SEC301: Introduction to Cyber Security

GIAC Information Security Fundamentals (GISF)
GIAC Information Security Fundamentals (GISF)
  • In Person (5 days)
  • Online
30 CPEs

This introductory certification course is the fastest way to get up to speed in information security. Written and taught by battle-scarred cyber security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. Course lecture explains terms and concepts in detail and the hands-on labs drive those concepts home. A balanced mix of technical topics explained in easy-to-understand ways makes this course appealing to attendees who need to understand the important facets of cyber security. If you need to lay your cyber security foundation quickly, SEC301's explanations and 14 hands-on labs will have you covered!

What You Will Learn

To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

  • Are you new to cyber security and in need of an introduction to the fundamentals?
  • Are you bombarded with complex technical security terms that you don't understand?
  • Do you need to be conversant in basic security concepts, principles, and terms, but do not need "deep in the weeds" detail?
  • Have you decided to make a career change to take advantage of the job opportunities in cyber security and need formal training/certification?
  • Are you a manager who lays awake at night worrying that your company may be the next mega-breach headline story on the 6 o'clock news?

If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Jump-start your cyber security knowledge by receiving insight and instruction from real-world security experts on critical topics that are fundamental to cyber security.

Some of the things this five-day comprehensive course covers includes core terminology, how computers and networks function, mobile device security, the Internet-of-Things (IoT), Artificial Intelligence (AI), authentication including a new way of looking at passphrases, authorization including permissions, single-sign-on, & zero knowledge, cryptographic processes, social engineering, network attacks & malware, wireless security, firewalls and many other cyber security defense technologies, web & browser security, backups, virtual machines & cloud computing. All topics are covered at an easy-to-understand introductory level.

This course is for those who have very little knowledge of computers & technology with no prior knowledge of cyber security. The hands-on, step-by-step teaching approach enables you to grasp all the information presented, even if some of the topics are new to you. You will learn real-world cyber security fundamentals to serve as the foundation of your career skills and knowledge for years to come.

Written by a cyber security professional with four decades of industry experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as getting you ready for your next training course. It also delivers on the SANS promise: "You can use the knowledge and skills you learn in SEC301 as soon as you return to work."

BUSINESS TAKEAWAYS

This course will help your organization:

  • Secure your organization's assets through the application of the Principle of Least Privilege
  • Understand the fundamentals of authentication, authorization, cryptography, and defensive technologies such as firewalls
  • Communicate a wide variety of attacks including social engineering, drive-by downloads, watering hole attacks, lateral movement, botnets, buffer overflows, and more
  • Avoid being the next mega-breach headline story on the 6 o'clock news

You Will Be Able To

  • Communicate with confidence regarding cyber security topics, terms, and concepts
  • Have a fundamental grasp of any number of technical acronyms: TCP/IP, IP, TCP, UDP, DHCP, ARP, NAT, ICMP, and DNS, and the list goes on
  • Understand and apply the Principle of Least Privilege
  • Understand the application of Confidentiality, Integrity, and Availability (CIA) for prioritization of critical security resources
  • Understand the relationship between the Graphical User Interface (GUI) and Command Line Interface (CLI) on both Windows and Linux
  • Use the GUI and CLI to manipulate files and folders in both Windows and Linux
  • Build better passphrases that are more secure while also being easier to remember and type -- and be able to help co-workers, family, and friends do the same
  • Deploy a secure password manager in your organization and at home
  • Grasp basic cryptographic principles, processes, procedures, and applications
  • Implement cryptography tools
  • Understand the cyber security impact of the Internet of Things (IoT)
  • Discuss the cyber security impact of Artificial Intelligence (AI)
  • Understand how a computer works including the role of the operating system, kernel, file systems, users, groups, hard-disk-drives, and Random Access Memory (RAM)
  • Convert number systems utilized by computers including decimal, binary, and hexadecimal values
  • Understand computer network basics including routing, default gateways, and common protocol packet headers
  • Utilize built-in Windows tools to see your network settings
  • Analyze network traffic using the popular Wireshark tool
  • Understand how Windows and Linux implement file and directory permissions
  • Set file permissions on a Linux system
  • Understand wireless technologies including Wi-Fi, Bluetooth, and mobile phones
  • Secure a wireless access point using industry best practice settings
  • Understand different types of malware
  • Explain a variety of frequent attacks such as social engineering, drive-by downloads, watering hole attacks, living-off-the-land, lateral movement, buffer overflow, botnets, and other common attacks
  • Understand the application of defensive technologies such as anti-malware firewalls, sinkholes, content filters, vulnerability scanners, penetration testing, active defense, threat hunting, and allow-listing
  • Implement a simple firewall configuration
  • Differentiate between the surface web, the deep web, and the dark web.
  • Understand browser security and the privacy issues associated with web browsing
  • Explain system hardening
  • Discuss system patching
  • Understand virtual machines and cloud computing
  • Understand backups and create a backup plan for your personal life that helps you guard against having to pay a ransom to access your data

