16 InfoSec Courses, 2 Weeks of Training at SANS Virginia Beach 2017. Save $400 thru June 28.

Security Awareness Summit 2015

Philadelphia, PA | Mon, Aug 17 - Tue, Aug 25, 2015
This event is over,
but there are more training opportunities.

SEC301: Intro to Information Security New

It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts.

Shruti Iyer, DCS Corporation

Good basic information for someone just coming into the field.

Bryce Richert, SUH

To determine if the SANS SEC301 course is right for you, ask yourself five simple questions:

  • Are you new to information security and in need of an introduction to the fundamentals?
  • Are you bombarded with complex technical security terms that you don't understand?
  • Are you a non-IT security manager who lays awake at night worrying that your company will be the next mega-breach headline story on the 6 o'clock news?
  • Do you need to be conversant in basic security concepts, principles, and terms, even if you don't need "deep in the weeds" detail?
  • Have you decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification?

If you answer yes to any of these questions, the SEC301: Introduction to Information Security training course is for you. Jump-start your security knowledge by receiving insight and instruction from real-world security experts on critical introductory topics that are fundamental to information security. This completely revised five-day comprehensive course covers everything from core terminology to the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles.

This course is designed for students who have no prior knowledge of security and limited knowledge of technology. The hands-on, step-by-step teaching approach will enable you to grasp all of the information presented even if some of the topics are new to you. You'll learn the fundamentals of information security that will serve as the foundation of your InfoSec skills and knowledge for years to come.

Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next course up the line, SEC401: Security Essentials Bootcamp. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.

Course Syllabus

My-Ngoc Nguyen
Thu Aug 20th, 2015
9:00 AM - 5:00 PM


Every good security practitioner and every good security program begins with the same mantra: learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you will fully understand the Principle of Least Privilege and the Confidentiality, Integrity, and Availability (CIA) Triad, and you'll see why those principles drive all security discussions. You will be conversant in the fundamentals of risk management, security policy, authentication/authorization/accountability, and security awareness training.

  • Lab 1 - Copy the Lab CD to Your Hard Drive: The instructor will be there to assist students who might need help with their laptop configuration
  • Lab 2 - Building Better Passwords: We'll use a tool that shows how long it takes to compromise various passwords via a brute force attack

CPE/CMU Credits: 6

My-Ngoc Nguyen
Fri Aug 21st, 2015
9:00 AM - 5:00 PM


Cryptography is one of the most complex issues faced by security practitioners. It is not a topic you can explain in passing, so we will spend some time on it. Not to worry, we won't take you through the math behind cryptography, but we'll look at basic crypto terminology and processes. What is steganography? What is substitution and transposition? What is a "work factor" in cryptography and why does it matter? What do we mean by symmetric and asymmetric key cryptography and "cryptographic hash," and why do you need to know? How are those concepts used together in the real world to create cryptographic systems? Finally, we take a brief look at several cryptographic applications. We won't get into the details of how Secure Shell (SSH) actually works, but you will leave the classroom knowing what that term means and what SSH is used for. In other words, you'll be able to discuss several crypto applications in a general sense and not be confused when someone brings them up. Following cryptography, we introduce the fundamentals of wireless security (WiFi and Bluetooth), and mobile device security (i.e., cell phones).

  • Lab 3 - Install and Use the Password Safe Tool: Introduction to a utility that stores and remembers your passwords in an encrypted database.
  • Lab 4 - Crypto by Hand: Apply the knowledge and skills you've learned to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).

CPE/CMU Credits: 6

My-Ngoc Nguyen
Sat Aug 22nd, 2015
9:00 AM - 5:00 PM


All attacks or exploits have one thing in common: they take something that exists for perfectly valid reasons and misuse it in malicious ways. Always! So as security practitioners, to grasp what is invalid we must first understand what is valid - that is, how things like networks are supposed to work. Only once we have that understanding can we hope to understand the mechanics of malicious misuse of those networks. Day three begins with a nontechnical explanation of how data move across a network. From there we move to fundamental terminology dealing with network types and standards. You'll learn about common network hardware such as hubs, switches, and routers, and you'll finally grasp what is meant by terms like "protocol," "encapsulation", and "tunneling". We'll give a very basic introduction to network addressing and port numbers and then work our way up the Open Systems Interconnection (OSI) protocol stack, introducing more detail only as we proceed to the next layer. In other words, we explain networking starting in non-technical terms and gradually progress to more technical detail as students are ready to take the next step. By the end of our discussions, you'll have a fundamental grasp of any number of critical technical networking acronyms that you've often heard and never quite understood: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS. We'll close out day three with a very simple explanation of common network attacks such as spoofing, man-in-the-middle, denial of service, and distributed denial of service.

