Computer Security Resources

Computer Security is concerned with the risks related to computer use, and ensures the availability, integrity and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment.

This document is your guide to SANS paid and free Computer Security resources.

SANS Paid Computer Security Resources

SECURITY 301: Intro to Information Security

SANS is the MIT of Information Security and this introduction certification track is the fastest possible way to get up to speed on the terminology and concepts of information security. Understand the threats and risks to information resources and identify generally accepted best practices. Master risk management, security management, access controls, attacks and counter measures, secrecy and privacy, along with auditing concepts. We then move to the basics of computers and networking as we discuss the Internet Protocol, routing, Domain Name Service, and network devices along with a plethora of security considerations. After covering the basics of cryptography, we look at policy as a tool to effect change in their organizations.

SECURITY 351: Stay Sharp: Computer and Network Security Awareness

The Stay Sharp Computer and Network Security Awareness course is offered for the individual just beginning to explore computer security. This course is designed to teach participants with little to no security experience important concepts and technology that every Internet user should know. In this class, you will learn about many different threats, antivirus programs, firewalls, anti-spyware, identity theft, Phishing, how to create strong passwords and more. This course will raise your awareness and give you the basic skills you need to protect yourself from various threats on the Internet whether you are at home, on the road or at work.

SECURITY 401: SANS Security Essentials

Maximize your training time and turbo-charge your career in computer security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.

SECURITY 505: Securing Windows

The Securing Windows track is a comprehensive curriculum for securing Windows networks. This program brings the confusing complexity of Windows security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec. This track provides best practices for security, hands-on exercises, extensive documentation/screen shots, a CD-ROM of security scripts, and an objective account of Windows security (neither bashing Microsoft nor toeing the party line), designed to prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exams, and many of the MCSE:Security exams as well.

SANS Free Computer Security Resources

• Glossary of Computer Security Terms
• Essential Security Actions
• The SANS Security Policy Project
• Top Cyber Security Risks
• The Ten Most Important Security Trends of the Coming Year

Here are some papers on Computer Security you may want to read:

Innovative Technologies and Guidelines Securing 21st Century Telecommunications

This paper provides a review of how standards and models such as NIST, ISO, and CMM have been employed in the development of secure 21st Century telecommunications, along with a brief analysis behind the integration history of the standards, guidelines, and innovative functional capabilities these technologies utilize. As will be demonstrated, the demand for secure telecommunications regarding present and future secure environments provide interesting insights into the next generation of information and telecommunications security.

Developing a Security-Awareness Culture — Improving Security Decision Making

This paper examines important facets of individual and group decision-making and provides prescriptive guidance on how we may improve the quality of our decision-making processes, leading to better security decisions.

Secure Configuration of Apache in the Mac OS X Environment

This paper discusses show how to secure both the Mac Operating System (OS X) and Apache, so that it can be used as an Internet facing web server, and also lists the shortcomings of the default configuration of OS X and Apache on OS X from a security perspective.

Sudo for Windows (sudowin)

Sudo for Windows, or sudowin, was developed in the summer of 2005 in order to provide Sudo functionality to the Microsoft Windows operating system. This paper reviews the history of sudowin, its implications and use in practical application, how it is designed, and most importantly, how everyday users can obtain, install, and begin using sudowin.

Additional Resources

• SANS Information Security Reading Room
• It Security Resources
• Information Security Resources
• Network Security Resources
• Security Awareness Resources

To learn more about the latest threats to Computer Security, please visit:
The Internet Storm Center