In this course, you receive the following:

  • Electronic Courseware for each day of training that includes the slides presented and notes to explain them plus an electronic lab workbook explaining the hands-on labs
  • Access to the SEC301.com website containing 680+ quiz questions, videos of the author performing each lab, and additional helpful materials
  • Five full days' worth of high-quality instruction and explanation
  • MP3 audio files of the complete course lecture

Syllabus (30 CPEs)

Download PDF
  • Overview

    Every good security practitioner and every good security program begins with the same mantra: Learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you fully understand the Principle of Least Privilege and why it drives all security decisions. You will know the Confidentiality, Integrity, and Availability (CIA) method of prioritizing your security program and will have been introduced to the basics of security policy and risk management. You will know the difference between the Windows, Linux, Google Chrome, and Mac operating systems. You will understand essential computer functions such as the role of the operating system & kernel, file system, and Random Access Memory (RAM). You will have knowledge of mobile device security along with solid advice for securing your devices. You will understand the security implications of the Internet of Things and artificial intelligence systems such as ChatGPT. In addition, you can perform conversion of values in decimal, binary, and hexadecimal and can manipulate files using both the graphical and command line interfaces in Windows and Linux.

    Exercises

    Lab 0 - Using the Lab Environment

    • All SEC301 labs occur in a virtualized cloud environment. Students access the environment via a browser to interact with a Windows 10 and Linux computer while Linux servers provide web and other services behind the scenes. Instructions are provided on screen, and in a printed lab guide -- students use whichever they prefer. It is not a difficult environment to use, but understanding how to manipulate the screen and font sizes and how to maneuver between tasks is very helpful. This lab helps the student understand how to use the lab environment so that in later, more complex labs, they can concentrate on meeting the objectives of those exercises and not on the lab environment itself.

    Lab 1.1 - Converting Number Systems

    • Apply the knowledge learned in course lecture to convert decimal numbers to binary, binary numbers to hexadecimal, binary and hexadecimal numbers to decimal values, and so on. Several pro tips and shortcuts are provided for performing these conversions quickly and easily.

    Lab 1.2 - The GUI & CLI

    • Use Windows 10's Graphical User Interface (GUI) and Command Line Interface (CLI) to create and manipulate files and directories. In both interfaces, you will generate directory listings, create directories, change directories, create files, rename files, copy files, and move files. You then change to a Linux computer and utilize both the GUI and CLI to perform all the same functions on that platform as well.
  • Overview

    Cryptography is one of the most complex issues faced by security practitioners. It is not a topic we can explain in passing; we spend a full day on it. You do not need a calculator for this day since we do not delve into the math behind crypto. We introduce you to cryptographic terms. You learn what steganography is. You then look at historical examples of cryptography because even the most advanced cryptographic systems today utilize methods of encrypting data that were used hundreds of years B.C. So, we explain the historical examples that are very easy to understand, making it easier for you to understand modern cryptographic methods and principles.

    You will understand the "work factor" - the length of time necessary to break cryptography and why understanding this concept is so important. We cover some of the potential attacks against crypto and which ones are viable against modern cryptography and which attacks are nonviable. You learn cryptographic hashing, symmetric & asymmetric cryptography and how each works. You learn how the popular key exchange mechanism called Diffie-Hellman works.

    Once we have thoroughly explained how cryptography works, we end the day with a discussion on how we implement encryption in the real-world. How does cryptography secure data on our local computers, networks, and across the Internet? Here you learn email encryption, secure remote system administration, Zero Knowledge implementations, how passphrases can create encryption keys, and three common Virtual Private Network (VPN) scenarios. We also cover digital certificates and Public Key Infrastructure (PKI), including an explanation of the Open Certificate Status Protocol (OCSP) used on the World-Wide-Web.

    Again, we do not spend our time on the mathematics behind cryptography, but instead, we are highly process focused. We explain the steps required to make crypto work, the order those steps must occur in, and which key you must use for each step.

    Exercises

    Lab 2.1 - Crypto by Hand.

    • Crypto by Hand: Apply the knowledge and skills we learned via lecture to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).

    Lab 2.2 - Visual Crypto.

