The most trusted source for computer security training, certification and research.

select a course
Houston, TX - October 29 - November 3, 2007
Global Information Assurance Certification

Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota

SECURITY 502

Perimeter Protection In-Depth

Monday, October 29, 2007 - Saturday, November 3, 2007
Chris Brenton, SANS Faculty Fellow
6 CPE Credits per day

This course is a highly technical hands-on saturation of everything you need to know in order to design, deploy and maintain a secure perimeter. Over the last six months this course has been extensively rewritten with input provided by literally hundreds of professionals in the field. The result is a building block approach that brings you up from the idiosyncrasies of TCP/IP to creating your own automated alerting systems. Since most people gain a better understanding though hands on knowledge, over 25% of the class time is spent performing labs that give you real world experience with the tools you can use to better secure your network. You'll even work with some of the tools that are considered to be hostile in nature in order to gain a better understanding of what is required to fully lock down your environment.

Many attacks are based on bending the rules of network communications. With this in mind, the course starts off by giving you an in-depth understanding of IP and its transports. Tools are introduced to better understand traffic flow as well as the unique communication characteristics of different operating systems. We then build on this knowledge to describe how this traffic flow can be controlled at both the header and the payload level. Concepts like packet filters, proxy firewalls, intrusion detection, intrusion prevention, etc. are introduced and labs are conducted in order to better understand the underlying core technology.

From there, we move into securing the systems that are exposed to Internet access as well as the tools you can use to simplify that task. Concepts like vulnerability assessment, auditing and centralize logging and alerting are also covered in-depth in order to ensure our perimeter remains secure. Encryption, authentication and VPN technology is also covered so we can securely permit our remote and wireless users into the network. Hands-on labs are performed so you are empowered to immediately apply these concepts when you return to the office. Finally, the concept of performing a forensic analysis is covered just in case the worst does occur. Again, we look at the tools you can use to help simplify this process.

In short, this course takes a defense-in-depth approach to locking down a perimeter. Every layer in that defense is covered in order to ensure that your perimeter will provide maximum protection for your organization's resources. A strong focus is placed on hands on time with the tools you can use to complete this task.

PREREQUISITE
You must possess at least a working knowledge of TCP/IP and Hex (see: http://www.sans.org/conference/tcpip_quiz.php to test your TCP/IP and Hex basics knowledge).

  • Who Should Attend:
    • Individuals that need to manage and/or maintain the security of their network
    • Consultants or project members that are charged with deploying publicly accessible systems or perimeter security devices
    • Security professionals that wish to fill in the gaps in their understanding of network security
    • Individuals that understand the theory behind network security, but want to be able to apply it with hands-on experience
  • A Sampling of Topics
    • IP Stimulus/Response and Fragmentation
    • Complex IP Transports and Services
    • TCPdump, WINdump, Ethereal and Other Sniffers
    • Business Needs vs. Security
    • Static Packet Filtering
    • Stateful Packet Filtering and Inspection
    • Proxies
    • In-depth Coverage of Popular Firewall Products
    • Implementing Security with Cisco Routers
    • Intrusion Detection
    • Centralized Logging
    • Firewall Log File Analysis
    • Log File Alerting
    • IPSec, SSL, and SSH
    • Designing a Secure Perimeter
    • Cool Tools
    • Network and Host Based Auditing

Consistently some of the best raining available. It is apparent that SANS updates their course content and SANS instructors are established experts in the field.
-Ryan Macfarlane, FBI

Author Statement

One of the things I love seeing in my students is the little light bulbs go off over their heads. I think a lot of people walk into the class thinking "Hey I've been running a PIX or Firewall-1 firewall for a few years, I already know this perimeter stuff" and they are blown away by how much they learn. A single line of defense was cool 8 years ago. Today, attackers as well as their exploits are so sophisticated that a single line of security is no longer up to the task. In this class students learn about each of the layers that can be implemented to keep the attackers at bay. I've recently added to the course a ton of hands-on labs. I think this really helps to solidify the student's comfort zone with each technology. You learn about IDS and then immediately go hands-on with it in class. You learn about vulnerability checking and again, setup a scanner in class and start checking the reports. I think in many ways this is probably the most difficult SANS class to master, as the breadth of knowledge learned is so diverse. Each technology is a required skill however if you are going to lock down your organization's perimeter.
- CHRIS BRENTON