Security Applications of Bootable Linux CD-ROMs



Similar documents
Interested in learning more about security? The OSI Model: An Overview. Copyright SANS Institute Author Retains Full Rights

Interested in learning more about security? What is Code Red Worm? Copyright SANS Institute Author Retains Full Rights

How To Secure Your Small To Medium Size Microsoft Based Network: A Generic Case Study

The Mechanisms and Effects of the Code Red Worm

Easy Steps to Cisco Extended Access List

Red Hat Linux 7.2 Installation Guide

Introduction to Business Continuity Planning

NSS Volume Data Recovery

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Security Awareness Training and Privacy

Open Source and Incident Response

How to Create a Windows El Torito Bootable CD/DVD-ROM

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

CBMR for Linux v6.2.2 User Guide

Chapter 8 Types of Utility Programs and Operating Systems. Discovering Computers Your Interactive Guide to the Digital World

Acronis Disk Director 11 Advanced Server. Quick Start Guide

Tivoli Storage Manager Lunch and Learn Bare Metal Restore Dave Daun, IBM Advanced Technical Support

Symantec NetBackup Getting Started Guide. Release 7.1

Acronis True Image 2015 REVIEWERS GUIDE

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

2.5" XTreme Files OS & Data Backup/Restore User Manual Please read the Instruction manual before using the XTreme Files (X Series) 1.

Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By:

Getting Started with Paragon Recovery CD. Quick Guide

Chapter 8 Operating Systems and Utility Programs

Operating System Installation Guidelines

Hacking Database for Owning your Data

EZblue BusinessServer The All - In - One Server For Your Home And Business

PARALLELS SERVER BARE METAL 5.0 README

Using Symantec NetBackup with Symantec Security Information Manager 4.5

USB 2.0 Flash Drive User Manual

XTreme Files OS & Data Backup/Restore User Manual Please read the Instruction manual before using the XTreme Files (F Series) 1.

Interested in learning more about security? Why Bother About BIOS Security? Copyright SANS Institute Author Retains Full Rights

Acronis Backup & Recovery 11

Backup & Disaster Recovery Appliance User Guide

Windows Domain Network Configuration Guide

Yosemite Server Backup Installation Guide

Protecting Virtual Servers with Acronis True Image Echo

BorderGuard Client. Version 4.4. November 2013

Advanced SUSE Linux Enterprise Server Administration (Course 3038) Chapter 5 Manage Backup and Recovery

Lecture 6: Operating Systems and Utility Programs

Click to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4.

NetWare 6.0 Virtualization

STUDY GUIDE CHAPTER 4

Using iscsi with BackupAssist. User Guide

Dell NetVault Bare Metal Recovery for Dell NetVault Backup Server User s Guide

Installing a Second Operating System

Updates Click to check for a newer version of the CD Press next and confirm the disc burner selection before pressing finish.

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

BackupPC. Network Startup Resource Center

NetWare 4.11 Virtualization

A candidate following a programme of learning leading to this unit will be able to:

Avira Rescue System. HowTo

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

An Embedded Wireless Mini-Server with Database Support

Microsoft Exchange 2003 Disaster Recovery Operations Guide

Recovering Data from Windows Systems by Using Linux

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

Acronis Backup & Recovery 11.5

Lab - Dual Boot - Vista & Windows XP

System Recovery in Next to No Time by Jürgen Heyer

Chapter 8: Installing Linux The Complete Guide To Linux System Administration Modified by M. L. Malone, 11/05

Protecting Virtual Servers with Acronis True Image

Chapter 8 Objectives. Chapter 8 Operating Systems and Utility Programs. Operating Systems. Operating Systems. Operating Systems.