    • Observe the encryption process that occurs by turning plaintext (what you can read) into ciphertext (what you cannot read) in real-time on your computer screen. Increase your understanding of what "randomness in ciphertext" truly means by seeing the randomness happen. See ciphertext turned back into plaintext. Find out what happens if you edit ciphertext and try to decrypt it. Learn what happens if you attempt to decrypt data with the wrong key. See how many cryptographic functions pad plaintext. The lab provides visual proof of many definitive statements made by the instructor throughout the lecture.

    Lab 2.3 - Using Crypto.

    • Use two open-source tools to implement encryption on a local hard drive. You will use the tools utilizing both the Graphical User Interface (GUI) and Command Line Interface (CLI) to encrypt local files and to create mountable encrypted volumes.
  • Overview

    You begin the third day of class by examining authentication systems. You learn to think of passwords/passphrases in ways you probably have not seen in the past. You learn to create passphrases that are extremely strong, but also easy to remember. You also learn about secure password manager software and password cracking software. You learn common password configurations used by organizations and the associated terminology. You also learn the value of token-based authentication and biometric authentication systems.

    Once we know who a user is via authentication, security administrators seek to control what those users can do by implementing authorization controls. You learn the details of how Windows implements permissions using Security ID numbers (SIDs) and Security Access Tokens (SATs). You also learn how those SIDs, and SATs are used by a Windows network to enforce single-sign-on restrictions. You then see how permissions are implemented in a Linux environment, and how to set those permissions using the command line interface.

    The day completes with an introduction to networking. You will learn the basics of how information moves across a network -- beginning with a completely non-technical explanation - then moving into slightly more technical examples. You learn about common protocols including the Internet Protocol (IP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). Part of this explanation includes examining the packet headers for each protocol. You will also learn about common necessary protocols such as Dynamic Host Configuration Protocol (DHCP), the Domain Name System (DNS), and Network Address Translation (NAT).

    Exercises

    Lab 3.1 - Building better passwords: The Haystack

    • Use a tool that shows how long it takes to compromise various passwords via a brute force attack. The emphasis of the lab is to show you how to help yourself, your users, your family, and your friends to choose better, stronger, and easier to use passwords/passphrases.

    Lab 3.2 - Bitwarden & 2FA

    • Use the free Bitwarden password manager to remember your passwords/passphrases on websites you already have an account on as well as any new websites in the future. You will also utilize the Bitwarden passphrase generator to change the password on those sites to something much stronger and have Bitwarden remember the new passphrases for you. Finally, you will set up two-factor authentication (2FA) on those sites, using Bitwarden as the authentication "token".

    Lab 3.3 - Linux File Permissions

    • Using a Linux desktop computer, you will set the permissions on files using the Linux command line interface. You will set those permissions using both the absolute and symbolic methods that you learned about in lecture.

    Lab 3.4 - Networking & Wireshark

    • You start this lab by using a Windows command line utility to view the network configuration on the Windows 10 cloud lab computer (information we use in a later lab). We than utilize the popular Wireshark network analyzer to look at several types of traffic including DHCP, ARP, Ping, DNS, and HTTP. You will learn to use simple display filters in Wireshark to aid in analysis and how to enter even complex display filters easily. Finally, you use Wireshark to retrieve data from captured HTTP traffic and save the data to a file.
  • Overview

    Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security standards for Wi-Fi to understand the current specifications for both functionality and security. You will learn about 802.11 standards old and new. You will learn about the weakness of antiquated security standards that are still in use and how modern standards improve Wi-Fi security a great deal. You will also learn about security implications of the Service Set Identifier, Pre-Shared Key, Enterprise Level Authentication, Wi-Fi protected setup, wardriving, homemade "cantennas", and rogue access points.

    You will learn about Bluetooth standards and security and the operational strength but also the security weakness of Bluetooth's backward compatibility. You will understand Bluetooth's association models and security concerns.

    You will dive into social engineering to gain an understanding of phishing, spear phishing, whaling, vishing, smishing, deep fake imposter vishing using AI and more. You will also learn the strategies to mitigate social engineering.

    We then move into network attacks with a look at the five phases of an attack. You discuss common attacks including open-source intelligence gathering, port scanning, "living-off-the-land" attacks, remote command and control, machine-in-the-middle attacks, drive-by download attacks, watering hole attacks, lateral movement, buffer overflow attacks, Denial of Service (DoS), botnets and other frequent attacks.

    The fourth day ends with a discussion of malware. What is a virus versus a worm or a Trojan horse? What is ransomware, and what is cryptojacking. We then cover both anti-malware and host firewalls that try to counter these problems.

