Global Information Assurance Certification Paper
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Global Information Assurance Certification Paper
Copyright SANS Institute
Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.
Interested in learning more?
Check out the list of upcoming events offering
"Security Essentials Bootcamp Style (Security 401)"
at http://www.giac.org/registration/gsecShould You Use Microsoft Passport, .NET, and .Net My Services?
By Richard Zurlnick
This report details certain security risks and potential defects of the Microsoft Passport
Service, .NET, and .NET My Services and considers the conduct of the Microsoft
s.
Corporation This is a particular technology that has legal and regulatory ramifications. A
ht
proposal addressing these issues is included.
rig
Passport and .NET are being promoted heavily at the time if this writing. Passport is a
single sign-in authentication service for .NET, designed for consumers and Web
ull
merchants. A user can authenticate once through Passport and for the remainder of that
session, the user will be automatically be permitted access to other secure .NET Web
f
sites. Consumer information can be stored by Passport so that credit card numbers and
ns
shipping
Key addresses
fingerprint will automatically
= AF19 FA27 2F94 998D be transferred
FDB5 DE3D to the Web
F8B5 merchant
06E4 when a user
A169 4E46
tai
makes a purchase. Currently, users of Hotmail, MSN Messenger and Microsoft Certified
Partners are required to use Passport. Other services such as My Calendar, My Wallet,
re
My Address, My Profile My Contacts, and My Notifications, will be tied to Passport.
or
At this time, Passport is available at no charge to users.
th
In the future, Passport will be the single sign-in for .NET My Services (formerly named
Hailstorm) that will launch in 2002. All users and companies will pay a fee to use .NET
Au
My Services. It will permit users from any company or to communicate with users from
any other participating company regardless of the applications or systems native to each.
2,
In this way, business can be conducted without forming custom templates for invoices,
00
databases etc. The information and services will be available from a range of devices
-2
including hand held devices and cellular phones.
Passport and .NET use the following nonproprietary programming standards: i ii
00
1. XML: Extensible Markup Language
20
XML uses symbols to describe the contents of a page or file, as does HTML.
te
However, XML describes the content according to the data being presented, not
tu
just how it is displayed. XML can be used to by disparate systems across the web
to interchange data.
sti
In
2. UDDI: Universal Description, Discovery, and Integration
UDDI is a registry service designed to act as a sort of telephone book for the
NS
Internet. Any business can list themselves by name, product, location, or the Web
services they offer. The goal is to allow businesses to find each other easily on
SA
the Web and interact with each other without incompatibilities.
©
3. SOAP: Simple Object Access Protocol
SOAP provides an avenue for different operating systems to communicate with a
common program by standardizing how HTTP headers and XML files are
encoded. Thus, a Windows computer can call a program in a Linux computer
over the =Internet
Key fingerprint and then
AF19 FA27 2F94pass andFDB5
998D retrieve data.F8B5 06E4 A169 4E46
DE3D
4. WDSL: Web Services Description Language
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.WDSL is an XML-based language that specifies the services available at a
business and provides a method for others to access to those services over the
Internet. It supports UDDI.
The security aspect of .NET is founded on the Microsoft Passport authentication service.
s.
On September 21, 2000, Microsoft announced that Passport authentication will be
ht
handled by the Kerberos system. Kerberos was invented at the MIT Institute, and is
rig
freely available with copyright provisos similar to that of the BSD operating system.
Kerberos issues time limited, encrypted tickets to users who can then move from service
ull
to service without reauthenticating. Each time a user switches to a new service, Kerberos
issues a new ticket based on encrypted information from the client.
f
Kerberos is well maintained and is likely the best choice for .NET, but it is vulnerable.
ns
A visit
Key to the Kerberos
fingerprint = AF19home
FA27page
2F94security section
998D FDB5 reveals
DE3D a litany
F8B5 06E4ofA169
vulnerabilities
4E46 that
tai
affect it.iii The bugs range from buffer overflows to root vulnerability to denial of
service attacks. The CERT/CC (Carnegie Mellon Emergency Response Team
re
Coordination Center) states in Advisory 2000-06 “If vulnerable services are enabled on
or
the Key Distribution Center (KDC) system, the entire Kerberos domain may be
compromised.”iv When corporations and ordinary users trust it in the .NET paradigm,
th
the attacks on Kerberos and its integrity will increase in number and severity.
