Sharpen your Skills at SANS San Francisco Winter 2017. Save $200 thru 10/25.

Paris November 2017

Paris, France | Mon, Nov 13 - Sat, Nov 18, 2017
Event starts in 21 Days
 

SEC401: Security Essentials Bootcamp Style (In French)

Very well rounded. Great that he(the instructor)was able to bring real world examples to class. Made the class flow smoothly.

Robin Mahon, Kapstone Paper

Great course for people starting into security essentials.

Alex Largie, Navajo Nation

(Cette formation sera dispensée en français et les supports de cours seront en anglais)

Découvrez les mesures les plus efficaces pour prévenir et détecter les cyber-attaques avec la mise en œuvre de contrôles de sécurité applicables immédiatement à votre retour au bureau. Apprenez de nouvelles techniques et méthodes de protection utilisées par de nombreux experts en sécurité afin de protéger votre environnement contre les menaces les plus récentes.

Est-ce que la formation SEC 401 : Security Essentials Bootcamp Style est adaptée à vos besoins ?

Prenez quelques instants et posez-vous les questions suivantes :

  1. Connaissez-vous la raison qui fait que certaines entreprises sont victimes d'une cyber-attaque alors que d’autres semblent être épargnées ?
  2. Si plusieurs systèmes informatiques de votre environnement étaient compromis, seriez-vous capable de les identifier dans un délai de temps raisonnable ?
  3. Connaissez-vous l’efficacité et les limites de chaque équipement de sécurité installé dans votre système d'information et êtes-vous sûrs que ces équipements ont été correctement configurés ?
  4. Avez-vous défini et mis en place des métriques de sécurité adaptées et compréhensibles par votre management, afin de faciliter la gouvernance adéquate de la sécurité au sein de votre entreprise ?

Si certaines questions vous paraissent être sans réponse, alors la formation SEC401 vous permettra de développer vos connaissances, vos compétences et d'identifier les meilleures pratiques de l'industrie au travers d'une formation intensive, conçue sous forme de « bootcamp » et renforcée par des exercices pratiques.

More

Vous serez amené à :

  • Développer des métriques de sécurité efficaces afin de définir des actions de sécurité pragmatiques pouvant (i) être mises en œuvre par les équipes informatiques, (ii) validées par les équipes d'audit et (iii) comprises par le management.
  • Analyser et évaluer les risques de sécurité pesant sur votre système d'information afin de faciliter la création d’un schéma directeur de sécurité se concentrant sur les zones les plus à risque de votre environnement,
  • Tirer parti des meilleures pratiques de l'industrie qui vous aideront à vous concentrer sur les problèmes de sécurité prioritaires pour votre entreprise et à mettre en place les solutions les plus appropriées et efficaces.
  • Comprendre pourquoi certaines entreprises survivent à une cyber-attaque alors que d'autres sont fortement impactées, et surtout comment ne pas vous retrouvez du côté des victimes.
  • Appréhender les fondamentaux de la sécurité des systèmes d'information pour créer une stratégie de sécurité ancrée sur les principes de PRÉVENTION-DÉTECTION-RÉPONSE.

Élaborer un plan d'actions de sécurité afin de corriger les faiblesses de sécurité actuelles et futures.

SEC401 : La formation Security Essentials Bootcamp Style a été spécialement conçue afin de vous donner les connaissances et les compétences essentielles pour la sécurisation de vos actifs informationnels les plus critiques. Notre formation vous apprendra à prévenir les problèmes de sécurité avant que ceux-ci ne fassent les gros titres de la presse.

