Global Information Assurance Certification Paper - GIAC Certifications
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Global Information Assurance Certification Paper
Copyright SANS Institute
Author Retains Full Rights
This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.
Interested in learning more?
Check out the list of upcoming events offering
"Security Essentials Bootcamp Style (Security 401)"
at http://www.giac.org/registration/gsecs.
ht
rig
ull
f
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
Penetration Testing
rr
“The Third Party Hacker”
ho
By: A ut
Jessica Lowery
5,
00
Information Security Specialist
Version: 1.3
-2
February 2002
00
20
te
tu
sti
In
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Penetration Testing: The Third Party Hacker
© SANS Institute 2000 - 2005 Author retains full rights.Penetration testing is the process of probing and identifying security vulnerabilities
in a network and the extent to which they might be exploited by outside parties. It is a
necessary tool for determining the current security posture of an organization. A new
s.
CIO, for example, might order a penetration test to get a quick understanding, or "sketch,"
ht
of potential problem areas in a local area network. Such a test should determine both the
rig
existence and extent of any risk. Target Companies expect third party vendors who
perform penetration testing to be very honest with them, but this has proven not to be the
ull
case in every instance. Moreover, the risks associated with use of third-party testing
organizations are somewhat different from those associated with the usual issues of
f
ins
penetration of the system from outside. This presentation is intended to help management
Key
makefingerprint = AF19
the right choice FA27
when 2F94 998Dpenetration
outsourcing FDB5 DE3D F8B5 06E4 A169 4E46
testing.
eta
Because maintaining the security of information systems is important in any
rr
financial institution, many such organizations are undertaking tests of the ability of
outsiders to penetrate those systems utilizing third parties from outside the system. Such
ho
tests, however, carry their own risks, and both the institution and the public should
ut
understand these risks. Any organization contemplating a penetration test against a
production network should understand the serious issues surrounding the decision and
A
thoroughly analyze the risks associated with such a test. Because risk is a function of both
5,
threat and vulnerability, an effective risk analysis will reveal the extent of both. Just
00
remember that without both threat and vulnerability, there is no risk. (3,7)
-2
Risk = Threat x Vulnerability
00
20
Example scenario of penetration testing related to risk analysis
te
Corporate Trade Secrets Revealed to a Third Party Vendor = (% Loss in Corporate Revenue + % Exposure Rate)
tu
After completing a risk analysis for penetration testing, senior management should
sti
focus on planning the test and deciding what limits they will place on access to their
In
network by any third-party providers of penetration-testing services. But first, for
purposes of this analysis, it will be helpful to discuss why companies choose to outsource
NS
penetration testing. (7)
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2005 2 Author retains full rights.Why Outsource?
Companies choose to outsource penetration testing for a number of reasons:
s.
ht
ü To determine the extent of system vulnerability not detected through in-house
audits.
rig
ull
ü To show customers how safely they can perform e-commerce transactions
over the World Wide Web. Marketing departments frequently drive such
f
demonstrations.
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
ü As a prelude to restructuring the security system and enhancing the perceived
value of institutional integrity for customers.
rr
ho
ü Time constraints in performing such a restructuring are frequently involved in
ut
the decision to outsource penetration testing. (3,4,9)
A
5,
What to Look For When Evaluating Third-Party Vendors
00
-2
Does the testing organization ask to see the company’s security policy?
00
Those evaluating third-party vendors should note whether those organizations
20
being considered have explored and analyzed in depth the company’s security policy to
te
determine company standards or best practices in making their proposal. This should
occur before any negotiation between the two organizations takes place. (3)
tu
sti
Does the penetration-testing group have liability insurance to cover themselves?
In
All penetration-testing organizations should have liability insurance sufficient to
NS
cover the costs associated with the risk of losing a client’s proprietary information and
SA
any potential loss in revenue that might result from unexpected downtime caused by their
activities. Management must also assure the company can recover from a loss of data
©
during testing by having in place adequate incident-response and disaster-recovery plans
that have been developed and verified before testing begins. (11)
During the initial meetings with management of the prospective penetration-
testing team, management should pay close attention to the team leader to see if he or she
asks fingerprint
Key for a designated
= AF19“cutout” in the998D
FA27 2F94 targetFDB5
organization.
