GSEC

SEC401: Security Essentials Bootcamp Style Security Essentials

giac.org/gsec

6 46 Laptop Learn the most effective steps to prevent attacks and detect adversaries with actionable
Required
Day Program CPEs techniques that you can directly apply when you get back to work. Learn tips and tricks from the
experts so that you can win the battle against the wide range of cyber adversaries that want to
You Will Be Able To harm your environment.
• Design and build a network architecture Is SEC401: Security Essentials Bootcamp Style the right course for you?
using VLANs, NAC, and 802.1x based on
advanced persistent threat indicators of STOP and ask yourself the following questions:
compromise
• Do you fully understand why some organizations get compromised and others do not?
• Run Windows command line tools to
analyze the system looking for high-risk • If there were compromised systems on your network, are you confident that you would be
items able to find them?
• Run Linux command line tools (ps, • Do you know the effectiveness of each security device and are you certain that they are all
ls, netstat, etc.) and basic scripting to
automate the running of programs to configured correctly?
perform continuous monitoring of various • Are proper security metrics set up and communicated to your executives to drive security
tools
decisions?
• Install VMWare and create virtual
machines to create a virtual lab to test If you do not know the answers to these questions, then SEC401 will provide the information
and evaluate tools/security of systems
security training you need in a bootcamp-style format that is reinforced with hands-on labs.
• Create an effective policy that can be
enforced within an organization and Learn to build a security roadmap that can scale today and into the future.
design a checklist to validate security
and create metrics to tie into training and SEC401: Security Essentials Bootcamp Style is focused on teaching you the essential information
awareness
security skills and techniques you need to protect and secure your organization’s critical
• Identify visible weaknesses of a
information assets and business systems. Our course will show you how to prevent your
system using various tools and, once
vulnerabilities are discovered, cover ways organization’s security problems from being headline news in the Wall Street Journal!
to configure the system to be more secure
Prevention is ideal but detection is a must.
• Build a network visibility map that can
be used for hardening of a network – With the rise in advanced persistent threats, it is almost inevitable that organizations will be
validating the attack surface and covering
ways to reduce that surface by hardening targeted. Whether the attacker is successful in penetrating an organization’s network depends on
and patching the effectiveness of the organization’s defense. Defending against attacks is an ongoing challenge,
• Sniff open protocols like telnet and ftp with new threats emerging all of the time, including the next generation of threats. Organizations
and determine the content, passwords,
and vulnerabilities using WireShark
need to understand what really works in cybersecurity. What has worked, and will always work,
is taking a risk-based approach to cyber defense. Before your organization spends a dollar of
its IT budget or allocates any resources or time to anything in the name of cybersecurity, three
questions must be answered:
“SEC401 is a great intro and • What is the risk?
overview of network security. It • Is it the highest priority risk?
covered just enough information • What is the most cost-effective way to reduce the risk?
to get a baseline level of Security is all about making sure you focus on the right areas of defense. In SEC401 you will learn
knowledge without going too the language and underlying theory of computer and information security. You will gain the
in-depth on any one topic.” essential and effective security knowledge you will need if you are given the responsibility for
— Josh Winter, Washington County, MN
securing systems and/or organizations. This course meets both of the key promises SANS makes
to our students: (1) You will learn up-to-the-minute skills you can put into practice immediately
upon returning to work; and (2) You will be taught by the best security instructors in the industry.

Available Live Training Online Training

Training Live Events
sans.org/information-security-training/by-location/all
OnDemand
sans.org/ondemand
Formats Summit Events Simulcast
sans.org/cyber-security-summit sans.org/simulcast