« La prévention est idéale, mais la détection est un must. »

Avec le développement continu de la persistence et de la sophistication des menaces, il est impossible pour une entreprise de ne pas être la cible d'attaques. La capacité d'un attaquant à s'infiltrer avec succès dans le réseau d'une entreprise dépend de l'efficacité de la défense mise en place par l'entreprise. Se défendre contre les attaques est un défi de taille permanent, avec notamment l'apparition de nouvelles menaces évoluant sans cesse. Les entreprises doivent connaitre ce qui est vraiment efficace en matière de cybersécurité. Le meilleur moyen de se protéger est d'adopter une approche éprouvée, fondée sur la gestion des risques. Avant même qu'une entreprise ne dépense un seul euro de son budget informatique, ou alloue des ressources sur des actions de cybersécurité, trois questions doivent être traitées :

  1. Quel est le risque ?
  2. Est-ce que ce risque est celui qui est le plus important pour mon environnement ?
  3. Quel est le moyen le plus efficace et le moins coûteux pour réduire ce risque ?

Sécuriser son système d'information doit consister à concentrer ses efforts sur les zones à risques propres à son environnement. Avec la formation SEC401, vous apprendrez le langage et la théorie sous-jacente de la sécurité informatique. Vous obtiendrez les connaissances essentielles et pragmatiques dont vous aurez besoin si vous avez la responsabilité de sécuriser les systèmes et/ou les réseaux d’une entreprise. Cette formation répond aux deux promesses clés du SANS Institute envers les personnes assistant au cursus SANS: (1) vous allez acquérir des compétences de pointe que vous pourrez mettre en pratique dès votre retour au travail; et (2) vous serez encadrés par les meilleurs formateurs de l'industrie en matière de sécurité.

Hide

Assessment Available

Évaluez vos connaissances

Testez vos connaissances en sécurité avec notre test gratuit, disponible sur SANS Security Essentials Assessment Test

Notice:

This course prepares you for the GSEC certification that meets the requirement of the DoD 8570 IAT Level 2.

Notice:

Please plan to arrive early on Day 1 (8:30AM-Local Time) for lab preparation and set-up. The additional time is needed as the labs require the installation of both a Linux and Windows Virtual Machine (VM) and extensive copying of files in order to run and complete the labs successfully. The Instructor will be available to assist students with lab prep and set-up from 8:30AM-9:00AM. Class lecture will start at 9AM. (Excludes vLive and Mentor)

Course Content Overlap Notice:

Please note that some course material for SEC401 and MGT512 may overlap. We recommend SEC401 for those interested in a more technical course of study, and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

Course Syllabus


Sebastien Besson
Mon Nov 13th, 2017
9:00 AM - 7:00 PM

Overview

A key way that attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible, but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, an understanding of how networks and the related protocols like TCP/IP work is critical to being able to analyze network traffic and determine what is hostile. It is just as important to know how to protect against these attacks using devices such as routers and firewalls. These essentials, and more, will be covered during this course day in order to provide a firm foundation for the consecutive days of training.

CPE/CMU Credits: 8

Topics

Setting Up a Lab with Virtual Machines

  • Use
  • Implementation
  • Security

Network Fundamentals

  • Network types (LANs, WANs)
  • Network topologies
  • LAN protocols
  • WAN protocols
  • Network devices

IP Concepts

  • Packets and addresses
  • IP service ports
  • IP protocols
  • TCP
  • UDP
  • ICMP
  • DNS

IP Behavior

  • TCP dump
  • Recognizing and understanding
  • UDP
  • ICMP
  • UDP behavior

Virtual Machines

  • Use
  • Implementation
  • Security

Sebastien Besson
Tue Nov 14th, 2017
9:00 AM - 7:00 PM

Overview

To secure an enterprise network, you must have an understanding of the general principles of network security. In this course, you will learn about six key areas of network security. The day starts with information assurance foundations. Students look at both current and historical computer security threats, and how they have impacted confidentiality, integrity, and availability. The first half of the day also covers creating sound security policies and password management, including tools for password strength on both Unix and Windows platforms. The second half of the day is spent on understanding the information warfare threat and the six steps of incident handling. The day draws to a close by looking at attack strategies and how the offense operates.