DE3D F8B5A cutout
06E4is A169
essentially
4E46the
company’s in-house monitor over the course of the test. This person should be
completely aware of how the test will be conducted, the time frame for the test, and how
deeply the tests will probe the target system. This person must have the authority to
© SANS Institute 2000 - 2005 3 Author retains full rights.intervene during the test, both to save engineers time if questions arise and to stop an
event from occurring if it in itself poses an unacceptable risk to the company. (8,11)
Why Does the Organization Feel They are the Right Company for the Job?
s.
ht
At the end of the first meeting with representatives of a prospective vendor, it is a
rig
good idea to ask them why is why their company is the best choice for the job. Their
answer should say several things:
ull
ü The prospective vendor should be able to demonstrate that their organization
f
ins
has well-qualified and trained engineers with at least five to ten years of
Key fingerprint = AF19inFA27
experience 2F94
network 998D FDB5 DE3D F8B5 06E4 A169 4E46
security.
eta
ü The prospective vendor should be able to show that their performance ratings
rr
are quite high when compared to those of competitors.
ho
ut
ü They should be able to point to a number of satisfied customers.
A
ü Ideally, the prospective vendor will have worked on similar projects for
5,
companies with similar security issues.
00
-2
Does the organization perform a bait and switch once the contract is drawn up?
00
20
“Bait and switch,” in this context means, “Does the company sell their services
using highly skilled and trained personnel, only to employ unskilled engineers when the
te
work is actually performed?” Management should also determine whether the testing
tu
organization employs hackers as part of its testing team. A hacker is a person who breaks
sti
into, attempts to break into, or use, a computer network or system without authorization,
for personal amusement or gratification. Hackers often do not probe networks with
In
malicious intent. However, hiring hackers is an insult to legitimate security
NS
professionals everywhere, and it degrades public confidence in the profession's
integrity. Hackers know nothing that a well-trained security engineer will not also
SA
know, and you will not gain anything from hiring them provided the rest of the
team is competent. (2)
©
What questions does the penetration-testing team ask about the targeted host?
Most penetration tests on an internal network should require only the IP addresses
Key
of thefingerprint = AF19
hosts being FA27
targeted. 2F94
They 998D
might FDB5
also DE3D
inquire howF8B5
those06E4
hostsA169 4E46 over
are deployed
the LAN or WAN and what countermeasures are presently in place to guard against
attacks (i.e. network diagrams, firewall configurations, IDS.) In general, a precise audit
does not require knowledge of network configuration resources, and that information
© SANS Institute 2000 - 2005 4 Author retains full rights.should not be given out unless the vendor makes a strong case that the testing team
actually needs them. Hackers usually do not have the advantage of obtaining proprietary
information before they launch an attack, so withholding that information usually
simulates the actual conditions faced by real hackers more accurately than if the testers
were in possession of detailed system information. Balanced against this, however, is the
s.
consideration that withholding proprietary information means the test may take more time
ht
and be more costly to the company. It may actually be the case that if proprietary
rig
information is given to the testing team at the beginning of the study, the testing team can
focus on giving a more complete assessment of overall system security. Once again the
ull
target company must balance risks and validity issues. (3,8,10)
f
ins
Key
Whatfingerprint
should be= off
AF19 FA27
limits 2F94the
during 998D FDB5 DE3D F8B5 06E4 A169 4E46
test?
eta
In order to get a complete view of what could really happen if the company was
rr
attacked, all systems ideally should be included in the test. But even though this gives
ho
management the most information, it also exposes the company to additional risk, hence
raising a “risk verses validity” issue. For example, would Company ABC really want to
A ut
risk having a production OFX server go down during a penetration test and possibly lose
a significant percentage of daily revenue? The person in charge of the penetration test
5,
should sit down with key personnel before testing begins and decide exactly the nature of
00
the risks and whether adequate recovery systems are in place. Balancing such risks should
be the responsibility of top management and not that of a third party. (3,8,9)
-2
00
How many clients does the company have?
