SANS chases ambulances
Best line from this: "We haven't determined pricing yet, but it would be inappropriate to try to capitalize off of this attack."
Date: Fri, 3 Aug 2001 18:36:07 -0600 (MDT) From: The SANS Institute (email@example.com) Subject: Securing Microsoft's IIS Web Server To: Hello, I am Stephen Northcutt, from the SANS Institute. The recent code red worm has been an interesting and instructive experience for all of us. We are very fortunate that this worm was essentially benign; it did not delete files and only consumed bandwidth and took down routers. Things could have been a whole lot worse! As you know, the root cause of the problem is poorly configured Microsoft IIS web servers. If we don't learn to deploy IIS properly, then any vulnerability in IIS can be used to start another worm and we will have to go through the whole mess again. In this world of copycat attacks, is a significant and immediate possibility. Please ask your MCSEs and others managing Windows systems to get your IIS systems configured safely. Microsoft certification does *not* cover this material or much security at all. We each need to do our part to get this mess cleaned up. SANS Instructors, Jason Fossen and Eric Cole are available during the next few weeks to teach a special one-day course on Securing IIS. The description of this course can be found at: http://www.sans.org/sec_IIS.htm We have found space in several cities in the coming weeks. The draft schedule is included at the bottom of this note. We will run this class only in those cities in which there is sufficient interest. If you are interested in attending, or sending your people drop us a note at IIS@sans.org by Wednesday, August 8. Tell us your name and your organization's name, the city (and date) you would attend, and the number of people from your organization who will definitely come, the number who will probably come, and the number who may possibly come. If you are running Unix and you know someone running Windows IIS, please forward this note to them. If we have enough interest, we will run the courses. We haven't determined pricing yet, but it would be inappropriate to try to capitalize off of this attack. When we know the cities in which people are interested in attending the course, we will calculate the hotel, travel and printing and other costs and compute an average and send the price (probably under $250) to everyone who asks us to hold space for them. Regards, Stephen Northcutt The SANS Institute Ottawa - August 13 Crowne Plaza New York City - August 20 Sheraton New York Atlanta - August 22 Sheraton Colony Square Raleigh - August 25 Sheraton Imperial Boston - September 11 Boston Park Plaza Chicago - September 13 Westin Michigan Avenue Los Angeles - September 15 Westin Hotel San Jose - September 17 Sheraton San Jose Washington DC - September 22 Renaissance Hotel