Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment.
Paid SANS Network Security Resources
SEC503: Intrusion Detection In-Depth
This is the most advanced program in network intrusion detection where you will learn practical hands-on intrusion detection methods and traffic analysis from top practitioners/authors in the field. All of the course material is either new or just updated to reflect the latest attack patterns. This series is jam-packed with network traces and analysis tips. The emphasis of this course is on increasing students' understanding of the workings of TCP/IP, methods of network traffic analysis, and one specific network intrusion detection system - Snort. This course is not a comparison or demonstration of multiple NIDS. Instead, the knowledge/information provided here allows students to better understand the qualities that go into a sound NIDS and the "whys" behind them, and thus, to be better equipped to make a wise selection for their site's particular needs. View Full Course Description
SEC401: Security Essentials Bootcamp Style
Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty. View Full Course Description
AUD507: Auditing & Monitoring Networks, Perimeters & Systems
This SANS course is based on known and validated threats and vulnerabilities based on validated information from real world situations that can be used to raise awareness within an organization and build an understanding of why auditing is important. From these threats and vulnerabilities, we build the countermeasures and defenses including instrumentation, metrics and auditing. The course begins with a high-level introduction on methods and audit programs. It then takes you through all the particulars of how to actually audit devices and IT systems that range from firewalls and routers all the way down to the underlying operating systems. View Full Course Description
Free SANS Network Security Resources
Recommended Network Security Papers from the SANS Reading Room
-
Packet Sniffing In a Switched Environment by Tom King - August 4, 2002 in Network Devices
This paper focuses on the threat of packet sniffing in a switched environment, briefly explores the effect in a non-switched environment, and covers ways to mitigate the threat of network sniffing in both non-switched and switched environments.
-
A Reverse Proxy Is A Proxy By Any Other Name by Art Stricek - January 10, 2002 in Web Servers
This paper will cover the concept of a Reverse Proxy by defining what it is and how it differs from a forward proxy. We will cover the benefits and drawbacks of using this technology as a part of our network infrastructure, along with the security advantages and possible risks.
-
Egress Filtering FAQ by Chris Brenton - June 22, 2006 in Firewalls & Perimeter Protection
This FAQ covers the benefits of performing egress filtering on the end points of your perimeter.
-
Enhancing IDS using, Tiny Honeypot SANS.edu Graduate Student Research
by Richard Hammer - November 13, 2006 in Intrusion DetectionThis paper will describe how to install, use, and deploy Tiny Honeypot (THP), written by George Bakos [Bakos, 2002], and then use the data returned by THP to write custom IDS rules. THP completes the incoming connection, records data received, can return custom responses, and simulate any application layer protocol. Completing the TCP connections allows the IDS to see the data payload instead of just the connection attempt.
-
Wireless Attacks from an Intrusion Detection Perspective by Gary Deckerd - December 11, 2006 in GIAC Honors Papers
Wireless site surveys should be performed to ensure that the WIDS covers the entire wireless network. The case study contains an example of a WIDS deployed in this fashion.