20
When evaluating penetration-testing organizations, it is always good practice to
te
ask for references from previous clients. Tell them that management will be calling on
tu
those references. Management should require that the testing company provide a list of
sti
clients who have given them explicit permission to be used as references, to be sure, but if
it is possible, should also ask for a more complete list of customers who can be checked at
In
random.
NS
SA
Can the testing organization find a known vulnerability early in the test?
A potential customer could also set up a fake honey-pot, or known security
©
vulnerability, in their DMZ before the actual testing is scheduled and see whether the
testing organization finds it fairly early in the test. The testing company’s performance on
this test will provide an important gauge of the testing organization’s level of security is
and how well they can interpret their findings.(7)
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Does the prospective vendor tend to use intimidating tactics?
© SANS Institute 2000 - 2005 5 Author retains full rights.Management should not let a third party use intimidation. The testing organization
is essentially the target company’s employee during the project. Both company security
and the project manager’s job are on the line. If a testing company insists that employees
of the target company “stay out of the way” during the project, find another prospect.
The testing company should actively seek the involvement of the target company’s staff
s.
both to ensure the integrity of the test and to reduce the vulnerability of both
ht
companies.(11,3)
rig
ull
Can the prospective vendor respond adequately to technical questions?
f
Management should be prepared to ask technical questions of any vendor
ins
presenting
Key a proposal.
fingerprint = AF19For example,
FA27 managers
2F94 998D FDB5should
DE3D ask the testing
F8B5 company
06E4 A169 4E46specifically
eta
about the tools they use on the platform at the target company and how many tests will
actually be used against it. If the target shop runs mainly UNIX, and the vendor says,
rr
“Well I thought this company was mainly a Windows shop,” then managers should be
ho
prepared to probe more deeply to be sure they have the technical competence to work on
the target company’s platform. After being satisfied that the vender is sufficiently familiar
A ut
with the target platform, interviewers might try probing them with other related technical
questions such as, “Are there any tools that you are using that contain proprietary code
5,
that could harm our production environment?” It is a good idea to be aware of the many
00
enumeration tools that testing companies currently use. Here are a few of the more
commonly used tools:
-2
00
Nmap – A very fast and user-friendly port scanner for multiple or single hosts on a
20
network.
Nmap FYI:
te
tu
ü Freeware – Nmap is available free on the internet at
sti
http://www.insecure.org/nmap/nmap_download.html
In
ü Compatible with many OSs – Nmap supports Windows, Linux,
NS
Open/Free/Net/BSD, Macintosh, Solaris, HP-UX
SA
ü Scalable – Nmap can apply ping sweeps, perform port scans, and sketch out
©
networks who are behind firewalls all in one tool. (6)
Nessus – An intense security-auditing tool that looks for numerous security holes in a
network.
Nessus FYI:
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
ü Freeware – Available on the Internet at
http://www.nessus.org/
© SANS Institute 2000 - 2005 6 Author retains full rights.ü Uses client-server architecture in which the daemon (Nessusd) runs on a
UNIX-based machine and the client portion that provides the user interface
could run on a Unix or Windows-based operating system.
s.
ü Very Scalable – Nessus gives you the right to their source code and you can
ht
create external plug-ins to suit your scanning needs. Nessus has the ability to
rig
search against many exploitable families that have been grouped together such
as the category of “gain root remotely.”(5)
ull
Network Supervisor by 3Com – A very powerful SNMP based network-management
f
tool used to map out IP-connected devices in a graphical, easy-to-use format.
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Advantages of Network Supervisor:
eta
rr
ü Shareware: Available at 3com.com. To extend use beyond 60 days, you may
register online for a permanent license key.
ho
http://www.3com.com/
ut
ü Scalability: Network Supervisor can support over 2000 IP-connected network
A
devices.
