Last Day to Save $250 on SANS Chicago 2014

Mentor SEC401 Session

Minneapolis, MN | Wed Sep 3 - Wed Oct 15, 2014

Class will meet 3 hours per week over 7 weeks.

Security Essentials Bootcamp Style

Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.

Is SEC401: Security Essentials Bootcamp Style the right course for you?

STOP and ask yourself the following questions:

  1. Do you fully understand why some organizations get compromised and others do not?
  2. If there were compromised systems on your network, are you confident that you would be able to find them?
  3. Do you know the effectiveness of each security device and are you certain that they are all configured correctly?
  4. Are proper security metrics set up and communicated to your executives to drive security decisions?

If you do not know the answers to these questions, SEC 401 course will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.

You Will Learn:

  • To develop effective security metrics that provide a focused playbook that IT can implement, auditors can validate, and executives can understand
  • To analyze and assess the risk to your environment in order to drive the creation of a security roadmap that focuses on the right areas of security
  • Practical tips and tricks to focus in on high-priority security problems within your organization and on doing the right things that will lead to security solutions that work
  • Why some organizations are winning and some are losing when it comes to security and, most importantly, how to be on the winning side
  • The core areas of security and how to create a security program that is anchored on PREVENT-DETECT-RESPOND.

Learn to build a security roadmap that can scale today and into the future.

SEC401: Security Essentials Bootcamp Style is focused on teaching you the essential information security skills and techniques you need to protect and secure your organizations critical information assets and business systems. Our course will show you how to prevent your organizations security problems from being headline news in the Wall Street Journal!

"Prevention is Ideal but Detection is a Must."

With the advanced persistent threat, it is almost inevitable that organizations will be targeted. Whether the attacker is successful in penetrating an organizations network depends on the effectiveness of the organizations defense. Defending against attacks is an ongoing challenge, with new threats emerging all of the time, including the next generation of threats. Organizations need to understand what really works in cybersecurity. What has worked, and will always work, is taking a risk-based approach to cyber defense. Before your organization spends a dollar of its IT budget or allocates any resources or time to anything in the name of cybersecurity, three questions must be answered:

  1. What is the risk?
  2. Is it the highest priority risk?
  3. What is the most cost-effective way to reduce the risk?

Security is all about making sure you focus on the right areas of defense. In SEC 401 you will learn the language and underlying theory of computer and information security. You will gain the essential and effective security knowledge youll need if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills you can put into practice immediately upon returning to work; and (2) You will be taught by the best security instructors in the industry.

Assessment Available

Test your security knowledge with our free SANS Security Essentials Assessment Test.

Notice:

This course prepares you for the GSEC certification that meets the requirement of the DoD 8570 IAT Level 2.

Course Content Overlap Notice:

Please note that some course material for SEC 401 and MGT 512 may overlap. We recommend SEC 401 for those interested in a more technical course of study, and MGT 512 for those primarily interested in a leadership-oriented but less technical learning experience.

Course Syllabus
Course Contents
  SEC401.1: Networking Concepts
Overview

A key way that attackers gain access to a companys resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible, but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, an understanding of how networks and the related protocols like TCP/IP work is critical to being able to analyze network traffic and determine what is hostile. It is just as important to know how to protect against these attacks using devices such as routers and firewalls. These essentials, and more, will be covered during this course day in order to provide a firm foundation for the consecutive days of training.

CPE/CMU Credits: 8

Topics

Network Fundamentals

  • Network types (LANs, WANs)
  • Network topologies
  • LAN protocols
  • WAN protocols
  • Network devices

IP Concepts

  • Packets and addresses
  • IP service ports
  • IP protocols
  • TCP
  • UDP
  • ICMP
  • DNS

IP Behavior

  • TCP dump
  • Recognizing and understanding
  • UDP
  • ICMP
  • UDP behavior

Virtual Machines

  • Use
  • Implementation
  • Security

 
  SEC401.2: Defense In-Depth
Overview

To secure an enterprise network, you must have an understanding of the general principles of network security. In this course, you will learn about six key areas of network security. The day starts with information assurance foundations. Students look at both current and historical computer security threats, and how they have impacted confidentiality, integrity, and availability. The first half of the day also covers creating sound security policies and password management, including tools for password strength on both Unix and Windows platforms. The second half of the day is spent on understanding the information warfare threat and the six steps of incident handling. The day draws to a close by looking at what can be done to test and protect a web server in your company.

