)
Date: Wed Aug 21 2002 - 12:47:25 PDT

  • Next message: T. Kenji Sugahara: "CRIME State Job Opening"

    I'm not going to be in town but for those of you who are, this 
    might be interesting.
    
    Toby
    
    ----------Forwarded message ----------
    Delivered-To: toby@private
    Return-Path: <sans@private>
    Received: from server2.SANS.ORG (server2.sans.org [167.216.198.40])
      by mail.seaport.net with esmtp; Wed, 21 Aug 2002 11:54:46 -0700
    Received: by server2.SANS.ORG (rbkq) id QAJ75051
    	for toby@private; Wed, 21 Aug 2002 12:44:20 -0600 (MDT)
    Date: Wed, 21 Aug 2002 12:44:20 -0600 (MDT)
    Message-Id: <200208218290.QAJ75051@private>
    From: The SANS Institute <sans@private>
    Subject: Securing Windows 2000 - Hands on - Gold Standard, September 23,
    2002
    Precedence: bulk
    Errors-To: bounce@private
    Sender: sans@private
    To: Toby Kohlenberg "(SD517245)" <toby@private>
    
    Securing Windows 2000 - Hands on - Gold Standard, September 23, 2002
    
    
    Greetings, if you are receiving this note it is because SANS believes
    you live near Portland, OR, where we are offering a one day, hands on
    course, on September 23, 2002, to teach you how to apply and audit the
    Gold Standard for Windows 2000 Professional. If you are not interested,
    I apologize for the intrusion and also at the very end of this note is
    information you can use to modify your email address or to unsubscribe
    from SANS mailings.
    
    If you want to attend, you will need a laptop with Windows
    2000 Professional. Registration is limited to a maximum of 55
    people to make the labs manageable. To register, please see
    http://www.sans.org/Win2KWorldTour and click on Portland, or an
    alternative city of your choice, if it is available.
    
    The Gold Standard is potentially the most important advance in
    information security. A US National Security Agency study found
    that more than 85% of successful system compromises would have been
    blocked had the owners been using the Gold Standard, which was jointly
    developed by the Center for Internet Security, NSA, DISA, NIST and
    GSA. In order for the defensive information community to realize the
    potential improvement available to us, we estimate we need to train
    150,000 men and women how to apply and audit the standard. You're
    smart, you do the math, there is no possibility we are going to reach
    our goal teaching 55 people at a time. We are asking you to consider
    coming and to certify and to teach people in your organization how
    to do this, we will make the support resources available to you. As I
    write this, we are racing to typeset and print a professional quality
    book to serve as the text for the Gold Standard.
    
    Tools you will learn include:
    SECEDIT.EXE
    SECURITY CONFIGURATION & ANALYSIS
    SECURITY TEMPLATES TOOL	
    HFNETCHK.EXE
    CIS SCORING TOOL
    
    SPECIAL NOTICE: The time it takes to complete one day courses with
    hands on labs can vary, please be prepared for the course to run late.
    
    The course is literally free of any fluff, we will teach you the
    standard in only one day out of the office. For this to be possible,
    we expect that you are already familiar with Windows 2000 and will
    download and install the HFNETCHK.EXE and CIS SCORING TOOL tools
    prior to coming to class.
    
    The secedit.exe tool is included as part of the Windows 2000 operating
    system. It is a command line utility and as such can be called from
    a batch file or logon script.  Secedit.exe is used to Analyze and
    Configure security on a Windows 2000 machine. It can be used to apply
    a security template.
    
    Security Configuration and Analysis is a GUI snap-in for the MMC that
    includes functionality of the Secedit.exe tool, plus a lot more. It
    is not a part of any built-in consoles but can be added to a custom
    console.
    
    The templates tool is also available as an MMC snap-in. It is not a
    part of any built-in consoles but can be added to a custom console. The
    templates tool will list all the built-in security templates by
    default, located in the C:\Winnt\Security\Templates directory.
    
    The HFNetChk tool was developed by Shavlik Technologies for
    Microsoft in response to many administrators' complaints
    about needing a reliable method for determining the exact
    local and remote service Pack and Hotfix level of target
    machines. HfNEtChk.exe is freely available from the Microsoft website,
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp
    
    The Center for Internet Security tool is available on
    http://www.cisecurity.org/ If you attend the course and your
    organization decides they want to be a part of the leading
    edge in information security, The Center for Internet Security,
    a not-for-profit organization dedicated to establishing minimum
    standards for security, will offer a discount on CIS membership.
    
    To register: http://www.sans.org/Win2KWorldTour and click on Portland,
    or an alternative city of your choice.
    
    The course will be held at a hotel in each city.   As soon as the
    exact course location is confirmed it will be listed on our website
    at: http://www.sans.org/Win2KWorld Tour.
    
    Kind Regards,
    
    Stephen Northcutt - The SANS Institute
    
    
    To change your subscription, address, or other information, visit
    http://www.sans.org/sansurl and enter your SD number (from the
    headers.) You will receive your personal URL via email.
    
    Unsubscribing will take you off any news bulletin lists for NewsBites
    or Security Alert Consensus as well as any conference information
    notes.
    
    You may also email sans@private with complete instructions and your SD
    number for subscribe, unsubscribe, change address, add other digests,
    or any other comments.
    



    This archive was generated by hypermail 2b30 : Wed Aug 21 2002 - 13:56:02 PDT