SANS Technology Institute: Security Musings
Welcome to the Security Musings on sans.edu. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. These security musings are an informal set of articles, book reviews and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512, Security Leadership Essentials and the GIAC Security Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Musings Article Feed
- Information Security Travel Guide >> View This Series Only
Stephen Northcutt, an Information Security Researcher, United Airlines 1k, Writer and Instructor, documents the struggles of the travel and hospitality industries as we all face rapidly increasing energy costs. He and his peers share their travel experiences and give you quick tips and short reviews of the companies they do business with as they travel. If you came across this article because of a Google search, what you want is probably here, just use find with your browswer (CTRL - F), it is easier than reading from top to bottom; however, you may get some useful tips if you stick around and read.
United Airlines 1k Travelers News - Updated November 18th, 2008
By Stephen Northcutt
This United 1k traveler collects pertinent news and blog items about airlines, especially United Airlines.
Information Security Travel Guide: November - December 2008, Kauai to Italy - November 13th, 2008
By Stephen Northcutt
Stephen spends some time before a trip to Italy, London and beyond, to get caught up on all the latest information security courses, blogs and alerts. Also, he shares some recent trends in the airline industry that are important to frequent and casual travelers alike.
Information Security Travel Guide: October 2008, Kauai to Monterey CA and Richmond VA - Updated November 11th, 2008
By Stephen Northcutt
Version 1.4A two week trip to Monterey, CA and Richmond, VA has commenced for this instructor, and there are a lot of stories to discuss about information security, travel, airlines, and the hospitality industry.
Information Security Travel Guide: October 2008, Kauai to Houston - Updated October 22nd, 2008
By Stephen Northcutt
Stephen spends some time before his trip to Houston to offer some findings from his internet searches on airlines, travel experiences and information security. Then, safely booked at a hotel in the Galleria area, he shares some of the ups and downs of running a small MGT512 class at the Hilton Garden Inn, Galleria area.
Information Security Travel Guide: September 2008, Kauai to Las Vegas - Updated October 8th, 2008
By Stephen Northcutt
We will talk about security, safety, travel experience, and of course, restaurants. In this edition, Stephen documents his travels, beginning home on Kauai in preparation for a trip to Las Vegas and SANS Network Security 2008.
Information Security Travel Guide: August-September 2008, Boston, Richmond, Virginia Beach, Chicago, Branson - Updated September 23rd, 2008
By Stephen Northcutt
Version 1.4In this edition, Stephen documents his travels, including Boston, Fredericksburg Virginia, Virginia Beach, Richmond Virginia, Chicago, Branson MO and Chesterfield Virginia, including restaurants and products encountered. Lots of people say they want to travel; Kathy and Stephen are living the dream, working their way with writing and teaching across this nation and the world.
Information Security Travel Guide: July 2008, Quantico, Atlanta and Washington DC - Updated October 23rd, 2008
By Stephen Northcutt
Version 1.2A three week trip to Quantico, VA, Atlanta, GA, and Washington, D.C. provides this instructor with a wide range of travel and hospitality experiences. Hopefully you can glean some useful tips in this travel diary from a very frequent flier.
Information Security Travel Guide: Tips for Traveling - Updated November 13th, 2008
By Stephen Northcutt
One of the readers of the SANS Information Security Travel Guide asked me to put all the travel tips in one place, so here is a consolidation of tips from my travel experiences and research.
Ethics in Information Security - November 6th, 2008
By Stephen Northcutt
This is a response to an article by David Mortman that was posted on Search Security. Before, I go any further, I want to state that I agree with David more than I disagree with him, however, Seach Security needs to do more fact checking. I felt his earlier article also suffered from opinion over fact and contacted him to try to share information.
- Book Reviews >> View This Series Only
Here we are gathering book reviews on information and network security, management, and leadership.
Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart - October 31st, 2008
By Stephen Northcutt
Quoting another reviewer, Kevin Thompson, gives us an idea about this book on the information security profession: "Not to say that the rest of the book isn't valuable, but if you only had 30 minutes to get the point of the book, I would say read chapter 4."
Book Review: Crimeware, by Jakobsson and Ramzan - July 12th, 2008
By Stephen Northcutt
Version 1.1Jakobsson and Ramzan, set a new standard for security books with Crimeware; it is both eminently pragmatic and, at the same time, a scholarly work, I thought I knew a bit about malware, but I learned tons from the book.
Book Review: Dreams from My Father, by Barack Obama - February 4th, 2008
By Stephen Northcutt
Barack Obama's book, Dreams from My Father, is reviewed here by Stephen Northcutt of the SANS Technology Institute. Stephen feels that the book ends better than it begins; in fact, he believes that Mr. Obama was very generous to let so many strangers into his headspace.
Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen - January 11th, 2008
By Stephen Northcutt
After reading this book by Vyncke and Paggen, you will never think about layer 2 the same way again. We quickly learn that, from a security perspective, a switch is neither a mindless toaster nor an insignificant appliance.
Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath - January 2nd, 2008
By Stephen Northcutt
The Blog digest version of Stephen Northcutt's book review for Made to Stick: Why Some Ideas Survive and Others Die.
Book Review: Geekonomics, by David Rice - December 27th, 2007
By Stephen Northcutt
Geekonomics, by David Rice, is a new book about the real cost of insecure software; this is not a book just for technical people, but every thinking man and woman should read it.
Book Review: End-to-End Network Security, by Omar Santos - December 6th, 2007
By Stephen Northcutt
If you are an intermediate to expert security practitioner and you want to page through the book to find security topics that you do not know about, that is a great use of Santos' End-to-End Network Security, but there is very little depth beyond that.
Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone - November 27th, 2007
By Stephen Northcutt
As a computer security author, I am always interested in hearing about other authors and their projects. Here is one from Mark Stone and he has been working on a project called Behind the Screen: Hacking Hollywood. Who knows, he may be a household (SOChold?) name in a year or two.
Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor - October 31st, 2007
By Stephen Northcutt
If you are going to be installing wireless it is a good idea to read this book; a lot of the information applies regardless of what brand of equipment you select. And as for me, I don't think I will ever look at a Linksys router in the same way again; from now on I will be wondering just exactly what is going on beneath the hood.
Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb - October 27th, 2007
By Stephen Northcutt
A black swan is a surprising or virtually unpredictable event that can have a massive impact. Nassim Taleb's observation, in his book The Black Swan, is that, after the fact, we concoct a narrative to explain it. His book is hard reading and people are either going to like this book or hate it. I have a thick skin, I choose to like it. He made me work pretty hard to get through it, but the mind is a muscle, and I, for one, thank Taleb.
The Best Security Books to have in your library - October 25th, 2007
By GIAC Advisory Board
What are the best security books to have in your library? To find out, Stephen Northcutt polled the GIAC Advisory Board. (Students that score over 90 on their GIAC certification exams are invited to join the Advisory Board).
Book Review: The Age of Speed, by Vince Poscente - October 2nd, 2007
By Stephen Northcutt
Poscente creates an easy to memorize taxonomy of people and businesses: Zeppelins that can't achieve speed; balloons that don't have to; bottle rockets, fast, but misguided; and jets, which is what we want to be. It was a good start, but should have been developed more. The book is divided into 36 short essays that are usually about two pages long, yet a lot of the material is redundant.
Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz - August 21st, 2007
By Stephen Northcutt
Stephen Northcutt discusses Virtual Honeypots by Provos and Holz, and he finds it to be the best security book he's read this year: a perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it.
Book Review: Seduced by Success by Robert J. Herbold - June 26th, 2007
By Stephen Northcutt
When companies are successful they tend to hire too many people which raises costs, fractures lines of communications and leads to being unable to respond to changing industry trends. This is the core thought of Herbold, a long time executive at Proctor and Gamble and a seven year stint as Chief Operating Officer at Microsoft.
Book Review: Selling Blue Elephants, by Moskowitz and Gofman - June 25th, 2007
By Stephen Northcutt
The premise on the cover is: "How to make great products that people want before they even know they want them," and the primary focus of the book is Rule Developing Experimentation (RDE).
Book Review of Snow Crash leads to Second Life - April 18th, 2007
By Stephen Northcutt
As business leaders, we do not want to repeat history and be like some of the late adopters of the web who were so ignorant of its promise they didn't even register a domain name. Upon reviewing the book Snow Crash, Stephen Northcutt's advise is to buy the book, read the book, visit Second Life andinvest $25.00 to understand this new concept.
Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause - February 20th, 2007
By Gal Shpantzer and Stephen Northcutt
Version 1.1A colleague and former student of mine sent me a copy of this book to read with the following: The true story of an amazing journey of faith, teamwork and leadership ... and doing the impossible, over and over again.
Book Review - Information Security Law: Control of Digital Assets - February 19th, 2007
By Stephen Northcutt
This is the longest book on computer security law I have ever read. Every organization in the USA or that has significant dealings with the USA should probably have a copy on the shelves
Book Review - Cisco Network Admission Control - January 1st, 2007
By Stephen Northcutt
Cisco press was kind enough to send me this book for review and what great timing, I have been thinking about NAC a lot lately. It puts a useful network device management control in the hands of an information security manager and Cisco really does lead the market with their implementation.
Book Review: The Art of Software Security Assessment - December 19th, 2006
By Stephen Northcutt
This is one of those rare security books that has a chance to revolutionize the industry like Applied Cryptography, Snort 2.0, or Hacking Exposed.