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

How to partition your disk with the parted magic linux livecd

BrightStor ARCserve Backup for Linux

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR

EVault Software. Course 361 Protecting Linux and UNIX with EVault

How to Restore a Windows System to Bare Metal

Remote Unix Lab Environment (RULE)

USB. 16MB~2GB JetFlash. User s Manual

Small Business Server Part 1

Ovation Security Center Data Sheet

COMPUTER FORENSICS. DAVORY: : DATA RECOVERY

HOWTO: Set up a Vyatta device with ThreatSTOP in router mode

Network Client. Troubleshooting Guide FREQUENTLY ASKED QUESTIONS

EMC Backup and Recovery for Microsoft SQL Server 2008 Enabled by EMC Celerra Unified Storage


Intelligent disaster recovery. Dell DL backup to Disk Appliance powered by Symantec

Argon Client Management Services- Frequently Asked Questions (FAQ)

Microsoft Diagnostics and Recovery Toolset 7 Evaluation Guide

Linux Disaster Recovery best practices with rear

User Manual. Copyright Rogev LTD

II. Installing Debian Linux:

Bare Metal Backup And Restore

A+ Practical Applications Solution Key

McAfee Web Gateway 7.4.1

Computing forensics: a live analysis

System Area Manager. Remote Management

EZblue BusinessServer The All - In - One Server For Your Home And Business

Transcription:

Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Security Applications of Bootable Linux CD-ROMs CD-ROM readers have been a part of the standard PC configuration for some time, and CD-R writers are close behind. CD-R writers and CD-R media are becoming increasingly inexpensive. The unit cost of media bought in bulk is low enough to make CD-Rs as disposable as paper cups - use it once and throw it away (a new opportunity for dumpster divers!). They are supplanting floppy disks and Zip disks. Their shelf life is said to be comparable to tapes. This paper skimmed over some of the possible Linux security applications... Copyright SANS Institute Author Retains Full Rights AD

Richard Bajusz GSEC Practical Assignment Version 1.2e Security Applications of Bootable Linux CD-ROMs

Introduction Read-only media has been a standard feature of computing for a long time from the write protection rings on tapes, to notches on 5 ¼ floppies, to jumpers on hard disks. The author s first exposure to read-only media as a security mechanism was several years ago when he first installed Tripwire on a Solaris file server. Tripwire s documentation strongly urged that the file of checksums be stored on read-only media so that an intruder could not modify them. The only read-only medium accessible at the time was the pitifully small 1.44 MB floppy disk. The floppy disk was sufficient to contain the file of checksums, but what if an intruder hacked the tripwire executables to hide his tracks? Clearly, tripwire itself should be stored on read-only media. Why not store the entire operating system on read-only media? This was hard to do. Sure, many SCSI disks had read-only jumpers, but using that feature would require not only rebooting when any Key change fingerprint had to be = made AF19 but FA27 also 2F94 finding 998D a screwdriver, FDB5 DE3D opening F8B5 06E4 up the A169 case 4E46 and twiddling with jumpers. It just wasn t worth the effort. CD-R & Bootable CD-ROMs Today with the advent of CD-Rs, a form of WORM (Write Once, Read Many media), we have the ability to create usefully sized and convenient read-only media. Not only that, most modern PCs can be made to boot from a CD-ROM by a simple BIOS setting. Several vendors have begun selling commercial products that are based on bootable CD-ROMs. One example is the SuSE Linux Firewall on CD. This firewall boots and runs entirely off of a CD-ROM, with its configuration files coming from a floppy disk that can itself be write protected. There is no need for a hard disk at all since logs can be sent via network to a logging host. Assuming an intruder breaks into a firewall such as this, what permanent damage can he do to the firewall it self? No files can be modified, so any damage he might manage to inflict will be gone after a simple reboot of the system. A similar technique can be used for a web server. Imagine a web server with several CD-ROM drives and no hard disks. The server would boot from a CD-ROM, serve static content the other CD-ROMs, and pull any dynamic content necessary from a database server that s behind it s own custom firewall (That s three PCs doing the work of one, but mid-range PCs are cheap, and defense in depth is crucial). The web server could be running Tripwire, or a similar daemon, configured to simply reboot the server at the first sign of an intrusion. The web site could not be defaced. After a power outage the server would reboot itself with no possibility of file corruption. It is possible to create any number of different appliance like networked devices from inexpensive or surplus PCs and custom bootable Linux CD-ROMs. There are tools available for creating bootable Linux CD-ROMs. In order to be bootable, a CD- ROM must conform to the El Torito Bootable CD-ROM specification, which involves placing the image of a boot floppy on the CD-ROM. The details of creating bootable CD-ROMs are beyond Key the fingerprint scope of = this AF19 paper FA27 (see 2F94 Resources 998D FDB5 below DE3D for links F8B5 to the 06E4 Linux A169 CD-Writing-HOWTO 4E46 and Bootdisk-HOWTO). Two very different, yet complimentary, free packages are discussed below as examples of how bootable CD-ROMs can be used as tools in a Linux System Administrator s utility belt.

