2 Days Left to Save $500 for SANS Boston 2013

Network Security Resources

Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.

This document is your guide to SANS paid and free Network Security resources.

SANS Paid Network Security Resources

SECURITY 401: SANS Security Essentials

Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.

SECURITY 502: Perimeter Protection In-Depth

This course is a highly technical hands-on saturation of everything you need to know in order to design, deploy and maintain a secure perimeter, from the idiosyncrasies of TCP/IP to creating your own automated alerting systems. Since most people gain a better understanding though hands on knowledge, over 25% of the class time is spent performing labs that give you real world experience with the tools you can implement for essential network security. You'll even work with some of the tools that are considered to be hostile in nature in order to gain a better understanding of what is required to fully lock down your environment.

SECURITY 503: Intrusion Detection In-Depth

This is the most advanced program in network intrusion detection where you will learn practical hands-on intrusion detection methods and traffic analysis from top practitioners/authors in the field. All of the course material is either new or just updated to reflect the latest attack patterns. This series is jam-packed with network traces and analysis tips. The emphasis of this course is on increasing students' understanding of the workings of TCP/IP, methods of network traffic analysis, and one specific network intrusion detection system - Snort. This course is not a comparison or demonstration of multiple NIDS. Instead, the knowledge/information provided here allows students to better understand the qualities that go into a sound NIDS and the "whys" behind them, and thus, to be better equipped to make a wise selection for their site's particular needs.

AUDIT 507: Auditing Networks, Perimeters & Systems

This SANS course is based on known and validated threats and vulnerabilities based on validated information from real world situations that can be used to raise awareness within an organization and build an understanding of why auditing is important. From these threats and vulnerabilities, we build the countermeasures and defenses including instrumentation, metrics and auditing. The course begins with a high-level introduction on methods and audit programs. It then takes you through all the particulars of how to actually audit devices and IT systems that range from firewalls and routers all the way down to the underlying operating systems.

SECURITY 415: Securing and Auditing Cisco Routers and Switches

Hackers are targeting Cisco routers. It's true - almost 60% of the Internet's routers are running Cisco IOS, and a compromised router opens up countless attack possibilities for a hacker. Fortunately, Cisco IOS can be configured to resist attacks, hardening the configuration of the router. SANS is pleased to offer a hands-on course that combines labs and lecture to teach how attackers compromise routers, and how you can defend against these attacks. In this course, you will use the hacker tools that are being used against routers, and learn how to configure Cisco IOS to defend against these attacks. Using the Router Audit Tool from the Center for Internet Security (CIS), you will practice hands-on auditing techniques to ensure routers meet the CIS requirements and advanced configuration settings to harden router configurations.

SANS Free Network Security Resources

Here are some papers on Network Security you may want to read:

Enhancing IDS using Tiny Honeypot

The intention of the honeypot installed for this paper is not to be probed, attacked, or compromised nor is it to invite attackers, rather the intention is to try to understand the network traffic that should not be on the network and allow intrusion detection rules to be written that alert upon detecting the unwanted traffic.

Packet Sniffing In a Switched Environment

This paper focuses on the threat of packet sniffing in a switched environment, and briefly explores the effect in a non-switched environment.

A Reverse Proxy Is A Proxy By Any Other Name

In this paper you'll learn about reverse proxies and how to protect your web servers. If you are interested in learning more about this topic, we recommend taking the SANS we recommend taking the SANS SEC504 Hacker Techniques, Exploits and Incident Handling course, available both online and via live training events.

Wireless Attacks from an Intrusion Detection Perspective

This paper discusses wireless intrusion detection systems and explains how to detect common wireless attacks.

VPNScan: Extending the Audit and Compliance Perimeter

This paper outlines specifically how VPNSCAN was built, with policy and implementation issues found in various customer environments.

Additional Resources

To learn more about the latest threats to Network Security, please visit:

Internet Storm Center

I have no idea how I was doing my job without this information.
-Jonathon Turner, Paycom Payroll

NetWars - Cyber Range

Latest Whitepapers

Web Application Injection Vulnerabilities: A Web App's Security Nemesis?
By Erik Couture

Electronic Medical Records: Success Requires an Information Security Culture
By Thomas Roberts

Analyzing Polycom® Video Conference Traffic
By Chris Cain

Latest Tweets

#windowssecurity "Windows Security Course: Las Vegas in Sept [...]
June 7, 2013 - 5:47 AM

New Blog Post: Windows Memory Analysis In-Depth - Discount C [...]
June 7, 2013 - 12:37 AM

Save $500 through 6/12 on important cybersecurity courses at [...]
June 6, 2013 - 10:05 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County