SANS 2017

Orlando, FL | Fri, Apr 7 - Fri, Apr 14, 2017
This event is over,
but there are more training opportunities.

SEC301: Intro to Information Security

This class is great for IT professionals looking for their first step towards security awareness. I have been in IT for 17 years and I learned a lot on this first day of class.

Paul Beninati, EMC

Good basic information for someone just coming into the field.

Bryce Richert, SUH

To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

  • Do you have basic computer knowledge, but are new to information security and in need of an introduction to the fundamentals?
  • Are you bombarded with complex technical security terms that you don't understand?
  • Are you a non-IT security manager (with some technical knowledge) who lays awake at night worrying that your company will be the next mega-breach headline story on the 6 o'clock news?
  • Do you need to be conversant in basic security concepts, principles, and terms, even if you don't need "deep in the weeds" detail?
  • Have you decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification?

If you answer yes to any of these questions, the SEC301: Introduction to Information Security training course is for you. Jump-start your security knowledge by receiving insight and instruction from real-world security experts on critical introductory topics that are fundamental to information security. This completely revised five-day comprehensive course covers everything from core terminology to the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles.

This course is designed for students who have a basic knowledge of computers and technology but no prior knowledge of cyber security. The hands-on, step-by-step teaching approach will enable you to grasp all the information presented even if some of the topics are new to you. You'll learn the fundamentals of information security that will serve as the foundation of your InfoSec skills and knowledge for years to come.

Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next course up the line, SEC401: Security Essentials Bootcamp. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.

Notes:

  • Note 1: You will receive approximately 15 pounds of books as part of your attendance in the class. If you travel to training from out of town, expect your luggage to be heavier on your return trip. Shipping facilities (FedEx, UPS, etc.) may not be available.
  • Note 2: When making plans to fly home, do not expect the course to end early on the final day. It is not uncommon for Day 5 of the SEC301 course to end close to 5pm.

Course Syllabus


Keith Palmgren
Sun Apr 9th, 2017
9:00 AM - 5:00 PM

Overview

Every good security practitioner and every good security program begins with the same mantra: learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you will fully understand the Principle of Least Privilege and the Confidentiality, Integrity, and Availability (CIA) Triad, and you'll see why those principles drive all security discussions. You will be conversant in the fundamentals of risk management, security policy, authentication/authorization/accountability.

Exercises
  • Lab - Introducing the www.sec301.com Website and Lab Environment: Introduce the lab environment used in the SEC301 course including www.sec301.com (access to the site also provides access to lab videos that walk you through all the labs as well as additional quizzes).
  • Lab - Building Better Passwords: We'll use a tool that shows how long it takes to compromise various passwords via a brute force attack.

CPE/CMU Credits: 6


Keith Palmgren
Mon Apr 10th, 2017
9:00 AM - 5:00 PM

Overview

This course day begins with an explanation of how computers handle numbers using decimal, binary, and hexadecimal numbering systems. It also provides an understanding of how computers encode letters using ASCII (American Standard Code for Information Interchange).

We then spend the remainder of the day on networking. All attacks or exploits have one thing in common: they take something that exists for perfectly valid reasons and misuse it in malicious ways. Always! So as security practitioners, to grasp what is invalid we must first understand what is valid - that is, how things like networks are supposed to work. Only once we have that understanding can we hope to understand the mechanics of malicious misuse of those networks - and only with that knowledge can we understand how security devices such as firewalls seek to thwart those attacks. Day two begins with a non-technical explanation of how data move across a network. From there we move to fundamental terminology dealing with network types and standards. You'll learn about common network hardware such as switches and routers, and you'll finally grasp what is meant by terms like "protocol" and "encapsulation". We'll give a very basic introduction to network addressing and port numbers and then work our way up the Open Systems Interconnection (OSI) protocol stack, introducing more detail only as we proceed to the next layer. In other words, we explain networking starting in non-technical terms and gradually progress to more technical detail as students are ready to take the next step. By the end of our discussions, you'll have a fundamental grasp of any number of critical technical networking acronyms that you've often heard and never quite understood: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS.

Exercises
  • Lab - Computer Number Conversions: Apply the knowledge you have learned to convert decimal numbers to binary, binary numbers to hexadecimal, etc. Also turn a string of binary numbers into readable ASCII text.
  • Lab - Networking: Use several network tools that are built into the Windows Operating System or the Mac Operating System to determine your network settings, and discover if Network Address Translation (NAT) is being used inside the classroom.

CPE/CMU Credits: 6


Keith Palmgren
Tue Apr 11th, 2017
9:00 AM - 5:00 PM

Overview

One of the most complex issues faced by security practitioners. It is not a topic you can explain in passing, so we will spend some time on it. Not to worry, we won't take you through the math behind cryptography, but we'll look at basic crypto terminology and processes. What is steganography? What is substitution and transposition? What is a "work factor" in cryptography and why does it matter? What do we mean by symmetric and asymmetric key cryptography and "cryptographic hash", and why do you need to know? How are those concepts used together in the real world to create cryptographic systems?

Exercises
  • Lab - Crypto by Hand: Apply the knowledge and skills you've learned to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).
  • Lab - Visual Crypto: Observe the encryption process that occurs by turning plaintext (what you can read) into ciphertext (what you cannot read) in real time. Increase your understanding of what "randomness in ciphertext" truly means and why it matters. See the ciphertext turned back into plaintext.