CPE/CMU Credits: 8

Topics

Information Assurance Foundations

  • Defense in-depth
  • Confidentiality, integrity, and availability
  • Risk model
  • Authentication vs. authorization
  • Vulnerabilities
  • Defense in-depth

Computer Security Policies

  • Elements when well written
  • How policies serve as insurance
  • Roles and responsibilities

Contingency and Continuity Planning

  • Business continuity planning (BCP)
  • Disaster recovery planning (DRP)
  • Business impact analysis

Access Control

  • Data classification
  • Authentication, authorization, accountability (AAA)
  • MAC and DAC

Password Management

  • Password cracking for Windows and Unix
  • Alternate forms of authentication (tokens, biometrics)
  • Single sign-on and RADIUS

Incident Response (IR)

  • Preparation, identification, and containment
  • Eradication, recovery, and lessons learned
  • Investigation techniques and computer crime
  • Legal issues associated with IR

Offensive and Defensive Information Warfare (IW)

  • Types of IW
  • APT
  • Asymmetric warfare
  • Offensive goals

Web Security

  • Web communication
  • Web security protocols
  • Active content
  • Cracking web applications
  • Web application defenses

 
  SEC401.3: Internet Security Technologies
Overview

Military agencies, banks, and retailers offering electronic commerce programs, as well as dozens of other types of organizations, are striving to understand the threats they are facing and what they can do to address those threats. On day 3, you will be provided with a roadmap to help you understand the paths available to organizations that are considering deploying or planning to deploy various security devices and tools such as intrusion detection systems and firewalls. When it comes to securing your enterprise, there is no single technology that is going to solve all your security issues. However, by implementing an in-depth defense strategy that includes multiple risk-reducing measures, you can go a long way toward securing your enterprise.

CPE/CMU Credits: 8

Topics

Attack Methods

  • How the adversary breaks into systems
  • Mitnick attack
  • Attack methods

Firewalls and Perimeters

  • Types of firewalls
  • Pros and cons of firewalls
  • Firewall placement
  • Packet filtering, stateful, and proxies

Honeypots

  • Forensics
  • Honeypots
  • Honeynets
  • Honey tokens

Host-based Protection

  • Intrusion detection
  • Intrusion prevention
  • Tripwire
  • Pros and cons

Network-based Intrusion Detection and Prevention

  • Pros and cons
  • Deployment strategies
  • Snort
  • Development and advances

Risk Assessment and Auditing

  • Risk assessment methodology
  • Risk approaches
  • Calculating risk
  • SLE
  • ALE

 
  SEC401.4: Secure Communications
Overview

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies deploy it correctly. This technology is cryptography. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at various aspects of encryption and how it can be used to secure a companys assets. A related area called steganography, or information hiding, is also covered. Wireless is becoming a part of most modern networks, but is often implemented in a non-secure manner. Security issues associated with wireless, and what can be done to protect these networks, will also be discussed. This section finishes by tying all of the other pieces together by looking at operations security.

CPE/CMU Credits: 8

Topics

Cryptography

  • Need for cryptography
  • Types of encryption
  • Symmetric
  • Asymmetric
  • Hash
  • Ciphers
  • Digital substitution
  • Algorithms
  • Real-world cryptosystems
  • Crypto attacks
  • VPNs
  • Types of remote access
  • PKI
  • Digital certificates
  • Key escrow

Steganography

  • Types
  • Applications
  • Detection

Wireless

  • Common protocols
  • Common topologies
  • Misconceptions
  • Security issues
  • Securing wireless

VoIP

  • Use and how it works
  • Advantages and disadvantages
  • Deployment strategies
  • Challenges
  • Securing VoIP

Operations Security

  • Legal requirements
  • Administrative management
  • Individual accountability
  • Need to know
  • Privileged operations
  • Control types
  • Operation controls
  • Reporting

 
  SEC401.5: Windows Security
Overview

Windows is the most widely-used and hacked operating system on the planet. At the same time, the complexities of Active Directory, PKI, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. This section will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. You will complete the day with a solid grounding in Windows security, including the important new features in Windows 8 and Server 2012.