  • Lab 5 - Networking Tools: Use several network tools that are built into the Windows Operating System to determine your network settings, discover your private and public IP addresses, and determine the network "hops" you have to use to access resources such as web pages on the Internet.
  • Lab 6 - Secunia PSI: Use the freeware Secunia Personal Software Inspector to find software on your Windows-based computer that is out of date.

CPE/CMU Credits: 6

My-Ngoc Nguyen
Sun Aug 23rd, 2015
9:00 AM - 5:00 PM


Building on what we've learned about how networks function and common attacks against them, we start day four by introducing methods and technologies to manage, control, and secure those networks. Students will learn about the importance of configuration management on networks, the different types of malware, and how anti-malware works to protect us. Students will also gain an introductory knowledge of firewalls, intrusion detection and prevention, sniffers, and virtualization technologies. We will not deep dive into firewall technology, but students will become familiar with basic firewall terminology and techniques. We'll also look at methods for auditing network security and examine fundamental security techniques such as hardening operating systems.

  • Lab 7 - SPAM IQ Quiz: Use an online site to look at several potential spam messages and determine which are legitimate and which are not. Students will see the results of their quiz with an explanation of why each message is either legit or spam.
  • Lab 8 - Malwarebytes: Install and use the Malwarebytes tool to analyze your system for potential malware; students can remove the reported malware if they so choose.
  • Lab 9 - SyncBack: Install and use the SyncBack tool to set up data backups on your system.

CPE/CMU Credits: 6

My-Ngoc Nguyen
Mon Aug 24th, 2015
9:00 AM - 5:00 PM


The final day of our SEC301 journey is all about protecting assets, mostly with a physical security theme but with some logical security included as well. We begin with the "meta security" discipline of operations security that looks at security issues throughout the organization, not just in the IT area. We then introduce the topic of safety and physical security. Students will become familiar with the concepts of data classification and data loss prevention. From there we move to an introductory look at incident response, including business continuity and disaster recovery planning. We'll close out with a brief discussion of social engineering so that students understand what it is and why it's so difficult to defend against.

  • Global Information Security Fundamentals (GISF) Practice Exam: We end the course with an (optional) truncated GISF practice exam. We'll go through 20 exam questions together and answer them as a group, giving students an idea of the types of questions they might see on the real exam. We'll focus on some of the tougher questions students might struggle with.

Optional Advanced Labs

Two optional advanced labs are available to students in the lab workbook:

  • Killdisk - A disk wiping utility
  • TrueCrypt - An abandoned open-source disk encryption utility

These are not testable for the GISF exam, but are provided for advanced students looking for more of a hands-on challenge.

CPE/CMU Credits: 6

Additional Information

Here's what recent attendees had to say about this course:

"This class is great for IT professionals looking for their first step towards security awareness. I have been in IT for 17 years and I learned a lot on this first day of class." - Paul Beninati, EMC

"Good basic information for someone just coming into the field." - Bryce Richert, SUH

"It's a very good course if you need the basic foundation. It's a very helpful class to take because it expands on some basic concepts." - Shruti Iyer, DCS Corporation

Security 301: SANS Intro to Information Security course consists of instruction and hands-on sessions. The lab sessions are designed to enable students to implement the concepts and practices in an instructor-led environment. Students will have the opportunity to install, configure, and use the programs that illustrate core skills in cyber security.

To conduct the exercises associated with the course, students will need to bring a laptop configured as described in the SEC301 Laptop and Drive Configuration Guide. To ensure success in conducting the exercises, it is critical that the laptop be properly configured before you come to class. Students are also required to test their systems (as described below) prior to coming to class.

Some labs use a web browser. Those labs have been successfully tested with Microsoft Internet Explorer and Opera browsers on Windows. The following browsers have been tested on Windows, Mac OS, and Linux: Google Chrome, Firefox. Safari on the Mac OS has also been tested. Students with any one of those browsers installed will be able to complete the browser based labs.

NOTE: Do not bring a regular production laptop for this class! When installing software, there is always a chance of breaking something else on the system. Students should assume that all data could be lost.

NOTE: It is critical that students be able to login to the Administrator level account (SEC301-adm) for the operating system and be able to install programs that are provided on the CD that comes with the course materials.

NOTE: End point security solutions (i.e., application white listing) can prevent programs from being installed correctly on the system. Students need to be able to temporarily disable end point security solutions or make exceptions to allow programs to run.