5,
00
ü User Friendly: NS comes with a nice graphical interface that allows testers to
-2
easily view what is going on of the network in question.
00
ü Presents a network map either grouped by IP subnet or as a flat Layer 2 view
20
of the entire network.
te
tu
ü Users may specify what subnet to look for and the ability to discover
boundaries in a network on various ports. (1)
sti
In
On What Level Will the Penetration Test Try to Expose Vulnerabilities?
NS
SA
This concept addresses the level of sophistication of the attacker modeled by the
testing team. Hackers are usually grouped into three levels of sophistication:
©
ü Sport intruder: Usually broken down into subcategories of “novice” (a single-
machine attacker), “crackers” (multiple machine attackers who write their own
cracking tools), and “apprentices” (usually taught by a hacker and use
freeware off the Internet until they are up to writing their own tools).
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
ü Competitive Intelligence: These hackers are usually just trying to gain insight
into the capabilities of a competitor. They might also employ a “packet
sniffer” to monitor traffic from a destination IP address in top management or
© SANS Institute 2000 - 2005 7 Author retains full rights.corporate marketing.
ü Foreign Intelligence: Such attackers attempt to gain information that will be
used by a foreign country or international terrorist organization. For instance,
s.
Osama bin Laden’s top security officer might attempt to create a back door
ht
into a company that is a vendor of security or weapons systems to the United
States government.
rig
Most tiger teams or penetration testers do not go beyond a low- or mid-level
ull
technique to exploit vulnerabilities. It is very uncommon that a penetration testing team
f
can emulate hacker skills of all levels during a predefined period. (11,3,9)
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
Categories of Vulnerability
rr
ü OS specific bugs, exploits, vulnerabilities and security holes
ho
ut
ü Weaknesses in firewall and routers among different brands
A
5,
ü Exploitations of web-server scripts
00
-2
ü Exploitable shares and trusts between systems and files
00
What Type of Reports Should You Get and What Should They Tell You?
20
The obvious answer to this question should be something of this nature. “We,
te
XYZ Testing Company, have conclusive evidence that Company ABC is vulnerable to an
tu
attack of this specific nature,” or, “We, XYZ Testing Company, conclude that Company
sti
ABC is not subject to an attack of a known exploitation or vulnerability.” On the other
In
hand, management should realize that if the testing company does not find that the target
network is free of known vulnerabilities it is not free from risk. New advisories are posted
NS
everyday by the manufacturers of operating systems and also security organizations like
SA
CERT and SANS. (3)
©
Where Will Their Findings Be Stored?
Management should determine that the testing organization is itself secure, and
that both findings and proprietary information will be safely stored. It should not be
stored
Key on active=hard
fingerprint AF19drives,
FA27but should
2F94 998DbeFDB5
on separate
DE3Dmedia
F8B5 (floppy disks4E46
06E4 A169 or CDs, for
example) in a tamper-proof safe. (10)
How Much Should It Cost?
© SANS Institute 2000 - 2005 8 Author retains full rights.Cost is a big factor when determining which penetration testing team to use.
However, remember the old saying, “You get what you pay for.” In most cases it’s like
choosing a Checkpoint firewall over a Cisco brand when Cisco is leading the industry in
data communication technology and is rich in research and development. The cost of
testing should be based on the number of devices being audited and how much auditing is
s.
