SANS Institute

the most trusted source for computer security training, certification and research

select a course

Generic course descriptions, individual event descriptions may vary. Be sure to read the course description for exact training event you're interested in carefully.
>> Upcoming Events for this Course <<
Sort Within Discipline By: Popularity | Title | Course Number

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
23,593

I learned more here in six days than I could in a year in terms of breadth of knowledge.
-Stephen Yuhas, TESSCO Technologies

Security 502

6 Day Course

(Portal Account Required)

(SelfStudy Available)

Upcoming Events

SANS OnDemand

SANS OnSite

GIAC Certification Available

SECURITY 502

Perimeter Protection In-Depth

6 CPE Credits per day

Laptop Required

This course is a highly technical hands-on saturation of everything you need to know in order to design, deploy, and maintain a secure network. The course is built using a building block approach that brings you up from the idiosyncrasies of TCP/IP to creating your own automated alerting systems. Since most people gain a better understanding through hands-on knowledge, over 25% of the class is spent performing labs that give you real-world experience with tools you can use to better secure your network. You'll even work with some tools that are considered to be hostile in nature in order to gain a better understanding of what is required to fully lock down your environment.

Many attacks are based on bending the rules of network communications. With this in mind, the course starts off by giving you an in-depth understanding of IP and its transports. Tools are introduced to better understand traffic flow as well as the unique communication characteristics of different operating systems. We then build on this knowledge to describe how this traffic flow can be controlled at both the header and the payload level. Concepts like packet filtering and proxy firewalls, network-based intrusion detection and prevention, etc. are introduced and labs are conducted in order to better understand the underlying core technology.

From there, we move into how to secure systems that are exposed to Internet access as well as the tools you can use to simplify that task. Concepts like host-based intrusion detection and prevention, vulnerability assessments, auditing, and centralized logging and alerting are also covered in depth in order to ensure our perimeter remains secure. Encryption, authentication, and VPN technologies are covered so we can securely permit our remote and wireless users into the network. Network access control is introduced so we can secure the network behind the perimeter as well. Hands-on labs are performed so you are empowered to immediately apply these concepts when you return to the office. Finally, the concept of performing a forensic analysis is covered just in case the worst does occur. Again, we look at the tools you can use to help simplify this process.

In short, this course takes a defense-in-depth approach to locking down a network. Every layer in that defense is covered in order to ensure that your perimeter will provide maximum protection for your organization's resources. A strong focus is placed on hands-on time with the tools you can use to complete this task.

Prerequisite
You must possess at least a working knowledge of TCP/IP and Hex (see: http://www.sans.org/conference/tcpip_quiz.php ""> http://www.sans.org/conference/tcpip_quiz.php " target="_blank"> http://www.sans.org/conference/tcpip_quiz.php to test your TCP/IP and Hex basics knowledge).

Author Statement

One of the things I love seeing in my students is the little light bulbs that go off over their heads. I think a lot of people walk into the class thinking, "Hey - I've been running a Check Point or a Cisco firewall for a few years, I already know this perimeter stuff" and they are blown away by how much they learn. A single line of defense was fine in the 1990s. But today, attackers as well as their exploits are so sophisticated that a single line of security is no longer up to the task. In this class students learn about each of the layers that can be implemented to keep the attackers at bay. I've recently added to the course a ton of hands-on labs. I think this really helps to solidify the student's comfort zone with each technology. You learn how an attacker can hijack a VPN session and then go hands on with it in class. You learn how an attacker can setup a backdoor via a reverse HTTP session and again, setup a Trojan in class and start controlling a system located behind a firewall. I think in many ways this is probably the most difficult SANS class to master, as the breadth of knowledge learned is so diverse. Each technology is a required skill, however, if you are going to lock down your organization's perimeter.

- Chris Brenton

SECURITY 502 :: Perimeter Protection In-Depth
SANS 2009	Orlando, FL	March 02, 2009 - March 09, 2009
SANS Cyber Defense Initiative 2008	Washington, DC	December 10, 2008 - December 16, 2008
SANS Security West 2009	Las Vegas, NV	January 24, 2009 - February 01, 2009
SANS London 2008	London, United Kingdom	December 01, 2008 - December 09, 2008
Mentor Session - Security 502	Riverdale, UT	December 09, 2008 - February 24, 2009
Mentor Session - Security 502	Tampa, FL	March 24, 2009 - May 26, 2009
SANS Secure Europe 2009 - Amsterdam	Amsterdam, Netherlands	May 11, 2009 - May 23, 2009
SANS OnDemand	Online	Anytime
SANS SelfStudy	Books and .MP3s Only	Anytime