Au
Microsoft has altered Kerberos with its own proprietary extensions that can potentially
cause compatibility issues with non-Windows servers. At issue is a digitally signed PAC
2,
(Privilege Attribute Certificate) added to Kerberos by Microsoft that is not compatible
00
with the DCE (Digital Computing Environment), an agreed upon standard by which
-2
computers can exchange data and use applications through networks.v Microsoft itself
states, “UNIX systems using MIT's Kerberos implementation need some special
00
configurations to be able to participate in a Windows 2000 domain using Kerberos
authentication”vi
20
There is a potential Denial of Service to Windows clients attempting to receive
te
authorization to use services from a non-Windows server because not every company or
tu
organization will install a Widows proxy server or perform the configuring and mapping
necessary to become compatible with the Microsoft version of Kerberos.vii Such
sti
companies and organizations may be denied a certificate to be in the “federation of trust”
In
by Microsoft and therefore not eligible to participate in the Passport system.
Microsoft has subverted a freely available and widely used authentication protocol by
NS
requiring proprietary modifications in any non-Windows server.viii This becomes a
serious issue when, as Microsoft plans, Passport becomes the dominant authentication
SA
service on the Internet. Windows XP makes no fewer than 5 attempts to convince a new
user to sign up for Passport.
©
During the final editing of this report, Microsoft announced that it would use an industry
standard version of Kerberos. The point can still be made though, that the first
inclination of Microsoft is to use its monopoly position to exclude competitors.
It is still true, however, that while Passport will have no trouble authenticating users, the
PACfingerprint
Key can prevent = users
AF19 from
FA27receiving
2F94 998Dauthorization
FDB5 DE3D to services
F8B5 06E4offered
A169by4E46
non-Windows
servers.ix
Passport itself has several known vulnerabilities. Dave Thomas of Bugtoaster, the
software quality assurance company inadvertently discovered a security hole when using
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.Passport with Windows 95/98 machines. The client DUN (dial-up networking) uses a
shared API (Application Program Interface) to summon the Passport credentials from an
encrypted file. When the user logs into the Passport Data center, the API passes the
username and password in clear text from one process to another in a known memory
area specified by the API for Windows. An attacker can easily write a worm designed to
s.
retrieve and transmit the credentials thereby compromising the user’s data and possibly
ht
their finances.
rig
Windows 2000 and NT do not pass unencrypted login information through memory but
are still vulnerable. Steve Gibson, who heads the computer security firm of Gibson
ull
Research (http://.grc.com,) states that an attacker can write a worm that records
keystrokes from any version of Windows and transmit the results which include the
f
username and password.x
ns
Microsoft
Key has an= infamous
fingerprint AF19 FA27 reputation for deficient
2F94 998D FDB5 DE3Dsecurity.
F8B5The following
06E4 incidents
A169 4E46
tai
illustrate its inadequate enforcement of its own security policies:
On March 22, 2001, an individual who falsely claimed to be a Microsoft employee used
re
social engineering techniques to convince Verisign Inc. to issue official digital
or
certificates with the common name "Microsoft Corporation". An attacker can use these
th
certificates to distribute malicious code that professionals and ordinary users would trust
as genuine Microsoft code. In particular, the Class 3 certificates convey the ability to sign
Au
executable content including ActiveX controls, Office macros, and other software.
Potentially, the greatest harm can come from ActiveX and Office macros because both
2,
can be sent as either web pages or HTML mail. xi
00
Was Verisign at fault? Yes, but Microsoft hired Verisign to ensure the security and
-2
integrity of its certificates. Microsoft must have procedures in place to test the security of
not just its products, but also the agents assigned to distribute them.
00
On April 25, 2001, Microsoft Product Support Services (PPS) issued an advisory bulletin
concerning certain security hotfixes available only to its Premier Customers and Gold
20
Partners. From April 6, 2001 to April 23, 2001, Microsoft hotfixes downloaded to these
specific customers had been infected with the Funlove virus.xii
te
tu
This is a similar situation to the Verisign incident as it was a third party who distributed
the hotfix.xiii Microsoft must accept responsibility for damage done to its customers by
sti
the missteps of its officially sanctioned agents. Third party vendors must obtain a
In
certificate from Microsoft in order to deliver .NET compatible services. Potential .NET
customers must consider Microsoft’s track record before deciding if .NET will be as
NS
secure as possible.