going to be performed on those devices. The best advice would be to meet with several
ht
vendors, review their backgrounds, and choose the one that best suits the target
rig
company’s needs within realistic budgetary constraints. (3,9)
ull
After the Test
f
ins
After the=audit
Key fingerprint AF19isFA27
over, 2F94
inspect the target
998D FDB5company’s
DE3D F8B5 logs for A169
06E4 IP addresses
4E46
eta
originating from the testing company’s address range. They could be having fun with
proprietary information gained from the target company. Check firewall reports, failed
rr
dialup attempts, and IDS logs for clues that the testing company is still connecting to the
ho
target network. If they accessed any host or computer in the target domain, be sure to
look for backdoors and Trojan horses using freeware such as Nessus. If you trust them
evaluate the network. (3)
A ut
after the test is over, bring them back in after all corrections are made and let them re-
5,
00
In-house Vs Third Party
-2
Now there’s the question of, “Why should I outsource it when there are so many
00
risks?” A highly regarded in-house security department should always have an intrusion-
20
detection specialist who can perform all or most of the functions that could be performed
by a third-party vendor. Training personnel in auditing methods is the best way to stay
te
ahead of the game. Such trained in-house staff will already know how the network
tu
operates and what services are running. Why not just send them to school for auditing
sti
training two to three times a year? The risks associated with third party exposures would
decrease and so would the cost of outsourcing to a third party. Not all will agree with me
In
on this but in most ways it is true. However if there is any doubt as to the knowledge and
NS
skill of your security personnel then outsourcing will be your best option. (3)
SA
Conclusion
©
The intention of this paper was to prepare those who have to make a decision
regarding outsourcing penetration testing. Managers can prepare for this decision in many
ways, but the final decision usually boils down to managing risks. Please take the time
and make a wise decision before allowing a complete stranger to take over your
Key fingerprint
company’s = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
network.
© SANS Institute 2000 - 2005 9 Author retains full rights.s.
The Third Party Checklist
ht
rig
full
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
rr
ho
Aut
5,
00
-2
00
20
te
tu
sti
In
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2005 10 Author retains full rights.ü Assess the risk = Threat x Vulnerability
ü Find vendors that ask to see the company's security policy before they make
s.
any recommendations.
ht
rig
ü Use an established and well-known firm.
ü Deploy a fake honey pot and see if they can detect it.
ull
ü Ask about types of tools used and what operating systems they are used on
f
ins
and how many.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
ü Do they ask for a cutout?
rr
ü Get references, no matter what.
ho
ü Get the proposal in writing.
ut
ü What other services do they promise? (follow-ups etc.)
A
ü Ask to see their certification.
5,
00
ü Do they use the bait and switch technique?
-2
ü Do they employ hackers?
00
ü Meet with the forensic engineers one on one.
20
ü Ask for a security clearance.
te
ü Ask them where will the data be stored after the test is over and for how
tu
long.
sti
ü Be there on site all the time!
In
ü Run a background check on them yourself if there is any doubt.
NS
ü Get what you pay for.
SA
ü Perform follow up checks on their IP address range destined to your
©
network.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2005 11 Author retains full rights.References:
1. 3Com Professional Services “3Com Network Supervisor Integration” URL:
http://www.3com.com/products/en_US/prof_services/infra_solutions/integration/
network_supervisor.html
s.
2. Esec Consulting Services “Penetration Testing Services,” May 2001. URL:
ht
http://www.esec.com.au/ecs/images/pentest_may01.pdf
rig
3. Kevin Glass. Information Security Manager, Colonial BancGroup. Personal
ull
Interview. 3 Jan 2001.
f
4. Mathew Schwartz. "Trust but Verify", February 2001. URL:
ins
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO57532,00.html
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
5. “Nessus”. January 2001. URL:
rr
http://www.nessus.org/intro.html
ho
6. “Nmap” January 2001. URL:
http://www.insecure.org/nmap/
A ut
7. Perri Wilbert. “Getting Serious About Security”, October 2001. URL:
http://security.kingsley.co.za/articles/article3.htm
5,
00
8. Philip Moyer “Penetration Testing: Issues for Management,” March 1998. URL:
-2
http://www.hyperon.com/papers/pen-tst.pdf
00
9. Shane Robinson. MCSE, Georgia Core of Engineers. Personal Interview. 21 Jan
2001.
