SEC401: Security Essentials Bootcamp Style and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling will be taught in Japanese using Japanese language course materials. All other courses will use English language course materials and be taught in English with simultaneous translation in Japanese.
Great course for people starting into security essentials.
Excellent tips and links provided today - for more than I was anticipating and many that I plan to use.
This course will show you the most effective steps to prevent attacks and detect adversaries with actionable techniques that can be used as soon as you get back to work. You'll learn tips and tricks designed to help you win the battle against the wide range of cyber adversaries that want to harm your environment.
Is SEC401: Security Essentials Bootcamp Style the right course for you?
STOP and ask yourself the following questions:
SEC401 provides you with the information security knowledge needed to help you answer these questions for your environment, delivered in a bootcamp-style format reinforced with hands-on labs.
You will learn:
LEARN TO BUILD A SECURITY ROADMAP THAT CAN SCALE TODAY AND INTO THE FUTURE
SEC401: Security Essentials Bootcamp Style is focused on providing you the essential information security skills and techniques you need to protect and secure your organization's critical information assets and business systems. The course will show you how to prevent your organization's security problems from becoming headline news in the Wall Street Journal!
PREVENTION IS IDEAL BUT DETECTION IS A MUST
With the rise in advanced persistent threats, it is almost inevitable that organizations will be targeted. Whether the attacker is successful in penetrating an organization's network depends on the effectiveness of the organization's defense. Defending against attacks is an ongoing challenge, with new threats emerging all of the time, including the next generation of threats. Organizations need to understand what really works in cybersecurity. What has worked, and will always work, is taking a risk-based approach to cyber defense. Before your organization spends a dollar of its IT budget or allocates any resources or time to anything in the name of cybersecurity, three questions must be answered:
Security is all about making sure you focus on the right areas of defense. In SEC401 you will learn the language and underlying theory of computer and information security. You will gain the essential and effective security knowledge you will need if you are given the responsibility to secure systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills that you can put into practice immediately upon returning to work; and (2) You will be taught by the best security professionals in the industry.
Assessment Available
Test your security knowledge with our free SANS Security Essentials Assessment Test.
Notice:
This course prepares you for the GSEC certification that meets the requirement of the DoD 8570 IAT Level 2.
Notice: Note: (Live Classroom Students Only):
Please plan to arrive 30 minutes early on Day 1 for lab preparation and set-up.
Course Content Overlap Notice:
Please note that some course material for SEC401 and MGT512 may overlap. SANS recommends SEC401 for those interested in a more technical course of study, and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.
A key way that attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible, but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, it is critical to be able to create and identify the goals of building a defensible network architecture. It is just as important to understand the architecture of the system, types of designs, communication flows, and how to protect against attacks using devices such as routers and firewalls. These essentials and more will be covered during the first section of this course in order to provide a firm foundation for the remaining sections of this training.
In any organization large or small, all data are not created equal. Some data are routine and incidental while other data can be very sensitive, and loss of those data can cause irreparable harm to an organization.
It is essential to understand attacks, the vulnerability behind those attacks, and how to prioritize the information and steps to secure the systems. To achieve this, you need to gain familiarity with the protocols and techniques used to monitor, stop, and even perform attacks against systems.
By the end of this section, you will understand Defensible Network Architecture, Networking and Protocols, Network Device Security, Virtualization and Cloud Security, and Wireless Network Security.
CPE/CMU Credits: 8
SEC401.1: Outline: Network Security Essentials
Module 1: Defensible Network Architecture
In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture.
Module 2: Networking and Protocols
A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.
Module 3: Network Device Security
In order to implement proper security, you have to understand the various components on a network. In this module, we will look at how the various components work and methods to properly secure them.
Module 4: Virtualization and Cloud Security
In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Because cloud is architected on virtualization, the module concludes with a focus on cloud services and security.
Module 5: Securing Wireless Networks
In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk.
To secure an enterprise network, you must understand the general principles of network security. On day 2, we look at the "big picture" threats to our systems and how to defend against them. We will learn that protections need to be layered leveraging a principle called defense-in-depth, and then explain the principles that will serve us well in protecting our systems.