On June 22, 2001, Microsoft failed to renew its Digital Certificate for
SA
secure.microsoft.co.uk, an e-commerce site for developers that wish to purchase software
before its official release. Visitors to the site could not be sure that it was the official
©
Microsoft entity.xiv
On January 4, 2001, Several Microsoft Websites experienced a blackout. Microsoft.com,
MSN, Hotmail, Expedia.com and MSNBC were all unavailable to users for a day. The
cause of this Denial of Service was, as Microsoft stated: “A Microsoft technician made a
configuration
Key fingerprintchange
= AF19to FA27
the routers
2F94 on the FDB5
998D edge ofDE3D
Microsoft's Domain
F8B5 06E4 Name
A169 4E46Server
network.” Knowledgeable Microsoft watchers say that one reason so many sites were
inaccessible is that all four of its Domain Name Servers were on the same subnet, a
vulnerable arrangement uncharacteristic of a sophisticated provider. xv
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.On October 16, 2001 Zdnet reported that a member of the Certified Partners area of
Microsoft.com was shown a VBS error message that led to detailed information about the
names and addresses of Microsoft’s Web and database servers in addition to usernames
and passwords provided in clear text. This area of Microsoft.com is gated by Passport.
Microsoft and third parties are capable of security holes that Passport does not guard
s.
against.xvi
ht
Microsoft has a less than stellar record in developing its own security products.
rig
On April 16, 2001 Microsoft issued Security Bulletin MS01-021, which contained a
patch for a Denial of Service vulnerability in the default configuration of its ISA (Internet
ull
Security and Acceleration) server, an enterprise firewall and Web cache server. If an
external attacker can induce a network user to open an HTML e-mail containing a request
f
of excessive length, the server will see it as access violation and will cease to pass traffic.
ns
This fingerprint
Key is significant because
= AF19 FA27the2F94
ISA was
998Dtouted
FDB5byDE3D
Microsoft
F8B5as06E4
security
A169 product,
4E46
tai
specifically a firewall.xvii
Microsoft products are frequent victims of exploits and virus and worm attacks. The
re
company issues patches on a regular basis, sometimes before a major attack takes place.
or
This was the case when the Code Red and Nimda worms caused the recent wave of
th
Microsoft server infestations. However, this serves to reinforce the argument that the
products are not introduced to the market in a secure state.
Au
John Pescatore of the well-respected Gartner Group issued an advisory on September 19,
2001 stating in part that:
2,
Gartner remains concerned that viruses and worms will continue to attack IIS until
00
Microsoft has released a completely rewritten, thoroughly and publicly tested, new
-2
release of IIS. Sufficient operational testing should follow to ensure that the initial
wave of security vulnerabilities every software product experiences has been
00
uncovered and fixed. This move should include any Microsoft .NET Web services,
which requires the use of IIS. Gartner believes that this rewriting will not occur
20
before year-end 2002 (0.8 probability)xviii
te
There are a number of privacy and security issues to consider before agreeing to use
tu
.NET and Passport. The Passport login consists of the user’s e-mail and password. It is a
relatively easy matter to obtain someone’s e-mail address and then use standard password
sti
guessing or cracking techniques to gain access to their account. An attacker would be
In
authenticated to the Web sites holding the user’s bank accounts, credit cards, e-mail,
personal files, calendar, etc. In the case of .NET My Services, an unknown hacker or a
NS
competitor could access business applications, financial accounts, and sensitive files and
e-mail.
SA
There are privacy concerns based on the constant collecting and storing of personal data.
As the Passport grows and matures, the network will contain considerable information
©
about the personal habits, choices, and relationships of its viewers. Details about one’s
personal health and employment can be stored on .NET. The temptation to capitalize on
this valuable consumer/employee information will be powerful.
The Passport Whitepaper states: “Microsoft Web sites or services are not allowed to mine
the .NET
Key Passport
fingerprint database
= AF19 FA27 and do not
2F94 998Dhave access
FDB5 to it.F8B5
DE3D Microsoft
06E4will
A169 not4E46
share .NET
Passport information with any Microsoft or third-party service operator.” The same
Whitepaper leaves a loophole: “This document is for informational purposes only.