PLAC: Portable Linux Auditing CD PLAC is a downloadable ISO 9660 image that is under 50MB so it can be burned onto a business card sized CD-R that is small enough carry around in one s shirt pocket or wallet. Business card CDs are becoming a popular means of distributing multi-media brochures, and blank ones can now be found in most large computer stores. PLAC was designed by its creators to reduce their need for a laptop. It is a bootable Linux system containing a variety of security and recovery tools. While it contains useful hardware (Memtest86) and filesystem maintenance (Gpart, Parted, Ext2resize ) tools, it is also an excellent package for forensics and recovery. Forensics & recovery Among the difficulties one faces when investigating a security incident is knowing whether to trust Key the fingerprint tools available = AF19 on the FA27 compromised 2F94 998D system. FDB5 The DE3D intruder F8B5 may 06E4 have A169 replaced 4E46 the existing executables with others designed to cover his tracks, open up backdoors, or destroy data. Will ls really show all the files in a directory? Will tar backup files or delete them? Is simply logging in as root a safe thing to do? One approach to dealing with an untrustworthy system is to remove its hard disks, install them in another system, and mount them on that system in order to examine them. PLAC simplifies this process by allowing the drives to be examined in place. Simply booting any desktop PC off the PLAC CD-ROM provides a known good (uncompromised) Linux environment with which to work. PLAC uses several techniques to pack a lot of Linux into a small space. It starts with a relatively small kernel, and a large number of modules covering most common devices, including SCSI disks, tapes drives, and PCMCIA cards. PLAC uses a 30 MB ramdisk for its root filesystem and a cloop filesystem for /usr. Cloop refers to a filesystem that is stored as a single compressed file on the CD-ROM. This technique allows a 121 MB filesystem to be stored in only 43 MB on the CD-ROM. When PLAC boots it presents the user with the following LILO prompt: Portable Linux Auditing CD PLAC version 2.9.5 Boot Options: linux diskless debug linux-800 diskless-800 memtest linux-1024 diskless-1024 linux-1280 diskless-1280 linux-1600 diskless-1600 Choosing one of the linux options boots the system as described above, with /usr mounted from the CD. If the system has enough memory, one of the diskless options can be used to copy /usr into a larger ramdisk, thereby freeing up the CD-ROM drive for other uses. The size of the ramdisk Key fingerprint can also be = set AF19 manually FA27 with 2F94 the 998D kernel FDB5 parameter, DE3D F8B5 ramdisk=x, 06E4 A169 where 4E46 X is the ramdisk size in KB. The numbers in the list of options refer to the system s video resolution. Specifying the resolution allows PLAC to boot with an appropriate number of text lines on the console. The memtest option runs the excellent Memtest86 utility to test the system s RAM.