The section starts with information assurance foundations. We look at security threats and how they have impacted confidentiality, integrity, and availability. We then move onto the creation of sound security policies and password management. We discuss how to use the Center for Internet Security controls to help prioritize our risk reduction activities and gather metrics as we construct our security roadmap. The section continues by looking at attack strategies and how the offense operates. Because so many of our applications and so much of our data can be accessed with no more than an Internet connection, a (mobile) device, and a web browser, we end the section by focusing on securing web communications.
CPE/CMU Credits: 8
SEC401.2: Outline: Defense-in-Depth and Attacks
Module 6: Defense-in-Depth
In this module, we look at threats to our systems and take a "big picture" look at how to defend against them. We will learn that protections need to be layered, a principle called defense-in-depth, and explain some principles that will serve you well in protecting your systems.
Module 7: Access Control and Password Management
This module discusses the principles of access control. Access control models vary in their approaches to security, and we explore their underlying principles, strengths, and weaknesses. The module includes a brief discussion on authentication and authorization protocols and control. We also spend considerable time discussing the most common type of access control: the password. We delve into password files, storage, and protection.
Module 8: Security Policy
In this module, we will learn how to assess a policy by establishing a baseline framework to work within, and by establishing a mission statement that defines our policies. We'll examine how to assess and repair critical policies one at a time.
Module 9: Center for Internet Security (CIS) Controls
In implementing security, it is important to have a framework with proper metrics. As is often said, you cannot manage what you cannot measure. The CIS controls were created to help organizations prioritize the most critical risks they face. In addition to a framework, the CIS controls also provide details to help organizations put together an effective plan for implementation of the controls they need.
Module 10: Malicious Code and Exploit Mitigation
During this module we will take a look at the Marriott breach (a breach that compromised millions of people globally), as well as ransomware attacks that continue to cripple hundreds of thousands of systems across different industries. We'll describe these attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks.
Module 11: Securing Web Communications
In this module, we look at some of the most important things to know to design and deploy secure web applications. We start with an explanation of the basics of web communications. We cover HTTP, HTML, forms, server, and client-side programming, cookies, authentication, and maintaining state. We then look at how to identify and fix vulnerabilities in web applications.
In Section 3, the focus is on the various types of prevention technologies that can be used to stop an adversary from gaining access to our organization (e.g., firewalls, intrusion prevention systems), the various types of detection technologies that can detect the presence of an adversary on our networks (e.g., intrusion detection systems, log management, security incident and event monitoring), and the accumulation of all available network information to assist us in the creation of a solid foundation for network security (e.g., network mapping, vulnerability scanning, penetration testing). Additionally, we will discuss the use of active defense techniques intended to increase both the resources required by the adversary to compromise our network, and the amount of time available to us to detect the adversarial presence before significant damage can occur.
CPE/CMU Credits: 8
SEC401.3: Outline: Threat Management
Module 12: Vulnerability Scanning and Penetration Testing
This module covers the tools, technology, and techniques used for reconnaissance (including gathering information, mapping networks, scanning for vulnerabilities, and applying mapping and scanning technology).
Module 13: Network Security Devices
This module will look at the three main categories of network security devices: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). Together, they provide a complement of prevention and detection capabilities.
NIPS
Module 14: Endpoint Security
In this module, we will examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS).
Module 15: Security Information and Event Monitoring (SIEM)/Log Management
In this module, we cover the essential components of logging and how to properly manage it within our organization.
Module 16: Active Defense
In this module, we will explain what active defense is and how it can be best leveraged. We will examine new methods of approaching security to help make our defensive solutions more tactical.