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.MICROSOFT MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS
DOCUMENT.”xix
Microsoft has shown itself to be a vigorous legal advocate for itself. Its Attorneys
threatened Slashdot.com for discussing the Kerberos implementation that Microsoft had
published on the Internet, claiming such discussions were violations of the Digital Media
s.
Copyright Act.xx A company attorney warned a former Microsoft contract employee,
ht
Jason Bishop, who worked on the development of SOAP, just before he was to give a
rig
speech at Java-XML SIG. Mr. Bishop had done nothing to indicate that he would violate
any agreement between himself and Microsoft. Three Microsoft SOAP people, including
ull
one attorney came to the meeting, ostensibly to intimidate Bishop.xxi
In its Passport Whitepaper, Microsoft emphasizes the security measures built into
f
Passport such as redundancy, SSL (Secure Socket Layer), and Triple DES (Data
ns
Encryption
Key Standard).
fingerprint = AF19However,
FA27 2F94 just in the
998D past DE3D
FDB5 ten months,
F8B5Micrososft
06E4 A169has spread a
4E46
tai
virus to its favored customers through a hotfix, handed out an official Microsoft digital
certificate to an imposter, experienced a blackout by its own hand, neglected to renew a
re
digital certificate for one of its Web sites, released a flawed firewall, attempted to
or
interfere with a discussion on a Web site, revealed confidential information about its
th
servers and users, and issued 51 Security Bulletins.
Consumers, businesses, and governments will be investing a great deal of faith in
Au
Microsoft and its “federation of trust” (third parties). What liability will Microsoft have
if it or one of the third parties neglects to follow security procedures as has happened in
2,
the past? Microsoft tends to use tunnel vision when it pursues a goal. There is little
00
regard for antitrust concerns or consumer protection. Its softly worded Security Bulletins
-2
do not assuage the professional computer security community.
On April 3, 2000,U.S. District Court Judge Thomas Penfield Jackson ruled “…Microsoft
00
used its monopoly power by anticompetitive means and attempted to monopolize the
Web browser market, both in violation of §2. Microsoft also violated § 1 of the Sherman
20
Act by unlawfully tying its Web browser to its operating systems.” (An appeal is
pending).xxii In September 2001, The Consumer Federation of America, Consumers
te
tu
Union, Media Access Project and U.S. Public Interest Research Group, joined together to
write a letter to federal and state prosecutors that expressed their belief that Microsoft is
sti
flaunting the ruling of the federal appeals court by integrating its Internet services into
In
Windows XP.xxiii
Microsoft has recently used the image of a padlock to demonstrate its new emphasis on
NS
security but there is no clear or prominent warning on the Passport sign-up page that
discloses the possibility of lost or stolen data, compromised user ID’s and passwords,
SA
disclosure of private information, or service blackouts. Microsoft simply offers a
disclaimer of responsibility within its Passport “Terms of Use” document.xxiv
©
A vendor can never promise total security for data or 100 % uptime. However, when a
vendor seeks and is likely to become the dominant authenticator of the Internet for
consumers, business and governments, then a mandatory disclosure of the risks involved
seems reasonable.
Before
Key it is permitted
fingerprint = AF19collect
FA27fees to 998D
2F94 directFDB5
the majority
DE3D of Internet
F8B5 06E4commerce
A169 4E46 through its
servers, consumers and businesses must be shielded from Microsoft’s legal might and
must be granted inexpensive avenues of recourse for damage that exceeds that legal
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.threshold. This will require a sort of “Internet Bill of Rights” piece of legislation passed
by Congress and regulated by the Federal Communications Commission.
It will contain these elements:
1. A statement indicating the thresholds of damages, losses, and blackouts caused by
s.
a Web entity that has not followed its own procedures or neglected to act
ht
reasonably to prevent a damaging failure.
rig
2. A disclosure of risks associated with the use of the particular Internet service.
3. An uncomplicated specific procedure that allows consumers to contact the vendor
ull
and make a claim for losses and damages beyond the legal threshold.
