It seems wherever you turn organizations are being broken into and the fundamental question that everyone wants to know is Why? Why do some organizations get broken into and others do not. SEC401 Security Essentials is focused on teaching you the right things that need to be done to keep an organization secure. Organizations are spending millions of dollars on security and are still compromised. The problem is they are doing good things but not the right things. Good things will lay a solid foundation but the right things will stop your organization from being headline news in the Wall Street Journal. SEC401's focus is to teach individuals the essential skills and techniques needed to protect and secure an organization's critical information assets and business systems. We also understand that security is a journey and not a destination. Therefore we will teach you how to build a security roadmap that can scale today and into the future. When you leave our training we promise that you will be given techniques that you can implement today and tomorrow to keep your organization at the cutting edge of cyber security. Most importantly, your organization will be secure.
With the APT (advanced persistent threat) organizations are going to be targeted. Whether the attacker is successful penetrating an organization's network depends on how well they are at the defense. While defending against attacks is an ongoing challenge with new threats emerging all of the time, including the next generation of threats, organizations need to understand what works in cyber security. What has worked and will always work is taking a risk-based approach to cyber defense. Before your organization spends a dollar of its IT budget or allocates any resources or time on anything in the name of cyber security, three questions must be answered:
1. What is the risk?
2. Is it the highest priority risk?
3. Is it the most cost-effective way of reducing the risk?
Security is all about making sure you are focusing on the right areas of defense. By attending SEC401 you will learn the language and underlying theory of computer security. Since all jobs today require an understanding of security, this course will help you understand why security is important and how it applies to your job. In addition, you will gain the essential, up-to-the-minute knowledge and skills required for effective security if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry.
Learn even more about security in the SANS Reading Room. Over 1600 free White Papers authored by real industry professionals.
Sampling of Topics:
Mon May 12th, 2014 | 9:00 AM - 7:00 PM
A key way attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible; but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, an understanding of how networks and the related protocols like TCP/IP work is critical to being able to analyze network traffic and determine hostile traffic. It is just as important to know how to protect against these attacks using devices such as routers and firewalls. These essentials, and more, will be covered to provide a firm foundation for the consecutive days training.
CPE/CMU Credits: 8
IOS and router filters
Tue May 13th, 2014 | 9:00 AM - 7:00 PM
In order to secure an enterprise network, you must have an understanding of the general principles of network security. In this course, you will learn about six key areas of network security. The day starts with information assurance foundations, where students look at both current and historical computer security threats, and how they have impacted confidentiality, integrity and availability. The first half of the day also covers the instruction for creating sound security policies and password management, including tools for password strengths on both Unix and Windows platforms. The second half of the day is spent on understanding the information warfare threat and the six steps of incident handling. The day draws to a close by looking at what can be done to test and protect a web server in your company.
CPE/CMU Credits: 8
Information assurance foundations
Computer security policies
Contingency and continuity planning
Business impact analysis
Offensive and defensive information warfare
Wed May 14th, 2014 | 9:00 AM - 7:00 PM
Military agencies, banks and retailers offering electronic commerce programs, and dozens of other types of organizations are demanding to know what threats they are facing and what they can do to alleviate those threats. In this course, you will obtain a roadmap that will help you understand the paths available to organizations that are considering or planning to deploy various security devices and tools such as intrusion detection systems and firewalls. The course goes beyond the narrow technical view and offers a full context for the deployment of these promising new technologies. When it comes to securing your enterprise, there is no single technology that is going to solve all of a company's security issues. However, by implementing an in-depth defense strategy that includes multiple defensive measures, you can go a long way in securing your enterprise. Each section in this course covers one tool that will play a part in a company's overall information assurance program.
CPE/CMU Credits: 8
Host-based intrusion detection and prevention
Network-based intrusion detection and prevention
Methods of attacks
Firewalls and perimeters
Risk assessment and auditing
Thu May 15th, 2014 | 9:00 AM - 7:00 PM
There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies use it. This technology is encryption. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at various aspects of encryption and how it can be used to secure a company's assets. A related area called steganography, or information hiding, is also covered. Wireless is becoming a part of most modern networks but they are often implemented in a non-secure manner. Security issues associated with wireless and what can be done to protect these networks will also be discussed. This section finishes by tying all of the other pieces together by looking at Operations Security.