NOTE: An optical reader (CD, DVD) is required to install the programs that will be provided in class.

NOTE: External storage media (e.g., USB thumb drive, portable hard disk drive, or memory card/chip) is required to store files created during the exercises. Do NOT bring media that contains information that cannot be overwritten. (Note: There is an optional, advanced lab that will completely overwrite [destroy] all information on the external drive). If you choose to accomplish that optional lab, the recommended media size is 2 GB; it takes approximately 30 minutes per gigabyte - so an 8GB drive will require 4 hours for the lab to complete.)

Students must bring a laptop with a current version of a supported Windows operating system (e.g., Windows Vista or later; Windows 7 is strongly recommended). The exercises have been successfully tested in a Windows 7 environment. The labs should also work on Windows 8 or 8.1 versions -- BUT students with later Windows versions will have to make adjustments during the labs. All screen-shots in the labs are based on Windows 7. Some of those screen-shots will look different on any later version of Windows.

The SEC301 Laptop and Drive Configuration Guide provides step-by-step instructions on how to configure the laptop and associated external media.

In summary, before you arrive at the training event you should:

Confirm that a current Windows operating system (Preferably Windows 7) is installed and working

Login to the SEC301-adm account and verify that it has Administrative level privilege

Confirm that the computer can connect to a WiFi network that configures the network parameters (e.g., IP address, DNS addresses, and default gateway)

Confirm that you have properly configured the external storage media as described in the SEC301 Laptop and Drive Configuration Guide

Confirm that you can successfully copy files from optical media to the computer using the optical drive that you will take to the class

It is critical that you work through the documents before class so that you arrive with a properly configured laptop and external media.

By properly preparing, we know that you will have a knowledge rich and enjoyable lab experience.

If you have any questions, feel free to contact us.

Keith Palmgren

Track Lead/Course Author

Keith@NetIP.com (please put "student" in your subject line)

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

The SEC301 Introduction to Information Security course is designed to address the needs of:

  • People who are new to information security and in need of an introduction to the fundamentals of security
  • Those who feel bombarded with complex technical security terms they don't understand, but want to understand
  • Non-IT security managers who worry their company will be the next mega-breach headline story on the 6 o'clock news
  • Professionals in all disciplines who need to be conversant in basic security concepts, principles, and terms, but who don't need "deep in the weeds" detail
  • Those who have decided to make a career change to take advantage of the job opportunities in information security and need formal training/certification

Why Choose Our Course?

The SEC301 course lives up to its name: Introduction to Information Security. The course is designed for those who have little or no background in Information Technology, but who need to understand security concepts, principles, and terms. If you fall into that category, SEC301 will serve your needs well.

Which Course Is Right For You?

This is the track SANS offers for the professional just starting out in security. If you have experience in the field, please consider our more advanced offerings such as Security Essentials, SEC401.

In this course, you will receive the following:

  • MP3 audio files of the complete course lecture
  • Communicate with confidence regarding information security topics, terms, and concepts
  • Understand and apply the Principles of Least Privilege
  • Understand and apply the Confidentiality, Integrity, and Availability (CIA) Triad
  • Build better passwords that are more secure while also being easier to remember and type
  • Grasp basic cryptographic principles, processes, procedures, and applications
  • Gain an understanding of computer network basics
  • Have a fundamental grasp of any number of critical technical networking acronyms: TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS
  • Utilize built-in Windows tools to see your network settings
  • Recognize and be able to discuss various security technologies including anti-malware, firewalls, and intrusion detection systems.
  • Determine your "SPAM IQ" to more easily identify SPAM email messages
  • Understand physical security issues and how they support cyber security
  • Have an introductory level of knowledge regarding incident response, business continuity, and disaster recover planning
  • Install and use the following tools: Password Safe, Secunia PSI, Malwarebytes, & Syncback

Courses that are good follow-ups

Author Statement

If you want to be good at something, whether it be sports, music, science, math, or information security, you MUST have a solid grasp of the fundamentals. In fact, the better you understand the fundamentals the better you will be at a particular skillset. Without that foundation to build on, it is almost impossible to become a master at something. The Introduction to Information Security course is all about building those fundamentals and creating that foundation.

One of the things I enjoy most is seeing a student have that "ah-ha" moment. The moment when they suddenly understand a topic for the first time - often a topic they have wondered about for years. You can almost literally see the "light-bulb" of understanding appear over their head. There are "ah-ha" moments at every turn and on every day of the SEC301: Introduction to Information Security course.

- Keith Palmgren