When PLAC boots, it searches all IDE and SCSI disks for any partitions with recognizable filesystems, and mounts them read-only. Once the system is booted, and the user has logged in as root with no password, the script net-conf can be run to identify the system s network card, load the correct kernel module, and configure the systems IP settings. The user is presented with a choice of either using a DHCP client, or manually entering the IP configuration. It is probably a good idea to connect the system to a different network, or at least use a different IP address while running PLAC. Now that that the system is up and running PLAC, a full backup of the compromised system should be made. PLAC comes with the ability to write to tapes and CD-Rs making local backups simple. Backing up to remote devices can be done in a variety of ways since PLAC also includes Key fingerprint OpenSSH, = NFS, AF19 SAMBA, FA27 2F94 and 998D Netcat. FDB5 A bit DE3D stream F8B5 backup 06E4 (using A169 dd) 4E46 of all partitions, including swap partitions, along with their md5 checksums is best. CD-R tools are available, allowing backups to CD-ROM, but this is a difficult task as the filesystems to be backed-up may be much larger than the capacity of a CD-ROM. After the backup is out of the way, it is time to examine the system to see what damage may have been done. Beyond the usual Unix utilities, PLAC includes two packages useful for forensics. The first, chkrootkit, can be used to determine if a rootkit has been installed on the system. It works somewhat like a virus scanner, examining a number of commonly trojaned system binaries for known signatures. It can also detect deletions from the lastlog and wtmp files. The other forensics tool is The Coroner s Toolkit (TCT). TCT is a tool for examining unallocated disk space and recovering deleted files. It can also search the swap partition for signs of processes that were running and whether they were SUID. TCT can also generate reports of what files have been created, accessed or modified during a given time frame. Network auditing PLAC also contains a number of tools for network auditing. With PLAC, one could sit down at any networked PC, pop in a CD-ROM, and after a quick reboot, start sniffing packets. Like many security tools, PLAC can be a danger in the wrong hands, but a danger that requires physical access. Among the network oriented tools included with PLAC are: Sniffit A general purpose IP packet sniffer Dsniff A clever sniffing tool that specializes in sniffing switched networks. It can use several techniques to trick switches into sending packet its way. Ettercap A multipurpose sniffer/logger that has may features including password collection. It can also perform arp-poisoning to work on switched networks. MTR (Multi Router Traffic Grapher) A tool that uses SNMP to read traffic counters from routers and generates HTML containing graphical representations network load. Key Nmap fingerprint A stealth = AF19 port FA27 scanner 2F94 and 998D OS FDB5 fingerprinter. DE3D F8B5 06E4 A169 4E46 Arping An ARP level ping utility. It can determine if an IP address is being used on a remote subnet. It can also ping MAC addresses directly. Tcpspy Logs TCP/IP connections by local address, remote address, and user name Hping A custom TCP/IP packet generator/analyzer with a traceroute feature.

There is a lot of capability packed into the tiny PLAC CD-ROM; it also has gcc, perl, several filesystem recovery tools, and even a firewall. The one draw back of PLAC, at the time this paper is being written is its almost complete lack of documentation. The documentation that does exist is out of date and inaccurate. As the project matures, its documentation should improve. There are other bootable CD-ROMs including the Linuxcare Bootable Toolbox (LBT), a more general purpose bootable Linux CD-ROM which contains an X window environment. MkCDrec: Make CD-ROM Recovery An important concern after a security incident, or even a hardware failure, is recovery time. Getting vital systems up and running again as quickly as possible is critical. The management of an organization may consider restoring service more important than containment and eradication of a Key threat. fingerprint There are = AF19 a number FA27 of 2F94 good 998D system FDB5 rescue DE3D tools F8B5 available 06E4 including A169 4E46 PLAC and LBT. They all contain tools for editing and repairing partition tables, boot sectors, and filesystems. However, when using these tools is insufficient or to slow, the system must be restored from backup. Restoring individual files from backup is a simple and straightforward process, but restoring an entire system is more complicated. MkCDrec combines the rescue and backup/restore functions into one tool that simplifies the task of restoring a complete system. Unlike PLAC, mkcdrec is not a bootable CD-ROM image, but it is rather a set of tools for creating a bootable disaster recovery CD-ROM. It creates an El Torito image containing the system s current kernel, kernel-modules, and important executables. This allows the rescue CD-ROM to boot and access whatever unusual hardware the system requires without wasting space for unnecessary kernel-modules. MkCDrec can also efficiently backup Ext2, Ext3, xfs, jfs, ReiserFS, msdos, fat, and vfat filesystems to CD-Rs. How it works MkCDrec comes with a number of tools useful for creating small Linux systems: Busybox A space saving tool intended for embedded Linux applications that combines about 70 common Unix utilities into a single executable ISOLINUX -- A LILO replacement that allows booting from an ISO 9660 filesystem Mkisofs A tool for creating and working ISO 9660 filesystem images Mformat A Part of Mtools that is used to create a bootable floppy image Tinylogin A tiny replacement for login (of course). Some of the recovery tools included are: Parted The GNU partition editor Gpart A tool to reconstruct damaged partition tables Recover A tool for recover deleted files E2salvage A utility to recover data from damaged ext2 filesystems Ext2resize A tool to change the size of an ext2 filesystes. The tools and scripts for making rescue and backup CD-ROMs are tied together with a makefile. Running the command make test in the mkcdrec directory will determine if your system has