20
10. Thomas Rude “Knock’n At Your Door”, October 2000. URL:
te
http://www.crazytrain.com/penetration.html
tu
sti
11. “What to Demand from Penetration Testers,” March 1998. URL:
http://www.gocsi.com/penet.htm
In
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2005 12 Author retains full rights.s.
ht
rig
full
ins
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
eta
rr
ho
Aut
5,
00
-2
00
20
te
tu
sti
In
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2000 - 2005 13 Author retains full rights.Last Updated: February 2nd, 2021
Upcoming Training
SANS Secure Japan 2021 Virtual - Japan Standard Feb 22, 2021 - Mar 13, 2021 CyberCon
Time, Japan
SANS Scottsdale: Virtual Edition 2021 , Feb 22, 2021 - Feb 27, 2021 CyberCon
Virtual - Greenwich
SANS London February 2021 Mean Time, United Feb 22, 2021 - Feb 27, 2021 CyberCon
Kingdom
SANS Cyber Security East: March 2021 , Mar 01, 2021 - Mar 06, 2021 CyberCon
Virtual - Singapore
SANS Secure Asia Pacific 2021 Standard Time, Mar 08, 2021 - Mar 20, 2021 CyberCon
Singapore
SANS Secure Asia Pacific 2021 Singapore, Singapore Mar 08, 2021 - Mar 20, 2021 Live Event
SANS Cyber Security West: March 2021 , Mar 15, 2021 - Mar 20, 2021 CyberCon
Virtual - Gulf Standard
SANS Riyadh March 2021 Time, Kingdom Of Saudi Mar 20, 2021 - Apr 01, 2021 CyberCon
Arabia
SANS 2021 , Mar 22, 2021 - Mar 27, 2021 CyberCon
SANS Secure Australia 2021 Canberra, Australia Mar 22, 2021 - Mar 27, 2021 Live Event
Virtual - Central
SANS Munich March 2021 European Time, Mar 22, 2021 - Mar 27, 2021 CyberCon
Germany
Virtual - Australian
SANS Secure Australia 2021 Live Online Eastern Daylight Time, Mar 22, 2021 - Mar 27, 2021 CyberCon
Australia
SANS Cyber Security Mountain: April 2021 , Apr 05, 2021 - Apr 10, 2021 CyberCon
SANS London April 2021 Virtual - British Summer Apr 12, 2021 - Apr 17, 2021 CyberCon
Time, United Kingdom
SANS Autumn Australia 2021 Sydney, Australia Apr 12, 2021 - Apr 17, 2021 Live Event
Virtual - Australian
SANS Autumn Australia 2021 - Live Online Eastern Standard Time, Apr 12, 2021 - Apr 17, 2021 CyberCon
Australia
Virtual - Central
SANS SEC401 (In Spanish) April 2021 European Summer Time, Apr 12, 2021 - Apr 23, 2021 CyberCon
Spain
SANS Cyber Security East: April 2021 , Apr 12, 2021 - Apr 17, 2021 CyberCon
SANS Secure India 2021 Virtual - India Standard Apr 19, 2021 - Apr 24, 2021 CyberCon
Time, India
SANS Baltimore Spring: Virtual Edition 2021 , Apr 26, 2021 - May 01, 2021 CyberCon
SANS Cyber Security Central: May 2021 , May 03, 2021 - May 08, 2021 CyberCon
SANS Security West 2021 , May 10, 2021 - May 15, 2021 CyberCon
Virtual - Central
SANS Amsterdam May 2021 European Summer Time, May 17, 2021 - May 22, 2021 CyberCon
Netherlands
SANS Cyber Security East: May 2021 , May 17, 2021 - May 22, 2021 CyberCon
Virtual - Central
SANS Stockholm May 2021 European Summer Time, May 31, 2021 - Jun 05, 2021 CyberCon
Sweden
Virtual - Central
SANS In French May 2021 European Summer Time, May 31, 2021 - Jun 05, 2021 CyberCon
France
SANS Cyber Security Central: June 2021 , Jun 07, 2021 - Jun 12, 2021 CyberCon
Virtual - Central
SANS Paris June 2021 European Summer Time, Jun 14, 2021 - Jun 19, 2021 CyberCon
FranceYou can also read