4. The appropriate state and federal agencies to contact if the vendor disallows the
f
consumer’s claim.
ns
Key5.fingerprint
Certain restrictions
= AF19 FA27 against
2F94predatory
998D FDB5lawsuits
DE3D brought by monopolies
F8B5 06E4 A169 4E46 against
tai
consumers or public interest groups.
re
Any Web entity that accepts payment for goods and services would be required to
or
post this Bill of Rights with a link from the home page. The page that collects the
th
payment would contain the full text of the Bill of Rights. When services are provided
for no charge, the Web entity would be required to post only a disclosure of risks in
Au
the same way.
Should you use Microsoft Passport .NET and .NET My Services? Consider the
2,
record of the Microsoft Corporation regarding its privacy and security foibles, its
00
anticompetitive tendencies and anti-consumerism, and its powerful and intimidating
-2
legal tactics. The degree of personal risk is difficult to quantify, but you should use
Passport and .NET only if it fills very important needs in your personal or
00
professional life.
20
te
tu
sti
i
Eisenberg, Robert. “What is HailStorm?” DevX.com. April-June 2001. URL:
In
http://www.enterprise-zone.com/articles/hailstorm/reisenberg/reisenberg-01.asp
ii
http://whatis.techtarget.com/
NS
iii
http://web.mit.edu/kerberos/www/advisories/index.html
iv
http://www.cert.org/advisories/CA-2000-06.html 17 May 2000
SA
v
Ts’o, Theodore. “Microsoft ‘embraces and extends’ Kerberos V5.” Usenix.org. 3 Dec. 1997. URL:
http://www.usenix.org/publications/login/1997-11/embraces.html
©
vi
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ssssprodtechn
ol/ windows2000serv/ maintain/featusability/rsvpker.asp
vii
Orlowski, Andrew. “Why Microsoft's Open HailStorm promises flatter to deceive.” The Register.
21 September 2001. URL: http://www.theregister.co.uk/content/archive/21792.html
viii
Babcock, Charles. “Kerberos Made To Heel To Windows 2000.” zdnet.com. 28 February 2000. URL:
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
http://www.zdnet.com/zdnn/stories/news/0,4586,2449668,00.html
ix
Orlowski, Andrew. “Why Microsoft's Open HailStorm promises flatter to deceive.” The Register.
21 September 2001. URL: http://www.theregister.co.uk/content/archive/21792.html
x
Rush, Wayne. “Your Stolen Passport.” zdnet.com 26 Sept 2001. URL:
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2814881,00.html
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.xi
Poulsen, Kevin “Microsoft vexed by falsified certs.” Security Focus. 22 May 2001
URL: http://www.securityfocus.com/news/178
xii
Weiss, Todd R. “Missing Antivirus Software Left Microsoft Clients Vulnerable.” 26 April 2001
s.
http://www.computerworld.com/storyba/0,4125,NAV47_STO59982,00.html
xiii
ht
Leyden, John. “Microsoft Hotfixes Infected With Funlove Virus.” The Register. 25 April 2001.
URL: http://www.theregister.co.uk/content/archive/18516.html
rig
xiv
Leyden, John. “Microsoft Fails to Renew its Digital Certificate.” The Register. 29 June 2001.
URL: http://www.theregister.co.uk/content/archive/20082.html
ull
xv
Leyden, John. “Microsoft Blames Lowly Techie For Web Blackout.” 25 January 2001.
URL: http://www.theregister.co.uk/content/archive/16354.html
f
xvi
Berlind, David “Microsoft.com error reveals IDs, passwords.” 16 Oct 2001 URL:
ns
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2818129,00.html
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
tai
xvii
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bull
re
etin/ms01-021.asp 25 April, 2001
xviii
Pescatore, John. “Nimda worm Shows you can’t always patch fast enough” 19 Sept. 2001
or
http://www3.gartner.com/DisplayDocument?doc_cd=101034 19 Sept. 2001
xix
http://www.microsoft.com/myservices/passport/technical.doc Sept. 2001
th
xx
Kermath, Annie. “Slashdot Gives Microsoft Lawyers The Bum’s Rush.” 19 May 2000.
Au
URL: http://www.theregister.co.uk/content/archive/10934.html
xxi
Lettice, John. “Microsoft Sends in Lawyers to Stop ‘Open’ SOAP From Getting Out” 25 May 2000.