    Exercises

    Lab 4.1 - Wireless Access Point Configuration

    • Configure a Wireless Access Point (A.K.A. Wireless Router). Students go through the steps of configuring a wireless access point from its default insecure state to a locked-down, far more secure state. Industry best practices dictate the final settings. Students can take these lab instructions home or to work and apply them with some necessary modifications given their device manufacturer.

    Lab 4.2 - Port Scanning with Zenmap

    • Use the Zenmap graphical interface to the extremely popular port scanner Nmap. Conduct several port scans to determine live IP addresses, the ports they are listening on, the operating system of the distant computer, and the software running on those ports.

    Lab 4.3 - Malware Scanning with Malwarebytes

    • Run the anti-malware scanner "Malwarebytes" on a virtual machine running within the lab environment. Discover active malware and remove it from the system. Also, discover Potentially Unwanted Programs (PUPs) that are, in reality, authorized software. Allow-list the PUPs, so they stop showing up in the scan results.
  • Overview

    The final day of our SEC301 journey continues the discussion of Cyber Security Technologies. The day begins by looking at several security technologies, including compartmentalization, firewalls, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), sniffers, content filters, sinkholes, ethical hacking, active defense, threat hunting, allow-listing and more. You will understand the strengths and weaknesses for each of these technologies.

    We then take a solid look at Browser and Web security, and the difficulties of securing the web environment. For example, students understand why and how their browser connects to anywhere from 5 to 100+ different Internet locations each time they load a single web page. Students also learn about the common security features of browsers.

    We end the day with a look at system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup. We include solid real-world examples of how to implement these.

    Exercises

    Lab 5.1 - Firewall Builder

    • Students utilize an open-source tool called "Firewall Builder" to create a simple yet fully functional firewall configuration. The lab not only explains how to build each of the rules but, more importantly, explains WHY you build each rule. The lab teaches not only the basics of configuring a firewall but also how to read and audit an existing firewall ruleset.

GIAC Information Security Fundamentals

The GIAC Information Security Fundamentals (GISF) certification validates a practitioner's knowledge of security's foundation, computer functions and networking, introductory cryptography, and cybersecurity technologies. GISF certification holders will be able to demonstrate key concepts of information security including understanding the threats and risks to information and information resources and identifying best practices to protect them.

  • Cyber security terminology
  • The basics of computer networks
  • Security policies
  • Incident response
  • Passwords
  • Introduction to cryptographic principles
More Certification Details

Prerequisites

  • SEC301 does not have prerequisites.
  • SEC301 assumes only the most basic knowledge of computers.
  • SEC301 makes no assumptions regarding prior security knowledge.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY SEC301 SYSTEM HARDWARE REQUIREMENTS
  • In-Person attendees must have wireless networking (802.11 standard). There is no wired Internet access in the physical classroom. The classroom will have electrical outlets at the student's tables.
  • Online and LiveOnline students require an Internet connection. We will use Zoom and Slack in online classes.
  • OnDemand students will utilize the SANS OnDemand player. You will get access to that player when your class access begins.
  • All SEC301 hands-on-labs occur in a virtualized cloud environment. Students access the environment via a web browser to interact with a Windows 10 and Linux computer during the labs.
  • Therefore, any computer running a browser will let students perform the labs. A larger screen is very helpful, as is a physical keyboard and mouse.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

Author Statement

"If you want to be good at something, whether it be sports, music, science, math, or cyber security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals, the better you become at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The Introduction to Cyber Security course is all about building those fundamentals and creating that foundation.

One of the things I enjoy most is seeing a student have that "ah-ha" moment. The moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the "light-bulb" of understanding appear over their heads. There are "ah-ha" moments at every turn and on every day of the SEC301: Introduction to Cyber Security course."

- Keith Palmgren

"Mr. Palmgren is incredibly knowledgeable and had very interesting stories and personal experiences to share. He was great at making even the dryer topics interesting." - Brendan Hurley, Dell

Reviews

The SEC301 content was excellent. A wide gambit of information was provided that will prove applicable at work & also in life in general. The labs provided excellent instructions & were great at reinforcing the material.
Jimmy T
US Military
SEC301 is the only course of its kind. Every IT professional knows that your knowledge from networking to security is contiguous, and this is the only course I've seen that actually teaches both equally.
Kyle Hines
JCOG
As usual, SANS courses give incredible insight into the reality of the threats that are present in the cyber world. With SEC301, I have a better understanding of each threat, and the means to mitigate those threats.
David K
US Federal Agency
I never knew anything about cryptography and its complexities. This course is opening my eyes to how important it is!
Pat Patterson
Salt River Project
It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts.
Shruti Iyer
DCS Corporation

    Register for SEC301

    Loading...