Private Training
sans.org/private-training
Section Descriptions

SECTION 1: Network Security Essentials SECTION 2: Defense-In-Depth and Attacks Who Should Attend
A key way that attackers gain access to a company’s To secure an enterprise network, you must understand • Security professionals who want to
resources is through a network connected to the the general principles of network security. In Section 2, fill the gaps in their understanding of
Internet. A company wants to try to prevent as many we look at threats to our systems and take a “big picture” technical information security
attacks as possible, but in cases where it cannot look at how to defend against them. You will learn that • Managers who want to understand
prevent an attack, it must detect it in a timely manner. protections need to be layered – a principle called information security beyond simple
Therefore, an understanding of and ability to create defense-in-depth. We explain some principles that will terminology and concepts
and identify the goals of building a defensible network serve you well in protecting your systems. You will also
• Operations personnel who do not
architecture are critical. It is just as important to know learn about key areas of network security.
have security as their primary job
and understand the architecture of the system, types of TOPICS: Defense-in-Depth; Access Control and Password function but need an understanding
designs, communication flow and how to protect against Management; Security Policies; Critical Controls; of security to be effective
attacks using devices such as routers and firewalls. These Malicious Code and Exploit Mitigations; Advanced • IT engineers and supervisors
essentials, and more, will be covered in this first section Persistent Threat (APT) who need to know how to build a
in order to provide a firm foundation for the consecutive
defensible network against attacks
sections of training.
• Administrators responsible for
TOPICS: Defensible Network Architecture; Virtualization
building and maintaining systems
and Cloud Security; Network Device Security; Networking that are being targeted by attackers
and Protocols; Securing Wireless Networks; Securing Web
Communications • Forensic specialists, penetration
testers, and auditors who need
a solid foundation of security
SECTION 3: Threat Management principles to be as effective as
SECTION 4: Cryptography, Risk Management,
possible at their jobs
Whether targeting a specific system or just searching the and Response
Internet for an easy target, an attacker uses an arsenal • Anyone new to information security
There is no silver bullet when it comes to security. with some background in information
of tools to automate finding new systems, mapping However, there is one technology that would help solve systems and networking
out networks, and probing for specific, exploitable a lot of security issues, though few companies deploy it
vulnerabilities. This phase of an attack is called correctly. This technology is cryptography. Concealing the
reconnaissance, and it can be launched by an attacker meaning of a message can prevent unauthorized parties
any amount of time before exploiting vulnerabilities and from reading sensitive information. This course section
gaining access to systems and networks. In fact, evidence looks at various aspects of encryption and how it can be
of reconnaissance activity can be a clue that a targeted used to secure a company’s assets. A related area called
attack is on the horizon. steganography, or information hiding, is also covered.
TOPICS: Vulnerability Scanning and Penetration Testing;
“SEC401 provided a vast
TOPICS: Cryptography; Cryptography Algorithms and
Network Security Devices; Endpoint Security; SIEM/Log Deployment; Applying Cryptography; Incident Handling library of information
Management; Active Defense and Response; Contingency Planning – BCP/DRP; IT Risk on developing a strong
Management
security posture, and in
SECTION 5: Windows Security SECTION 6: Linux Security
the course of the training
Remember when Windows was simple? Windows XP While organizations do not have as many Unix/Linux my brain shifted into
desktops in a little workgroup…what could be easier? A systems, those that they do have are often some of the a security-first gear
lot has changed over time. Now, we have Windows tablets, most critical systems that need to be protected. This
Azure, Active Directory, PowerShell, Office 365, Hyper-V, final course section provides step-by-step guidance to thanks to the intense
Virtual Desktop Infrastructure (VDI), and so on. Microsoft improve the security of any Linux system. The course
and deep exposure
is battling Google, Apple, Amazon.com, and other cloud combines practical “how to” instructions with background
giants for supremacy. The trick is to do it securely, of information for Linux beginners, as well as security to the multitudinous
course. Windows is the most widely-used and targeted advice and best practices for administrators of all levels
operating system on the planet. At the same time, the of expertise. This module discusses the foundational
recommendations for
complexities of Active Directory, PKI, BitLocker, AppLocker, items that are needed to understand how to configure securing an organization’s
and User Account Control represent both challenges and and secure a Linux system. It also provides an overview
opportunities. This section will help you quickly master of the operating system and mobile markets. To lay network and data.”
the world of Windows security while showing you the a foundation, it provides an overview of the different — Laura Farvour,
tools that can simplify and automate your work. You will operating systems that are based on Linux. University of Minnesota
complete the section with a solid grounding in Windows TOPICS: Linux Security: Structure, Permissions and Access;
security by looking at automation, auditing and forensics. Hardening and Securing Linux Services; Monitoring and
TOPICS: Windows Security Infrastructure; Service Packs, Attack Detection; Security Utilities
Hot Fixes, and Backups; Windows Access Controls;
Enforcing Security Policy; Securing Windows Network
Services; Automation, Auditing, and Forensics
Course Preview
available at: sans.org/demo