There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, although few companies deploy it correctly. This technology is cryptography. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. During the first half of Section 4 we'll look at various aspects of encryption and how it can be used to secure a compan''s assets. A related area called steganography, or information hiding, is also covered. During the second half of the section, we shift our focus to how we respond to events that can have an adverse effect on our organization. Incident handling is the action or plan for dealing with intrusions, cyber-theft, denial-of-service attacks, malicious code, and other events. Additionally, unexpected events occur on a regular basis, whether the result of adversarial activity or not. The difference between organizations that survive and those that do not is typically based on whether an accurate (and tested) contingency plan has been developed. Planning needs to be done before there is a problem so that the proper focus can be given to the execution of that plan. Business continuity planning (including disaster recovery planning) addresses this need. We end the section discussing how to quantify risk and present justification for our proposed solutions.
CPE/CMU Credits: 8
SEC401.4: Outline: Cryptography, Incident Response, and Risk Management
Module 17: Cryptography
Cryptography can be used to provide functional confidentiality, integrity, authentication, and non--epudiation for information. There are three general types of cryptography algorithms: secret key or symmetric, public key or asymmetric, and no-key or hash. These schemes are usually distinguished from one another by the number of keys employed. This module discusses these different types of algorithms and how each type is used to provide a specific security function. The module also introduces steganography, a means of hiding data in a carrier medium. Steganography can be used for a variety of reasons but is most often is used to conceal the fact that sensitive information is being sent or stored.
Module 18: Cryptography Algorithms and Deployment
In this module, we'll acquire a high-level understanding of the mathematical concepts that contribute to modern cryptography and a basic understanding of commonly used symmetric, asymmetric, and hashing cryptosystems. We'll also identify common attacks used to subvert cryptographic defenses.
Module 19: Applying Cryptography
In this module, we'll discuss solutions for achieving our primary goals for using cryptography: protection of data in transit and protection of data at rest, and the management of keys via PKI.
Data in Transit
Module 20: Incident-Handling and Contingency Planning
In this module, we explore the fundamentals of incident handling and why it is important to our organization. We outline a six-step process to help create our own incident-handling procedures. The module also covers contingency planning, including business continuity planning and disaster recovery planning.
Module 21: Risk Management
In this module we discuss the terminology and basic approaches to cybersecurity risk management. We identify each step in the Threat Assessment and Analysis process and learn how to report findings to management.
Remember when Windows was simple? Windows XP desktops in a little workgroup...what could be easier? A lot has changed over time. Now, we have Windows tablets, Azure, Active Directory, PowerShell, Office 365, Hyper-V, Virtual Desktop Infrastructure, and so on. Microsoft is battling Google, Apple, Amazon, and other cloud giants for cloud supremacy. The trick is to do cloud securely, of course.
Windows is the most widely used and targeted operating system on the planet. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. Section 5 will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. You will complete the section with a solid grounding in Windows security by looking at automation, auditing, and forensics.
CPE/CMU Credits: 8
SEC401.5: Outline: Windows Security
Module 22: Windows Security Infrastructure
This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.
Module 23: Windows as a Service
This module discusses techniques for managing updates to Windows.
Module 24: Windows Access Controls
This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker Drive Encryption is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.
Module 25: Enforcing Security Policy
This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, the command--ine version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes to make through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many security configuration changes that they can help to enforce throughout the domain.
Module 26: Network Services and Cloud Computing
It is important that we properly secure a system before we connect to a network. Applying the latest updates isn't good enough: We want a machine that has been hardened specifically in anticipation of vulnerabilities that have not yet been discovered.
Module 27: Automation, Auditing, and Forensics
Automation, auditing, and forensics go together because, if we can't automate our work, the auditing and forensics work doesn'' get done at all (or is done only sporadically), or we can't make it scale beyond the small number of machines that we can physically touch.
While organizations do not have as many Linux systems, the Linux systems that they do have are often some of the most critical systems that need to be protected. Section 6 provides guidance to improve the security of any Linux system. The course combines practical "how to" instructions with background information for Linux beginners, as well as security advice and best practices for administrators with various levels of expertise.
CPE/CMU Credits: 6
SEC401.6: Outline: Linux Security
Module 28: Linux Security: Structure, Permissions, and Access Controls
This module discusses the foundational items that are needed to understand how to configure and secure a Linux system. It also provides an overview of the operating system and mobile markets. To lay a foundation, it provides an overview of the different operating systems that are based on Linux.