CPE/CMU Credits: 8
Fri May 16th, 2014 | 9:00 AM - 7:00 PM
Windows is the most widely-used and hacked operating system on the planet. At the same time, the complexities of Active Directory, PKI, BitLocker, AppLocker and User Account Control represent both challenges and opportunities. This section will help you to quickly master the world of Windows security while showing you the tools you can use to simplify and automate your work. You will complete the day with a solid grounding in Windows security, including the important new features in Windows 8 and Server 2012.
CPE/CMU Credits: 8
The Security Infrastructure
Permissions and User Rights
Security policies and templates
Service Packs, patches, and backups
Securing network services
Auditing and automation
Sat May 17th, 2014 | 9:00 AM - 5:00 PM
Based on industry consensus standards, this course provides step-by-step guidance on improving the security of any Linux system. The course combines practical "how to" instructions with background information for Linux beginners and security advice and "best practices" for administrators of all levels of expertise.
CPE/CMU Credits: 6
Linux Command Line
Linux OS Security
Linux security tools
Maintenance, monitoring, and auditing Linux
Security 401: SANS Security Essentials courses consist of instruction and hands-on sessions. The lab sessions are designed to allow students to utilize the knowledge gained throughout the course in an instructor-led environment. Students will have the opportunity to install, configure, and use the tools and techniques that they have learned.
NOTE: Do not bring a regular production laptop for this class! When installing software, there is always a chance of breaking something else on the system. Students should assume that all data could be lost.
NOTE: It is critical that students have administrator access to the operating system and all security software installed. Changes need to be made to personal firewalls and other host-based software in order for the labs to work.
NOTE: Anti-virus software will need to be disabled in order to install some of the tools.
NOTE: A DVD player is required to install the tools that will be provided in class.
Students attending this course are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop. Please note that your laptop must be properly installed and configured before you come to class. Students are also required to test their systems (as described below) prior to coming to class.
The students must bring a laptop with Windows 7 installed (the specific version does not matter). The recommended configuration is Windows 7 as the host operating system running BackTrack as a virtual machine with VMWare Player. The student can use a Mac or Linux system with a different virtual machine product running both Windows and BackTrack in virtual machines, but the specific details for setting it up are left to the student.
The student MUST also download/install VMWare Player and BackTrack 5 R3 prior to coming to class. The attached SEC401 Installation Guide will provide step by step instructions on how to install your system.
In summary, before you arrive at the conference you should:
It is critical that you work through the documents before class so that you arrive with a properly configured laptop and a base understanding of Windows and Linux.
By properly preparing, we know that you will have a knowledge rich and enjoyable lab experience.
If you have any questions, feel free to contact us.
Dr. Eric Cole
Track Lead/Course Author
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
One of the things I love to hear from students after teaching Security 401 is "I have worked in security for many years and after taking this course I realized how much I did not know." With the latest version of Security Essentials and the Bootcamp, we have really captured the critical aspects of security and enhanced those topics with examples to drive home the key points. After attending Security 401, I am confident you will walk away with solutions to problems you have had for a while plus solutions to problems you did not even know you had.
- Eric Cole
INQUIRIES ON SANS TRAINING: training(at)accrete(dot)com(dot)my
No 95-2 Jalan Nautika B U20/B,
TSB Commercial Center,
40160 Sungai Buloh,
Phone: +603 6143 4526
Fax: +603 2178 4884
Information Security and Digital Forensics department in Accrete Technologies Sdn. Bhd. (Accrete) offers three pillar of services that is training, consulting services and solutions. SANS Institute (USA) in-Depth Security Training is offered by Accrete which is also HRDF Claimable for the first time. Accrete’s security solutions line up include ICS SCADA Security, Web Online Financial Transaction and eCommerce security, Retail Intelligence analysis, Comprehensive Vulnerabilities Intelligence and Patch Management, Data Leak Prevention solution and few others. (more....)