- Excellent Conference Hotels >> View This Series Only
SANS is always looking for the best in conference hotels - Stephen Northcutt describes some of them.
What hotel should I choose in New Orleans - May 17th, 2008
By Stephen Northcutt
Hotel New Orleans.
The Marriott Wardman Park is my favorite Washington DC conference hotel - July 26th, 2007
By Stephen Northcutt
If you are running a conference event in Washington DC, and you do not need the downtown convention center, consider Northwest DC and, in particular, the Wardman Park Marriott Hotel. Stephen Northcutt of the SANS Technology Institute looks at three conference hotels in Northwest DC from the event planner's perspective.
Laptop Security - March 20th, 2008
By Ted Demopoulos and Stephen Northcutt
If there is one area of information security we need to make progress on, it is laptop security. They are small, easily sold, and valuable, and criminals are starting to understand the data they hold can be worth far more than the laptop itself. Here are some practical tips on physical security for laptops.
- Musings: Press Releases >> View This Series Only
This series will include press releases from The SANS Institute covering computer, network, and information security training.
Press Release: Management 512 Security Leadership Essentials for Managers now NIST SP800 Compliant - January 30th, 2008
By Stephen Northcutt
SANS announces computer security management training is now NIST SP800 compliant. SANS Security Leadership Essentials For Managers is now incorporating guidance from NIST Special Publications in the 800 series.
Press Release: MAC OSX now supported in SEC508 (Systems Forensics, Investigation and Response) - September 1st, 2007
By Rob Lee
Rob Lee announced today, "I am pleased to announce that my course now supports a student who wishes to bring a Intel Based MAC to the course. I performed a final live test with it this past week here in VA Beach with several students using a Intel Based MAC in the course."
Press Release: GIAC program change to all proctored exams - August 31st, 2007
By Stephen Northcutt
As GIAC moves forward with the ANSI 17024 accreditation process, all GIAC certification exams will be administered in a proctored environment. Administering all certification exams in a proctored environment will raise the credibility of the GIAC program and the certifications that individuals hold.
Press Release - SANS Partner Series Oct 15-19 SEC504: Hacker Techniques - August 31st, 2007
By Stephen Northcutt
SANS Partners with the State of Texas to teach Hacker Techniques, Exploits and Incident Handling Training at a substantial reduction in cost, October 15-19, 2007; SANS Partnership program is open to States, Law Enforcement, or Educational Institutions. What is particularly unique about this course offering is the pricing: SANS Partnership Series is an important way of delivering essential information security training at significant savings. The price for the upcoming class in Texas is $1150, about 1/3 of SANS regular pricing. You are eligible for this price if you are an employee of a state or local agency, a member of law enforcement at the state or local level, or a faculty or staff member from an accredited educational institution.
New Orleans and SANS Security 2008 - November 22nd, 2007
By Stephen Northcutt
The good news is SANS is going back to New Orleans, January 12 - 18 for SANS Security 2008. Let's take a look at what makes New Orleans one of the most unique cities in the United States and a great place to attend a conference.
Does GIAC need to create a HIPAA Certification? - October 31st, 2007
By GIAC Advisory Board
Recently, Stephen Northcutt was contacted by a former employee of HIPAA Academy telling him that GIAC needed to create a HIPAA certification. It seemed like a lot of work, but GIAC would be willing to do it if the world needed it. To get clarification, he asked the GIAC Advisory Board (students that score 90 or above on their exams are invited, and they are a pretty smart bunch of folks). Here are their thoughts.
GIAC Status Report October 2007 - September 19th, 2007
By Stephen Northcutt
As the Global Information Assurance Certification series enters its eighth year of operations and tenth year of development, I have been asked to update an article I wrote several years ago about GIAC. If someone told me in 1998 that one day I would run one of the most advanced technical security certification programs in the world, I would have laughed in their face. I had been given the offer several times, but flatly refused it because it sounded like a whole lot of work.
Is Civil Disobedience Ethical? - September 4th, 2007
By Stephen Northcutt
The current Hawaii Superferry controversy brings up important questions about the ethics of civil disobedience. Many of us are in fields that are governed by a code of ethics or
conduct. Let me encourage you to take a minute and take stock of your
own life and point of view. Under what circumstances might you
participate in civil disobedience, under what circumstances might you
withdraw?
Musings on Branding - Learning Tree - August 7th, 2007
By Stephen Northcutt
Stephen Northcutt examines the marketing materials created by Learning Tree in comparison to SANS branded materials, and he concludes, "...this package was
their ambassador and it did not move me. In the same way, our web page and our brochure
are our ambassadors. We need to make them as good as we can."
Is Tech Target deliberatly misleading with respect to Information Security Certification? - July 30th, 2007
By Stephen Northcutt
Stephen Northcutt of The SANS Technology Institute examines the premises and conclusions set forth by Robert Westervelt in a recent blog regarding current security certifications available to IT professionals.