2,
URL: http://www.theregister.co.uk/content/archive/10986.html
xxii
00
BBCNews. “Excerpts from the Guilty Verdict.” 3 April 2000 URL:
http://news.bbc.co.uk/hi/english/in_depth/business/2000/microsoft/newsid_700000/7
-2
00702.stm
xxiii
Ricuitti, Mike. “Strategy: Blueprint Shrouded in Mystery.” 18 Oct. 2001
00
URL: http://news.cnet.com/news/0-1003-201-7502765-0.html
xxiv
http://www.passport.com/consumer/termsofuse.asp?lc=1033&id=950&cb=0&cbid=
20
te
tu
sti
In
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2002 As part of GIAC practical repository. Author retains full rights.Last Updated: January 26th, 2021
Upcoming Training
SANS Cyber Security West: Feb 2021 , Feb 01, 2021 - Feb 06, 2021 CyberCon
Open-Source Intelligence Summit & Training 2021 Virtual - US Eastern, Feb 08, 2021 - Feb 23, 2021 CyberCon
SANS Secure Japan 2021 , Japan Feb 22, 2021 - Mar 13, 2021 CyberCon
SANS Scottsdale: Virtual Edition 2021 , Feb 22, 2021 - Feb 27, 2021 CyberCon
Virtual - Greenwich
SANS London February 2021 Mean Time, United Feb 22, 2021 - Feb 27, 2021 CyberCon
Kingdom
SANS Cyber Security East: March 2021 , Mar 01, 2021 - Mar 06, 2021 CyberCon
SANS Secure Asia Pacific 2021 Singapore, Singapore Mar 08, 2021 - Mar 20, 2021 Live Event
SANS Secure Asia Pacific 2021 , Singapore Mar 08, 2021 - Mar 20, 2021 CyberCon
SANS Cyber Security West: March 2021 , Mar 15, 2021 - Mar 20, 2021 CyberCon
SANS Riyadh March 2021 , Kingdom Of Saudi Mar 20, 2021 - Apr 01, 2021 CyberCon
Arabia
SANS Secure Australia 2021 Canberra, Australia Mar 22, 2021 - Mar 27, 2021 Live Event
Virtual - Central
SANS Munich March 2021 European Time, Mar 22, 2021 - Mar 27, 2021 CyberCon
Germany
SANS Secure Australia 2021 Live Online , Australia Mar 22, 2021 - Mar 27, 2021 CyberCon
SANS 2021 , Mar 22, 2021 - Mar 27, 2021 CyberCon
SANS Cyber Security Mountain: April 2021 , Apr 05, 2021 - Apr 10, 2021 CyberCon
Virtual - Central
SANS SEC401 (In Spanish) April 2021 European Summer Time, Apr 12, 2021 - Apr 23, 2021 CyberCon
Spain
SANS Cyber Security East: April 2021 , Apr 12, 2021 - Apr 17, 2021 CyberCon
SANS London April 2021 Virtual - British Summer Apr 12, 2021 - Apr 17, 2021 CyberCon
Time, United Kingdom
SANS Autumn Australia 2021 Sydney, Australia Apr 12, 2021 - Apr 17, 2021 Live Event
SANS Autumn Australia 2021 - Live Online , Australia Apr 12, 2021 - Apr 17, 2021 CyberCon
SANS Secure India 2021 , Singapore Apr 19, 2021 - Apr 24, 2021 CyberCon
SANS Baltimore Spring: Virtual Edition 2021 , Apr 26, 2021 - May 01, 2021 CyberCon
SANS Cyber Security Central: May 2021 , May 03, 2021 - May 08, 2021 CyberCon
SANS Security West 2021 , May 10, 2021 - May 15, 2021 CyberCon
SANS Cyber Security East: May 2021 , May 17, 2021 - May 22, 2021 CyberCon
Virtual - Central
SANS Stockholm May 2021 European Summer Time, May 31, 2021 - Jun 05, 2021 CyberCon
Sweden
Virtual - Central
SANS In French May 2021 European Summer Time, May 31, 2021 - Jun 05, 2021 CyberCon
France
SANS Cyber Security Central: June 2021 , Jun 07, 2021 - Jun 12, 2021 CyberCon
SANS SOC Training 2021 , Jun 14, 2021 - Jun 19, 2021 CyberCon
SANS Cyber Security Mountain: June 2021 , Jun 21, 2021 - Jun 26, 2021 CyberConYou can also read