all the mkcdrec s prerequisites. If the system has been used to burn CD-ROMs before, chances are the prerequisites will be met. In the worst case, recompiling the kernel may be necessary. To use mkcdrec the user runs make and is presented with a menu: Enter your selection: 1) Rescue CD-ROM only (no backups) 2) Into /home/isofs (to burn on CD-ROM) 3) Enter another path (spare disk or NFS) 4) Enter (remote) tape device Please choose from the above list [1-4]: The Key first fingerprint option only = creates AF19 FA27 a rescue 2F94 CD-ROM, 998D FDB5 while DE3D the other F8B5 three 06E4 options A169 determine 4E46 where backups will be saved. MkCDrec will backup Linux filesystems as compressed tar files, and Microsoft file systems as compressed byte streams. In order improve compression of the msdos, fat and, vfat filesystems, unallocated space is emptied by filling the file system to capacity with a file containing only NUL characters. The file is then deleted before the filesystem is backed up and compressed. In the case of option 2, mkcdrec can split the backup over several CD-Rs. Assuming everything works as intended, the restoration procedure is very simple (an important feature when working under pressure!). The system is booted from the first CD-ROM in the backup set from that point on it runs entirely from a ramdisk. The user can try to resurrect the old system using the utilities provided or run the start-restore.sh script to restore the complete system from scratch. The restore-fs.sh script can also be used to restore a single file system. If restoring onto a fresh hard disk (or disks) mkcdrec is smart enough to provide some flexibility in laying out the partitions, as long as the new partitions are no smaller than the old ones. One can even restore onto a different kind of filesystem. This feature makes mkcdrec an excellent tool for migrating from ext2 to one of the supported journaling file systems. MkCDrec creates a snapshot of the system at a given time, and makes it simple to return to that snapshot. It is probably not practical as a tool for regular backups, but it will get the system to a known good state on top of which the latest routine incremental backups can be restored. As always, the standard advise applies practice the disaster recovery plan before a disaster occurs. Summary CD-ROM readers have been a part of the standard PC configuration for some time, and CD-R writers are close behind. CD-R writers and CD-R media are becoming increasingly inexpensive. The unit cost of media bought in bulk is low enough to make CD-Rs as disposable as paper cups use it once and throw it away (a new opportunity for dumpster divers!). They are supplanting floppy disks and Zip disks. Their shelf life is said to be comparable to tapes. This paper skimmed over some of the possible Linux security applications of CD-ROMs, and discussed Key fingerprint two projects = AF19 in some FA27 detail. 2F94 The 998D resources FDB5 DE3D section F8B5 below 06E4 contains A169 links 4E46 to more information about some of the tools mentioned in this paper, as well as some related projects not mentioned. The number of tools intended to assist in the creation of bootable CD-ROMs is

growing. The author hopes this paper will inspire the reader to think of more creative uses for CD-ROMs in the field of security. References Constructing a Bootable CD. June 6, 1995 Phoenix Technologies http://www.phoenix/com/platss/pdfs/wp-bootcd.pdf Darwe, Mohammed. The Linux Bootdisk HOWTO, section 10: Creating bootable CD-ROMs The Linux Documentation Project http://www.linuxdoc.org/howto/bootdisk-howto/cd-roms.html Microsoft Support Services How to Create an El Torito Bootable CD-ROM. August 10, 2001 http://support.microsoft.com/support/kb/articles/q167/6/85.asp Cohen, Fred. Managing Network Security: Bootable CDs August 2001. http://www.all.net/journal/netsec/2001-08.html Willer, Lori. Computer Forensics. May 4, 2001 http://www.sans.org/infosecfaq/incident/comp_forensics2.htm Wagner, Mike. The Coroner s Toolkit: A handy Suite of Utilities. December 13, 2001 http://www.sans.org/infosecfaq/threats/coroners_toolkit.htm Danielle, Lora. Introduction to dsniff. June 1, 2001 http://www.sans.org/infosecfaq/audit/dsniff.htm Trumper, Winfried. CD-Writing HOWTO. The Linux Documentation Project http://www.linuxdoc.org/howto/cd-writing-howto.html Knopper, Klaus. Building a Self-Contained Auto-Configuring Linux System on an ISO9660 Filesystem. http://www.knopper.net/knoppix/knoppix-als2000-paper-html The SANS Institute. Incident Handling Step by Step. Version 1.5. May 1998 Resources PLAC Key fingerprint http://sourceforge.net/projects/plac = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 MkCDrec http://mkcdrec.sourceforge.net Busybox http://busybox.lineo.com ISOLINUX http://syslinux.zytor.com/iso.php LNX-BBC http://www.lnx-bbc.org