CPE/CMU Credits: 8

Topics

Security Infrastructure

  • Windows family of operating systems
  • Workgroups and local accounts
  • What is Active Directory?
  • Domain users and groups
  • Kerberos, NTLMv2, smart cards
  • Forests and trusts
  • What is group policy?

Service Packs, Patches, and Backups

  • Service packs
  • E-mail security bulletins
  • Patch installation
  • Automatic updates
  • Windows server update services
  • Windows backup
  • System restore
  • Device driver rollback

Permissions and User Rights

  • NTFS permissions
  • File and print sharing service
  • Shared folders
  • BitLocker drive encryption

Security Policies and Templates

  • Group policy objects
  • Password policy
  • Lockout policy
  • Anonymous access
  • Software restriction policies

Securing Network Services

  • Firewalls and packet filtering
  • IPSec and VPNs
  • Wireless networking
  • Security configuration wizard
  • Remote desktop protocol (RDP)

Auditing and Automation

  • Microsoft baseline security analyzer
  • SECEDIT.EXE
  • Windows event logs
  • NTFS and registry auditing
  • IIS logging
  • Creating system baselines
  • Scripting tools
  • Scheduling jobs

 
  SEC401.6: Unix/Linux Security
Overview

While organizations do not have as many Unix/Linux systems, those that they do have are often some of the most critical systems that need to be protected. Day 6 provides step-by-step guidance to improve the security of any Linux system. The course combines practical how to instructions with background information for Linux beginners, as well as security advice and best practices for administrators of all levels of expertise.

CPE/CMU Credits: 6

Topics

Linux Landscape

  • Different variants of and uses for Linux
  • Ways processes are started
  • Network interface information
  • Process information
  • Directory hierarchy
  • Partitions and OS installation

Permissions and User Accounts

  • Setting permissions
  • SUID and SGID
  • Controlling access
  • Root vs. user accounts
  • Setting password controls
  • Pluggable authentication module (PAM)

Linux OS Security

  • Dangerous services
  • Helpful services
  • Running and stopping programs
  • Configuration changes and restarting services
  • File system permissions, ownership, and systems
  • Mounting drives

Maintenance, Monitoring, and Auditing Linux

  • Common causes of compromise
  • Patching
  • Backing up data
  • Syslog
  • Analyzing log files
  • Other logging

Linux Security Tools

  • File integrity verifications
  • Chkrootkit
  • CIS hardening guides
  • Bastille linux
  • Sniffers
  • Snort

 
Schedule Instructor
 
Wed Sep 3rd, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Sep 10th, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Sep 17th, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Sep 24th, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Oct 1st, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Oct 8th, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Wed Oct 15th, 2014
6:00 PM - 9:00 PM
Matthew J. Harmon
Additional Information
 
  Testimonial

To give you an idea of the effectiveness of the course, heres what a few former students have said about it:

"Sec 401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance

"Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an org." - Brandon Smit, Dynetics

"SEC 401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, can't wait to come back for more." - Nicholas Blanton, ManTech International

 
  Laptop Required

Security 401: Security Essentials Bootcamp Style consists of course instruction and hands-on sessions. To reinforce the skills covered in class and gain experience with the tools needed to implement effective security, there are hands-on labs every day. These lab sessions are designed to enable students to use the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and utilize the tools and techniques that they have learned.

