SANS Secure Europe 2008 - Brussels - Perimeter Protection In-Depth

SANS Institute

The most trusted source for computer security training, certification and research.

select a course

Brussels, Belgium - June 16 - 21, 2008

Vendor Events
Special Events
SANS @Night
Brochure (PDF)

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
28,186

Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota

Additional Events: Please see Secure Europe 2008 for more info on other SANS Secure Europe Events.

Security 502

6 Day Course

(Portal Account Required)

(SelfStudy Available)

For GIAC Certification

If you register for the full course, you may register to seek your GCFW Certification.

Online exam issued with 4-month deadline 7-10 days following conference.

Additional information:
GCFW Information
GIAC FAQ
Fee Information

For OnDemand Bundles

You can bundle SANS OnDemand online training and assessment package for an additional €300.00 EURO when registering for the full course. Additional information can be found at the OnDemand Bundles page and the OnDemand FAQ.

VAT Rate Info

21% VAT will be added to the tuition costs.

The VAT number for Belgium is D/005580/08/001

SANS Cyber
Guardian Program
Click here to Learn More.

SECURITY 502

Perimeter Protection In-Depth

Monday, June 16, 2008 - Saturday, June 21, 2008
Chris Brenton, SANS Faculty Fellow
6 CPE Credits per day

Laptop RequiredFree

This course is a highly technical hands-on saturation of everything you need to know in order to design, deploy, and maintain a secure network. The course is built using a building block approach that brings you up from the idiosyncrasies of TCP/IP to creating your own automated alerting systems. Since most people gain a better understanding through hands-on knowledge, over 25% of the class is spent performing labs that give you real-world experience with tools you can use to better secure your network. You'll even work with some tools that are considered to be hostile in nature in order to gain a better understanding of what is required to fully lock down your environment.

Many attacks are based on bending the rules of network communications. With this in mind, the course starts off by giving you an in-depth understanding of IP and its transports. Tools are introduced to better understand traffic flow as well as the unique communication characteristics of different operating systems. We then build on this knowledge to describe how this traffic flow can be controlled at both the header and the payload level. Concepts like packet filtering and proxy firewalls, network-based intrusion detection and prevention, etc. are introduced and labs are conducted in order to better understand the underlying core technology.

From there, we move into how to secure systems that are exposed to Internet access as well as the tools you can use to simplify that task. Concepts like host-based intrusion detection and prevention, vulnerability assessments, auditing, and centralized logging and alerting are also covered in depth in order to ensure our perimeter remains secure. Encryption, authentication, and VPN technologies are covered so we can securely permit our remote and wireless users into the network. Network access control is introduced so we can secure the network behind the perimeter as well. Hands-on labs are performed so you are empowered to immediately apply these concepts when you return to the office. Finally, the concept of performing a forensic analysis is covered just in case the worst does occur. Again, we look at the tools you can use to help simplify this process.

In short, this course takes a defense-in-depth approach to locking down a network. Every layer in that defense is covered in order to ensure that your perimeter will provide maximum protection for your organization's resources. A strong focus is placed on hands-on time with the tools you can use to complete this task.

Prerequisite
You must possess at least a working knowledge of TCP/IP and Hex (see: http://www.sans.org/conference/tcpip_quiz.php ""> http://www.sans.org/conference/tcpip_quiz.php " target="_blank"> http://www.sans.org/conference/tcpip_quiz.php to test your TCP/IP and Hex basics knowledge).

This course, on the first day, made clear several topics that I had questions on for years. The explanations provided were unlike other information contained on websites and in books
-M. Cook, Arrowhead International

Author Statement

One of the things I love seeing in my students is the little light bulbs that go off over their heads. I think a lot of people walk into the class thinking, "Hey - I've been running a Check Point or a Cisco firewall for a few years, I already know this perimeter stuff" and they are blown away by how much they learn. A single line of defense was fine in the 1990s. But today, attackers as well as their exploits are so sophisticated that a single line of security is no longer up to the task. In this class students learn about each of the layers that can be implemented to keep the attackers at bay. I've recently added to the course a ton of hands-on labs. I think this really helps to solidify the student's comfort zone with each technology. You learn how an attacker can hijack a VPN session and then go hands on with it in class. You learn how an attacker can setup a backdoor via a reverse HTTP session and again, setup a Trojan in class and start controlling a system located behind a firewall. I think in many ways this is probably the most difficult SANS class to master, as the breadth of knowledge learned is so diverse. Each technology is a required skill, however, if you are going to lock down your organization's perimeter.

- Chris Brenton