Can someone recommend people who would do a great job on
monitoring any one or more of the following areas as a (paid) security
watcher?
Cryptography and cryptography standardization
JAVA security
Denial of Service attacks
Web Server security
Legal changes
Firewalls
Cyber-terrorism
Solaris security
AIX security
Windows/NT security
PC viruses
MVS security
SGI security
HP-UX security
Linux security
BSDI security
We are looking for people who notice the important developments and
don't get caught up in trivia.
The successful candidates will provide initial submissions for the
editors (Matt Bishop, Michele Crabb, Gene Schultz, Marcus Ranum,
and Rob Kolstad) of the new network security digest that is distributed
to people who have attended SANS and Network Security Conferences. The
hard part of the job is writing briefly. Each monthly issue takes less
than 3 minutes to read.
Here is the table of contents of the January 97 issue. Each item includes
the problem and the solution (if one has been found).
1. SGI's Factory Installed OutofBox software and systour demos
pose security risk.
2. The hoax that won't go away. Tell your users where to find the
latest information about hoaxes.
3. Yet another security hole in BSD based lpr (including Linux,
AIX, FreeBSD). Local users can exploit this to get root access.
4. 65 FAQS on World-Wide-Web Security Issues. Example: What CGI
scripts are known to contain security holes?
5. Graphical Tools to evaluate security log files
6. HP security risk: Remote Watch.
7. System crashing? Large ping data packets can crash or freeze
some hosts.
8. The Microsoft Word Virus: The macro virus spreads and can infect
Excel too.
Thanks in advance for your suggestions.
Alan Paller
SANS Coordinator
BTW: If you are attending SANS this year, try to catch the Security
War Games course that Matt Bishop and Alex Yuriev are creating.
They will be simulating a series of intrusions and how to defend against
them.
|
|