RULES AND REQUIREMENTS:

  • Do not bring a regular production laptop to this class! When installing software, there is always a chance of breaking something else on the system. Students should assume that all data could be lost.
  • It is critical that students have administrator access to the operating system and all security software installed. Changes need to be made to personal firewalls and other host-based software in order for the labs to work.
  • Anti-virus software will need to be disabled in order to install some of the tools.
  • A DVD player is required to install the tools that will be provided in class.
  • Students are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop, so please note that your laptop must be properly installed and configured before you come to class. Students are also required to test their systems (as described below) prior to coming to class.
  • Students must bring a laptop with Windows 7 installed (the specific version does not matter). The recommended configuration is Windows 7 as the host operating system running BackTrack 5 (or Kali Linux) as a virtual machine with VMWare Player. Students can use a Mac or Linux system with a different virtual machine product running both Windows and BackTrack 5 (or Kali Linux) on virtual machines, but the specific details for setting it up are left to the student.
  • Students MUST also download/install VMWare Player and BackTrack 5 (or Kali Linux) prior to coming to class. In addition, the DVDs provided to students contain BackTrack 5 and can be installed on the first day of class.

In summary, before you arrive for the course you should:

  • Confirm that Windows 7 is installed and working
  • Download and install VMWare Player
  • Install BackTrack 5 (or Kali Linux)
  • Confirm that you can start up Back Track (or Kali Linux) and run a program.

By properly preparing, you will have a knowledge-rich and enjoyable lab experience.

If you have any questions, feel free to contact us.

Sincerely,

Dr. Eric Cole

Track Lead/Course Author

E-mail: eric@sans.org

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  Who Should Attend

Anyone who works in security, is interested in security, or has to understand security should take this course, including:

  • Security professionals who want to fill the gaps in their understanding of technical information security
  • Managers who want to understand information security beyond simple terminology and concepts
  • Operations personnel who do not have security as their primary job function but need an understanding of security to be effective
  • IT engineers and supervisors who need to know how to build a defensible network against attacks
  • Administrators responsible for building and maintaining systems that are being targeted by attackers
  • Forensic analysts, penetration testers, and auditors who need a solid foundation of security principles so they can be as effective as possible at their jobs
  • Anyone new to information security with some background in information systems and networking.

 
  Prerequisites

SEC401 Security Essentials Bootcamp Style covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field with no background knowledge, SEC301 Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite, it will provide the introductory knowledge that will help maximize the experience with SEC401.

 
  Other Courses People Have Taken

Other Courses People Have Taken

For those who are more advanced, SEC501 Enterprise Defender might be the more appropriate course to take.

 
  What You Will Receive

In this course you will receive the following materials:

  • Course books with labs
  • Glossary and acronym list
  • DVD
  • TCP/IP reference guide

 
  You Will Be Able To
  • Apply what you learned directly to your job when you go back to work
  • Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise
  • Run Windows command line tools to analyze the system looking for high-risk items
  • Run Linux command line tools (ps, ls, netstat, etc.) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
  • Install VMWare and create virtual machines to create a virtual lab to test and evaluate tools/security of systems
  • Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness
  • Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, cover ways to configure the system to be more secure
  • Build a network visibility map that can be used for hardening of a networkvalidating the attack surface and covering ways to reduce that surface by hardening and patching
  • Sniff open protocols like telnet and ftp and determine the content, passwords, and vulnerabilities using WireShark.

 
  Hands-on Training

SEC401 is an interactive hands-on training course. The following are some of the lab activities that students will carry out:

  • Setup of virtual lab environment
  • Windows/Linux tutorial
  • TCP dump analysis
  • WireShark decoding of VoIP traffic
  • Password cracking
  • Host-based discovery with Dumpsec
  • Hashing to preserve digital evidence
  • Analyzing networks with hping and nmap
  • Event correlation with Splunk
  • Use of steganography tools
  • Securing a windows system with MBSA and SCA

 

Author Statement

"One of the things I love to hear from students after teaching Security 401 is I have worked in security for many years and after taking this course I realized how much I did not know. With the latest version of Security Essentials and the Bootcamp, we have really captured the critical aspects of security and enhanced those topics with examples to drive home the key points. After you have attended Security 401, I am confident you will walk away with solutions to problems you have had for a while, plus solutions to problems you did not even know you had."

- Eric Cole

Pricing
Paid by Aug 6 Paid by Aug 20 Paid after Aug 20 Options
$3,660 $3,910 $4,160
  •  Cancel Date: Aug 20, 2014