SuSE Linux Firewall on a CD http://www.suse.com/us/products/suse_business/firewall Linuxcare Bootable Toolbox http://lbt.linuxcare.com Partition Image http://www.partimage.org Gpart http://www.stud.uni-hannover.de/user/76201/gpart Chkrootkit -- http://www.chkrootkit.org Ext2resize http://ext2resize.sourceforge.net Parted http://www.gnu.org/software/parted/parted.html Memtest86 http://www.memtest86.com

Last Updated: August 19th, 2016 Upcoming SANS Training Click Here for a full list of all Upcoming SANS Events by Location SANS Bangalore 2016 Bangalore, IN Aug 22, 2016 - Sep 03, 2016 Live Event SANS Chicago 2016 Chicago, ILUS Aug 22, 2016 - Aug 27, 2016 Live Event SANS Virginia Beach 2016 Virginia Beach, VAUS Aug 22, 2016 - Sep 02, 2016 Live Event SANS Adelaide 2016 Adelaide, AU Sep 05, 2016 - Sep 10, 2016 Live Event SANS Brussels Autumn 2016 Brussels, BE Sep 05, 2016 - Sep 10, 2016 Live Event SANS Northern Virginia - Crystal City 2016 Crystal City, VAUS Sep 06, 2016 - Sep 11, 2016 Live Event SANS Network Security 2016 Las Vegas, NVUS Sep 10, 2016 - Sep 19, 2016 Live Event SANS ICS London 2016 London, GB Sep 19, 2016 - Sep 25, 2016 Live Event SANS London Autumn London, GB Sep 19, 2016 - Sep 24, 2016 Live Event MGT517 - Managing Security Ops San Diego, CAUS Sep 26, 2016 - Sep 30, 2016 Live Event Security Leadership Summit Dallas, TXUS Sep 27, 2016 - Oct 04, 2016 Live Event SANS Seattle 2016 Seattle, WAUS Oct 03, 2016 - Oct 08, 2016 Live Event SANS Oslo 2016 Oslo, NO Oct 03, 2016 - Oct 08, 2016 Live Event SANS DFIR Prague 2016 Prague, CZ Oct 03, 2016 - Oct 15, 2016 Live Event SANS Baltimore 2016 Baltimore, MDUS Oct 10, 2016 - Oct 15, 2016 Live Event SANS Tokyo Autumn 2016 Tokyo, JP Oct 17, 2016 - Oct 29, 2016 Live Event SANS Tysons Corner 2016 Tysons Corner, VAUS Oct 22, 2016 - Oct 29, 2016 Live Event SANS San Diego 2016 San Diego, CAUS Oct 23, 2016 - Oct 28, 2016 Live Event SANS FOR508 Hamburg in German Hamburg, DE Oct 24, 2016 - Oct 29, 2016 Live Event SANS Munich Autumn 2016 Munich, DE Oct 24, 2016 - Oct 29, 2016 Live Event SOS SANS October Singapore 2016 Singapore, SG Oct 24, 2016 - Nov 06, 2016 Live Event Pen Test HackFest Summit & Training Crystal City, VAUS Nov 02, 2016 - Nov 09, 2016 Live Event SANS Sydney 2016 Sydney, AU Nov 03, 2016 - Nov 19, 2016 Live Event SANS Gulf Region 2016 Dubai, AE Nov 05, 2016 - Nov 17, 2016 Live Event SANS Miami 2016 Miami, FLUS Nov 07, 2016 - Nov 12, 2016 Live Event European Security Awareness Summit London, GB Nov 09, 2016 - Nov 11, 2016 Live Event SANS London 2016 London, GB Nov 12, 2016 - Nov 21, 2016 Live Event Healthcare CyberSecurity Summit & Training Houston, TXUS Nov 14, 2016 - Nov 21, 2016 Live Event SANS Alaska 2016 OnlineAKUS Aug 22, 2016 - Aug 27, 2016 Live Event SANS OnDemand Books & MP3s OnlyUS Anytime Self Paced

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information