CPE/CMU Credits: 8

Topics

Information Assurance Foundations

  • Defense in-depth
  • Confidentiality, integrity, and availability
  • Risk model
  • Authentication vs. authorization
  • Vulnerabilities
  • Defense in-depth

Computer Security Policies

  • Elements when well written
  • How policies serve as insurance
  • Roles and responsibilities

Contingency and Continuity Planning

  • Business continuity planning (BCP)
  • Disaster recovery planning (DRP)
  • Business impact analysis

Access Control

  • Data classification
  • Authentication, authorization, accountability (AAA)
  • MAC and DAC

Password Management

  • Password cracking for Windows and Unix
  • Alternate forms of authentication (tokens, biometrics)
  • Single sign-on and RADIUS

Incident Response (IR)

  • Preparation, identification, and containment
  • Eradication, recovery, and lessons learned
  • Investigation techniques and computer crime
  • Legal issues associated with IR

Offensive and Defensive Information Warfare (IW)

  • Types of IW
  • APT
  • Asymmetric warfare
  • Offensive goals

Attack Strategies and Methods

  • How the adversary breaks into systems
  • Mitnick attack
  • Attack methods

Sebastien Besson
Wed Nov 15th, 2017
9:00 AM - 7:00 PM

Overview

Military agencies, banks, and retailers offering electronic commerce programs, as well as dozens of other types of organizations, are striving to understand the threats they are facing and what they can do to address those threats. On day 3, you will be provided with a roadmap to help you understand the paths available to organizations that are considering deploying or planning to deploy various security devices and tools such as intrusion detection systems and firewalls. When it comes to securing your enterprise, there is no single technology that is going to solve all your security issues. However, by implementing an in-depth defense strategy that includes multiple risk-reducing measures, you can go a long way toward securing your enterprise.

CPE/CMU Credits: 8

Topics

Vulnerability Scanning and Remediation

  • Approaches and methods of remediation
  • Building a network visibility map
  • Host identification
  • Port scanning
  • Vulnerability scanning
  • Penetration testing

Web Security

  • Web communication
  • Web security protocols
  • Active content
  • Cracking web applications
  • Web application defenses

Firewalls and Perimeters

  • Types of firewalls
  • Pros and cons of firewalls
  • Firewall placement
  • Packet filtering, stateful, and proxies

Honeypots

  • Forensics
  • Honeypots
  • Honeynets
  • Honey tokens

Host-based Protection

  • Intrusion detection
  • Intrusion prevention
  • Tripwire
  • Pros and cons

Network-based Intrusion Detection and Prevention

  • Pros and cons
  • Deployment strategies
  • Snort
  • Development and advances

Sebastien Besson
Thu Nov 16th, 2017
9:00 AM - 7:00 PM

Overview

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies deploy it correctly. This technology is cryptography. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at various aspects of encryption and how it can be used to secure a company's assets. A related area called steganography, or information hiding, is also covered. The day finishes by looking at using the Critical Security Controls for metrics based dashboards and performing risk assessment across an organization.

CPE/CMU Credits: 8

Topics

Cryptography

  • Need for cryptography
  • Types of encryption
  • Symmetric
  • Asymmetric
  • Hash
  • Ciphers
  • Digital substitution
  • Algorithms
  • Real-world cryptosystems
  • Crypto attacks
  • VPNs
  • Types of remote access
  • PKI
  • Digital certificates
  • Key escrow

Steganography

  • Types
  • Applications
  • Detection

Critical Security Controls

  • Overview of the controls
  • Implementing the controls
  • Auditing the Controls
  • Specific controls and metrics

Risk Assessment and Auditing

  • Risk assessment methodology
  • Risk approaches
  • Calculating risk
  • SLE
  • ALE

Sebastien Besson
Fri Nov 17th, 2017
9:00 AM - 7:00 PM

Overview

Windows is the most widely-used and hacked operating system on the planet. At the same time, the complexities of Active Directory, PKI, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. This section will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. You will complete the day with a solid grounding in Windows security, by looking at automation, auditing and forensics.