CPE/CMU Credits: 6


Keith Palmgren
Wed Apr 12th, 2017
9:00 AM - 5:00 PM

Overview

Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security (WiFi and Bluetooth), and mobile device security (i.e., cell phones). We follow that with a brief look at some common attacks. We then move into a discussion of malware and anti-malware technologies. From there, we move into a discussion of network security technologies and methods including compartmentalization, firewalls, intrusion detection and prevention systems, sniffers, content filters, and so on. We end the day with an examination of several data protection protocols used for email encryption, secure remote access, secure web access, secure file transfer, and Virtual Private Network technologies.

Exercises
  • Lab - Phishing IQ Quiz: Use an online site to look at several potential spam messages and determine which are legitimate and which are not. Students will see the results of their quiz with an explanation of why each message is either legit or spam.

CPE/CMU Credits: 6


Keith Palmgren
Thu Apr 13th, 2017
9:00 AM - 5:00 PM

Overview

The final day of our SEC301 journey continues the discussion of Cyber Security Technologies. The day begins by looking at the system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup. We move to application security to learn about browser security and web security, as well as email and instant messaging concerns. We discuss competitive intelligence gathering methods and how you can defend against them. We close the course with an explanation of awareness training and social engineering so that students understand what it is and why it's so difficult to defend against.

Exercises
  • Lab - Validating Browser Security: Use a tool that scans your browser and browser plugins to determine if they are up to date and secure. If they are not, the tool will also help you to fix those problems.
  • Global Information Security Fundamentals (GISF) Practice Exam: We end the course with an (optional) truncated GISF practice exam. The instructor will lead the class through a series of questions taken from the GISF practice exam question bank. This exercise will validate for the student exactly how much they have learned through the week, get them familiar with the types of questions on the GISF exam, and give the instructor an opportunity to offer tips on test taking technique.

CPE/CMU Credits: 6

Additional Information

Here's what recent attendees had to say about this course:

"This class is great for IT professionals looking for their first step towards security awareness. I have been in IT for 17 years and I learned a lot on this first day of class." - Paul Beninati, EMC

"Good basic information for someone just coming into the field." - Bryce Richert, SUH

"It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts." - Shruti Iyer, DCS Corporation

SEC301 includes both lecture and hands-on labs. In order to perform the hands-on labs, you will need the following:

  • A laptop running any version of Microsoft Windows or a Mac (Macintosh) operating system.
    • A tablet such as an iPad or Android can perform most of the labs, but not all of them.
  • A Web Browser (Internet Explorer, Google Chrome, Firefox, Opera, or Safari). Any modern browser will work.
  • The ability to connect to a wireless (WiFi) network.

NOTE: Administrative (or "Admin") permission is NOT required to perform any of the labs you will do in class.

Video

Each lab also has a video in which the author of the course goes through the steps to complete the lab, explains why you are doing those steps, and outlines any output you may get on your screen and what that output means to you. You will receive access to those videos once you arrive at the class. Time to view the videos will not be provided during class, but if you think you might view some of them in the classroom, please bring earbuds or headphones so you do not distract other students.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

The SEC301 Introduction to Information Security course is designed to address the needs of:

  • People who are new to information security and in need of an introduction to the fundamentals of security
  • Those who feel bombarded with complex technical security terms they don't understand, but want to understand
  • Non-IT security managers who deal with technical issues and understand them and who worry their company will be the next mega-breach headline story on the 6 o'clock news
  • Professionals with basic computer and technical knowledge in all disciplines who need to be conversant in basic security concepts, principles, and terms, but who don't need "deep in the weeds" detail
  • Those who have decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification

  • SEC301 assumes basic knowledge of computers and technology.
  • SEC301 makes no assumptions regarding prior security knowledge.
  • We assume that student understand the basic functions of a computer and how to use one.
    • We assume students are already familiar with terms such as "Random Access Memory (RAM)" and "Hard Drive" and how these are different from each other.
    • We assume students already know how to open and operate a web browser, copy a file from one location to another, and perform other basic computer user functions.
Why Choose Our Course?

The SEC301 course lives up to its name: Introduction to Information Security. The course is designed for those who have limited background in Information Technology, but who need to understand security concepts, principles, and terms. If you fall into that category, SEC301 will serve your needs well.

Which Course Is Right For You?

This is the track SANS offers for the professional just starting out in security. If you have experience in the field, please consider our more advanced offerings such as Security Essentials, SEC401.

In this course, you will receive the following:

  • MP3 audio files of the complete course lecture
  • Communicate with confidence regarding information security topics, terms, and concepts
  • Understand and apply the Principles of Least Privilege
  • Understand and apply the Confidentiality, Integrity, and Availability (CIA) Triad
  • Build better passwords that are more secure while also being easier to remember and type
  • Grasp basic cryptographic principles, processes, procedures, and applications
  • Understand computer network basics
  • Have a fundamental grasp of any number of critical technical networking acronyms: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS
  • Utilize built-in Windows tools to see your network settings
  • Recognize and be able to discuss various security technologies, including anti-malware, firewalls, and intrusion detection systems.
  • Determine your "Phishing IQ" to more easily identify SPAM email messages
  • Understand physical security issues and how they support cybersecurity
  • Have an introductory level of knowledge regarding incident response, business continuity, and disaster recover planning
  • Access a number of websites to better understand password security, encryption, phishing, browser security, etc.

Courses that are good follow-ups

Author Statement

If you want to be good at something, whether it be sports, music, science, math, or information security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals the better you will be at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The Introduction to Information Security course is all about building those fundamentals and creating that foundation.

One of the things I enjoy most is seeing a student have that "ah-ha" moment. The moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the "light-bulb" of understanding appear over their head. There are "ah-ha" moments at every turn and on every day of the SEC301: Introduction to Information Security course.

- Keith Palmgren