IT Professionals Gather to Study Strategies for Security
by Lois Stephens

Recognizing the best defense for the stealth tactics of hackers is preparedness, 250 information technology specialists from colleges and universities across the country recently gathered to learn more about how to protect their vital information assets.

Hacker Techniques, Exploits, and Incident Handling was the topic of the March 6-11 Internet Security Training Workshop. Sponsored by Virginia Tech and the SANS (SysAdmin, Audit, Network, Security) Institute, the course kicked off with President Charles Steger welcoming the group to the university.

The training helped participants understand attackers' tactics and strategies and provided hands-on experience in finding vulnerabilities and discovering intrusions. A comprehensive incident handling plan and in-depth information also helped them prepare to turn the tables on computer attackers.

The workshop addressed the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Sessions included a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so IT specialists can prepare, detect, and respond to them, and a hands-on workshop for discovering holes of vulnerability.

The legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence were also included.

"Virginia Tech was the first school to offer a complete SANS Global Information Assurance Certification (GIAC) track for higher ed, community colleges, or K-12 schools," said Randy Marchany, director of Virginia Tech's IT security lab and coordinator of the workshop. "Other educational institutions have started to offer full week SANS courses, but Virginia Tech is able to host the largest classes because of the superb infrastructure and conference group we have," he reported.

Alan Paller, director of research for the SANS Institute, praised Virginia Tech for taking the lead in the area of IT security training. "This year, more than 3200 people from universities and other educational institutions all over the U.S. will get high quality training in cybersecurity because of an innovative program first conceived and pioneered at Virginia Tech.

More than 250 information technology specialists from colleges and universities across the country gathered in March in Torgersen Hall for the Internet Security Training Workshop.

Their innovation radically lowers the cost of immersion cybersecurity education by bringing together large numbers of security practitioners from dozens of universities and schools, providing low-cost housing and food, and by providing proctors to enable students to have hands-on support, and most importantly, by persuading SANS to cut the cost per student by as much as 75 percent," said Paller.

The instructor for the course was Ed Skoudis, founder and senior security consultant with Intelguardians, a Washington, D.C. based information security consulting firm.

"The class was great," said Patricia Vendt, a participant from Wright State University in Dayton, OH. "Ed Skoudis was simply amazing...he added to the class with his 'crack the hacker' challenges and by drawing analogies that were totally appropriate for the audience."

Aras "Russ" Memisyazici, IT/development specialist for Outreach Technology Services, also found the course to be outstanding. "The instructor gets down to the nitty gritty of the tools and gives you full, real-life strategies for defense. He definitely opened my eyes about general misconceptions in the IT world today."

For more information about next year's workshop, contact Randy Marchany at marchany@vt.edu or Alice Clawson in Continuing and Professional Education at aliceb@vt.edu.