CPE/CMU Credits: 8

Topics

Security Infrastructure

  • Windows family of operating systems
  • Workgroups and local accounts
  • What is Active Directory?
  • Domain users and groups
  • Kerberos, NTLMv2, smart cards
  • Forests and trusts
  • What is group policy?

Service Packs, Patches, and Backups

  • Service packs
  • E-mail security bulletins
  • Patch installation
  • Automatic updates
  • Windows server update services
  • Windows backup
  • System restore
  • Device driver rollback

Permissions and User Rights

  • NTFS permissions
  • File and print sharing service
  • Shared folders
  • BitLocker drive encryption

Security Policies and Templates

  • Group policy objects
  • Password policy
  • Lockout policy
  • Anonymous access
  • Software restriction policies

Securing Network Services

  • Firewalls and packet filtering
  • IPSec and VPNs
  • Wireless networking
  • Security configuration wizard
  • Remote desktop protocol (RDP)

Auditing and Automation

  • Microsoft baseline security analyzer
  • SECEDIT.EXE
  • Windows event logs
  • NTFS and registry auditing
  • IIS logging
  • Creating system baselines
  • Scripting tools
  • Scheduling jobs

Sebastien Besson
Sat Nov 18th, 2017
9:00 AM - 5:00 PM

Overview

While organizations do not have as many Unix/Linux systems, those that they do have are often some of the most critical systems that need to be protected. Day 6 provides step-by-step guidance to improve the security of any Linux system. The course combines practical "how to" instructions with background information for Linux beginners, as well as security advice and best practices for administrators of all levels of expertise.

CPE/CMU Credits: 6

Topics

Linux Landscape

  • Different variants of and uses for Linux
  • Ways processes are started
  • Network interface information
  • Process information
  • Directory hierarchy
  • Partitions and OS installation

Permissions and User Accounts

  • Setting permissions
  • SUID and SGID
  • Controlling access
  • Root vs. user accounts
  • Setting password controls
  • Pluggable authentication module (PAM)

Linux OS Security

  • Dangerous services
  • Helpful services
  • Running and stopping programs
  • Configuration changes and restarting services
  • File system permissions, ownership, and systems
  • Mounting drives

Maintenance, Monitoring, and Auditing Linux

  • Common causes of compromise
  • Patching
  • Backing up data
  • Syslog
  • Analyzing log files
  • Other logging

Linux Security Tools

  • File integrity verifications
  • Chkrootkit
  • CIS hardening guides
  • Bastille linux
  • Sniffers
  • Snort

Additional Information

To give you an idea of the effectiveness of the course, here is what a few former students have said about it:

"SEC401 provides an excellent overview of security fundamentals delivered by experienced industry professionals." - Jathan Watso, Department of Finance

"Excellent material for security professionals wanting a deeper level of knowledge on how to implement security policies, procedures, and defensive mechanisms in an org." - Brandon Smit, Dynetics

"SEC401 took what I thought I knew and truly explained everything to me. Now, I also UNDERSTAND the security essentials fundamentals and how/why we apply them. Loved the training, cannot wait to come back for more." - Nicholas Blanton, ManTech International

Security 401: Security Essentials Bootcamp Style consists of course instructions and hands-on sessions. To reinforce the skills covered in class and gain experience with the tools needed to implement effective security, there are hands-on labs every day. These lab sessions are designed to enable students to use the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and utilize the tools and techniques that they have learned. In class you will receive a USB drive with 2 virtual machines, but it is critical that you have a properly configured system prior to class.

IMPORTANT: You can use any 64-bit version of Windows, Mac OSX, or Linux as your core operating system that also can install and run VMware virtualization products. You also must have a minimum of 8 GB of RAM or higher for the VM's to function properly in the class. A VMware product must also be installed prior to coming to class. Verify that under BIOS, Virtual Support is ENABLED.