Interview with Todd Bransford of Cyveillance - May 21st, 2007
By Stephen Northcutt
Stephen Northcutt's interview with Todd Bransford of Cyveillance, a cyber intelligence company whose service is to provide an additional layer of security by scanning outside the traditional network perimeter to identify threats on the open Internet.
Review of FISMA Certification and Accreditation Handbook by Laura Taylor - May 8th, 2007
By Stephen Northcutt
Laura Taylor's FISMA Certification and Accreditation Handbook is reviewed by Stephen Northcutt. The bottom line from Stephen: this book is complete, comprehensive, and accurate. He could not find one single example of the obtuse writing that tends to
show up in the NIST and other government documents, and he believes that the book gives you a real path
through the Federal certification and accreditation maze.
So, you're thinking about taking Management 512, SANS Security Leadership Essentials For Managers with Knowledge Compression - May 3rd, 2007
By Stephen Northcutt
Stephen Northcutt answers some questions about the SANS course, Management 512, SANS Security Leadership Essentials For Managers with Knowledge Compression, to give potential students an idea of what to expect when they take this class. Included in the discussion are hints about preparatory reading, who should attend, what you can expect to get out of the course, and how it differs from other security classes.
Response to SecurityFocus Op Ed, "It is time for a new certification" - May 2nd, 2007
By Stephen Northcutt
Stephen Northcutt discusses how the family of GIAC security certifications actually tests a student about the job someone might do; this is
becoming known as role based training and role based assessment or
certification, and it is important.
Interview with Steve Slater, founder of Security Compliance Corporation (SCC) - March 23rd, 2007
By Stephen Northcutt
An interview with Steve Slater, founder of Security Compliance Corporation (SCC), by Stephen Northcutt. The mission of SCC is to provide automated solutions to labor-intensive compliance efforts. Their first product, Access Auditor discovers and consolidates users' access rights across the enterprise, and provides a workflow for the re-certification process.
Interview with Maximiliano Caceres about CORE IMPACT - March 13th, 2007
By Stephen Northcutt
CORE IMPACT is an automated penetration testing product designed to help security managers prove the strength of their information security program. An interview with Maximiliano Caceres by Stephen Northcutt explores this GUI based exploit tool.
2006 Year in Review for Information Security: February Recap - February 23rd, 2007
By Stephen Northcutt
We are bombarded with so much information, it can be hard to keep track of the important trends in IT Security. This article, the second in a series of 12, is primarily based on the “Top of the News” from SANS NewsBites. The idea is to review some of the most important stories from 2006 to make sure we are grounded with the knowledge we need as we move into the future.
Interview with Laura Taylor (CISM), Author of the FISMA Certification & Accreditation Handbook - February 22nd, 2007
By Stephen Northcutt
Laura Taylor is Relevant Technologies' President and CEO. Her research has been used by the FDIC, the FBI, the IRS, the U.S. Federal Reserve, U.S. Customs, the U.S. Treasury, the White House, and many Fortune 500 companies.
Is Wikipedia Appropriate for College Citations? - February 21st, 2007
By Stephen Northcutt
CT News Update lead headline story begins: Vermont's Middlebury College has banned the use of the online encyclopedia Wikipedia as an acceptable source of academic information for students, United Press International reported.
Introducing: Podcasts from PaulDotCom Security Weekly - January 22nd, 2007
By Stephen Northcutt
On January 12, we released an article titled CERT is doing podcasts? While doing the research for this article, we came across PaulDotCom Security Weekly, a weekly computer security podcast, or pre-recorded Internet radio show, that focuses on security news, vulnerabilities, research, and hacking. We find the show and cast very interesting.
Book Review - The 21 Irrefutable Laws of Leadership, by John Maxell - January 1st, 2007
By Stephen Northcutt
Leadership books remind me of cooking: there are a finite number of common ingredients that make up the majority of dishes, but there seems to be an infinite number of ways to combine and present these ingredients.
Microsoft Word Considered Harmful to HTML - December 21st, 2006
By Stephen Northcutt, Brian Corcoran, and Sean Carolan
For years Stephen Northcutt and other content providers at the SANS Institute had written their content in Microsoft Word and sent the .doc files to the webmasters for posting. Since Microsoft Word had a translate to HTML function, surely it was not a big deal to convert from Word to Web. Or was it? It turns out using a WYSIWYG HTML editor can save your organization time and money.
2006 Year in Review for Information Security: January Recap - December 20th, 2006
By Stephen Northcutt
We are bombarded with so much information, it can be hard to keep track of the important trends in IT Security. This article, the first of a series of 12, is primarily based on the “Top of the News” from SANS NewsBites. The idea is to review some of the most important stories from 2006 to make sure we are grounded with the knowledge we need as we move into the future.
