Educause Security Discussion mailing list archives
Registration Open for SEC433 Mac OS X Security Essentials Interactive Video Conferencing at Univeristy of Virginia, July 31 - August 1, 2008
From: "Peterman, Martin (mdp4s)" <mdp4s () ESERVICES VIRGINIA EDU>
Date: Mon, 14 Jul 2008 15:03:03 -0400
Class: SEC433 Mac OS X Security Essentials Date: July 31 - August 1, 2008 Time: 9am EDT - 5pm EDT Location: Interactive Video Conf. (IVC) hosted at VA Tech (UVa site - Zehmer Hall) Instructor: David Hoelzer List Price: $2,014 EDU/State/Local Price: $500 (save 75%) Registration site: https://www.sans.org/registration/ivc.php?lid=13113 Check the University of Virginia button to attend the event at UVa. Course overview site: http://www.sans.org/training/description.php?tid=2277 David Hoelzer's Bio: Since 1985, David has had almost any position that you can imagine in the information technology field, ranging from programmer analyst up to chief information security officer. He has been teaching for SANS since 1999, managing and authoring the majority of the audit related materials for SANS in addition to some of the secure coding courses from SANS-SSI. David currently serves as the Chief Information Officer for Enclave Forensics and the Director of Consulting for Cyber-Defense, a subsidiary of Enclave Forensics. He is a research fellow with the Internet Forensics Lab and an adjunct research associate with the UNLV Center for Cybersecurity Research. Additional info by way of SANS: Q. Apple has released a new publication a 240-page Security Guide - "MacOS X Security Configuration for Version 10.5 Leopard:" (http://images.apple.com/server/macosx/docs/Leopard_Security_Config_20080530.pdf) My question is, does this class incorporate this content -- and in a minor or major way? I would want to know what percentage of the content focuses on alignment with NIST standards (FIPS 199, FIPS 200, SP 800-53), that we are increasingly having to comply with, especially related to research with ".gov" organization (VA, NIH, FDA). Is he is planning to spend a significant amount of time on Leopard (what percent of that content will be based on the new Mac OS X Security Configuration for Version 10.5 that was developed by Apple with assistance from NIST? Are the 'security essentials' that will be proposed/promoted in the class are in alignment with NIST 'Recommended Security Controls' (SP 800-53) - and/or the new Apple MacOS X Security Configuration? A. Charles Edge, the author of SANS SEC433 course, wrote that since the Security Guide was released 2 weeks ago (early June) and he'll reference that guide throughout his courseware. Much of the course is actually on the underlying differences from a security perspective between the Mac and other operating systems. Many of the concepts discussed in the Security Guide are covered but aspects like defining PKI and the checklists aren't (although checklists are a great idea). However, many aspects are covered (some in more detail than in the Guide) like LDAP, POSIX vs. ACLs, System Preferences, FileVault, Mail Security (we cover Entourage and Mail.app instead of just Entourage), SSH, Antivirus, etc. The class focuses on all aspects of OS X security and David Hoelzer, the instructor, is planning to spend a significant amount of time on Leopard specifically. David added that he is planning to supplement the course with lots of examples and guidance drawn directly from the recently released Leopard security guide released by Apple and which is aligned with the NIST recommended controls. There is a little Tiger in there but it's mostly Leopard. Marty Peterman, CISSP IT Security and Policy Office University of Virginia 108 Cresap Road PO Box 400217 Charlottesville, VA 22904 434.243.4909
Current thread:
- Registration Open for SEC433 Mac OS X Security Essentials Interactive Video Conferencing at Univeristy of Virginia, July 31 - August 1, 2008 Peterman, Martin (mdp4s) (Jul 14)