Mandatory System Requirements

  • System running Windows 64-bit version
  • At least 8 GB RAM
  • 50 GB of available disk space (more space is recommended)
  • Administrator access to the operating system and all security software installed.
  • Anti-virus software will need to be disabled in order to install some of the tools.
  • An available USB port.
  • Machines should NOT contain any personal or company data.
  • Verify that under BIOS, Virtual Support is ENABLED.

Mandatory Downloads prior to coming to class:

It is critical that your CPU and operating system support 64-bit so that our 64-bit guest virtual machine will run on your laptop. VMware provides a free tool for Windows and Linux that will detect whether or not your host supports 64-bit guest virtual machines. For further troubleshooting, this article also provides good instructions for Windows users to determine more about the CPU and OS capabilities. For Macs, please use this support page from Apple to determine 64-bit capability.

Please download and install VMware Workstation 11, VMware Fusion 7, or VMware Workstation Player 7 or higher versions on your system prior to class beginning. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website.

SEC401 Checklist

I have confirmed that:

  • The system is running a 64-bit operating system
  • I have administrator access to the operating system
  • Anti-virus is disabled
  • The system includes a working USB port
  • I downloaded and installed the VMWare Workstation Player

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Anyone who works in security, is interested in security, or has to understand security should take this course, including:

  • Security professionals who want to fill the gaps in their understanding of technical information security
  • Managers who want to understand information security beyond simple terminology and concepts
  • Operations personnel who do not have security as their primary job function but need an understanding of security to be effective
  • IT engineers and supervisors who need to know how to build a defensible network against attacks
  • Administrators responsible for building and maintaining systems that are being targeted by attackers
  • Forensic analysts, penetration testers, and auditors who need a solid foundation of security principles so they can be as effective as possible at their jobs
  • Anyone new to information security with some background in information systems and networking.

SEC401 Security Essentials Bootcamp Style covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field with no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite, it will provide the introductory knowledge that will help maximize the experience with SEC401.

Other Courses People Have Taken

For those who are more advanced, SEC501: Enterprise Defender might be the more appropriate course to take.

  • Course books with labs
  • USB (containing Windows 10 license)
  • TCP/IP reference guide
  • MP3 audio files of the complete course lecture
  • Apply what you learned directly to your job when you go back to work
  • Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise
  • Run Windows command line tools to analyze the system looking for high-risk items
  • Run Linux command line tools (ps, ls, netstat, etc.) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
  • Install VMWare and create virtual machines to create a virtual lab to test and evaluate tools/security of systems
  • Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness
  • Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, cover ways to configure the system to be more secure
  • Build a network visibility map that can be used for hardening of a network - validating the attack surface and covering ways to reduce that surface by hardening and patching
  • Sniff open protocols like telnet and ftp and determine the content, passwords, and vulnerabilities using WireShark.

SEC401 is an interactive hands-on training course. The following are some of the lab activities that students will carry out:

  • Setup of virtual lab environment
  • Windows/Linux tutorial
  • TCP dump analysis
  • WireShark decoding of VoIP traffic
  • Password cracking
  • Host-based discovery with Dumpsec
  • Hashing to preserve digital evidence
  • Analyzing networks with hping and nmap
  • Event correlation with Splunk
  • Use of steganography tools
  • Securing a Windows system with MBSA and SCA

Author Statement

"One of the things I love to hear from students after teaching Security 401 is 'I have worked in security for many years and after taking this course I realized how much I did not know.' With the latest version of Security Essentials and the Bootcamp, we have really captured the critical aspects of security and enhanced those topics with examples to drive home the key points. After you have attended Security 401, I am confident you will walk away with solutions to problems you have had for a while, plus solutions to problems you did not even know you had."

- Eric Cole