Linux User Accounts
Module 29: Hardening and Securing Linux Services
This module outlines the methods, tips, and tricks for hardening and securing Linux services. The Golden Rule to always remember is: The best way to secure a service is to turn it off, and if it's not needed, uninstall it.
Module 30: Monitoring and Attack Detection
Linux systems use multiple log files, several of which are described in this module. The syslog logging daemon and alternatives are discussed. We'll also describe auditd, the access monitoring and accounting subsystem.
Module 31: Security Utilities
This module discusses some security-enhancement utilities, capabilities, and package management tools. Additionally, well look at several built-in and third-party tools that you can use to enhance and increase the overall security of a Linux system.
SEC401: Security Essentials Bootcamp Style consists of course instruction and integrated hands-on sessions. The labs reinforce the skills covered in class and enable students to use the knowledge and tools learned throughout the course in an instructor-led environment. Students will have the opportunity to install and configure a virtual lab environment, and will utilize the tools and techniques that have been presented. During the course students will receive a USB drive with two virtual machines; it is critical that you have a properly configured system prior to class.
IMPORTANT: You must use a 64-bit version of Windows or macOS, as your core operating system (OS) . You must have the ability to install and run VMware virtualization products (a VMware product must be installed prior to coming to class). You must also have a minimum of 8 GB of RAM or higher for the virtual machines to function properly in class. Verify that under BIOS, Virtualization Support is ENABLED.
Your CPU and OS MUST be 64-bit so that our 64-bit guest virtual machines will run on your laptop, and so you can access at least 8 GB of memory. This article provides instructions on how to determine if you have both a 64-bit CPU and OS.
Mandatory Laptop Requirements / Checklist
For computers running the Windows OS, download and install the latest version of VMware Workstation or VMware Player (version 15.5 or higher) prior to the start of class. For computers running the macOS, download and install VMware Fusion (version 11.5 or higher) on your system prior to the start of the class.
If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.
Anyone who works in security, is interested in security, or has to understand security should take this course, including:
Use this sample training request letter, or elements of it, to justify the time and budget required to complete SANS training to your manager. Simply copy and paste text into an email to your manager, then make any necessary adjustments to personalize the information.
SEC401: Security Essentials Bootcamp Style covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite for SEC401, it will provide the introductory knowledge to help maximize the experience with SEC401.
SEC401 is an interactive hands-on training course. The following are some of the lab activities that students will carry out:
For those who have a more experienced background, SEC501: Enterprise Defender might be the more appropriate course to take.
"SEC401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance
"Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an organization." - Brandon Smit, Dynetics
"SEC401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, cannot wait to come back for more." - Nicholas Blanton, ManTech International
"From all observations of the world around us, it would appear that we might be living in a world of never-ending compromise. It seems to be that a day no longer goes by without hearing of yet another compromise. On initial glance, an increase in compromise might be attributed to having more systems than ever before connected to more and more computer networks. On second glance, an increase in compromise might be attributed to poor security practices.
If having more systems connected to more networks results in more compromise, we are in serious trouble. Only more systems will continue to be connected to more computer networks in an ever increasingly connected world. And surely today, with more security at our avail than at any other point in the history of computing, an ever continuing increase in worldwide compromise can't be attributed to poor security practice, can it? The truth is always more complicated.
The truth is that we now live in a world of ever increasing security capability, AND ever increasing compromise. Said and asked differently, how is it possible to have ever more compromise in the presence of ever more security?
While the truth is more complicated, fortunately, the answer is simple. Offense informs the defense.
SEC401 will provide you with real-world, immediately actionable knowledge and information, to put you and your organization on the best footing possible to counter the modern adversary. Join us to learn how to fight, and how to win."
Bryan Simon, Lead Author, SEC401.
Paid by May 13 | Paid by May 27 | Paid after May 27 | Options |
---|---|---|---|
6,990 USD | 7,140 USD | 7,340 USD |