The SANS Security Essentials program is designed for computer professionals who are either new to the Information Security field or who wish to fill in the gaps in their knowledge in an intensive, fast-paced setting. The SANS community has forged a consensus on the essential knowledge and skills for information security. This track offers comprehensive coverage of the essentials that were determined by that collaborative process: information assurance fundamentals, ip concepts and behavior, the Internet threat, antivirus tools, security policies, password management and cracking, PGP, cryptography, and Windows and Unix security-related topics including backup and auditing. Few organizations will feel comfortable allowing system administrators or security professionals to have security responsibility, or even root or administrator access, without their having mastered these essentials. This course can be used to prepare for the GIAC Security Essentials Certification (GSEC).

Certification Information
You have six months following the conference to complete GIAC certification requirements. Detailed information can be found at http://www.giac.org/steps.php.

SPECIAL NOTE: SANS Security Essentials has been evaluated by the NSA and is fully compliant with the NSTISSI 4013 training standards.

A key way attackers gain access to a company's resources is through a network which is connected to the Internet. Therefore having an understanding of how networks and the related protocols like TCP/IP work is critical to being able to analyze network traffic and determine hostile traffic. Being able to protect against these attacks using devices such as routers and firewalls is just as important. A company wants to try to prevent as many attacks as possible; but in cases where it cannot prevent an attack, it must detect it in a timely manner.

?

• Network Topologies
• Ethernet, Token Ring
• Wireless
• Wiring
• Network Devices
• VLANS

• Packets and Addresses
• IP Service Ports
• IP Protocols
• TCP
• UDP
• ICMP
• DNS

• TCPDUMP
• Recognizing and Understanding
• UDP
• TCP
• ICMP
• TCP Behavior

• Routers
• IOS
• Routing
• Routing Protocols
• Access Control Lists

• Vulnerabilities
• Four Primary Threats
• Personal Firewalls

In order to secure an enterprise network, you must have an understanding of the general principles of network security. In this course, you will learn about six key areas of network security. The day starts with information assurance foundations, where students look at both current and historical computer security threats, and how they have impacted confidentiality, integrity, and availability. The first half of the day also covers the instruction for creating sound security policies and password management, including tools for password strengths on both Unix and Windows platforms. The second half of the day is spent on understanding the information warfare threat and the six steps of incident handling. The day draws to a close by looking at what can be done to test and protect a web server in your company.

?

• Bedrock principles
• Threat model
• Three attacks from history
• Vulnerabilities
• Five basic countermeasures
• Policy
• Defense in depth

Computer Security Policies

• Characteristics of good policies
• Defining policies
• How policies serve as insurance
• Specific policies

Password Management

• Password cracking
• Password cracking for defense
• Windows NT - L0phtcrack
• UNIX - Crack
• Password attack countermeasures

• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned

Information Warfare

• Offensive Information Warfare
• Defensive Information Warfare
• Threats
• Defenses

Web Security

• Web communication
• Web security protocols
• Active content
• Cracking web applications
• Web application defenses

Military agencies, banks, and retailers offering electronic commerce programs, and dozens of other types of organizations are demanding to know what threats they are facing and what they can do to alleviate those threats. In this course, you will obtain a roadmap that will help you understand the paths available to organizations that are considering or planning to deploy various security devices and tools such as intrusion detection systems and firewalls. The course goes beyond the narrow technical view and offers a full context for the deployment of these promising new technologies. When it comes to securing your enterprise there is or single technology that is going to solve all of a company's security issues. However, by implementing an in-depth defense strategy that includes multiple defensive measures, you can go a long way in securing your enterprise. Each section in this course covers one tool that will play a part in a company's overall information assurance program.

?

• TCP Wrappers, Nuke Nabber, Back Officer Friendly
• AtGuard
• Syslog
• Tripwire
• Forensics

• Commercial tools
• CIDF, CVE
• Shadow

• What they Are, How to Deploy Them
• Deception Toolkit

• Firewalls and Policy Enforcement
• Packet filtering, State Aware, Proxy
• Intrusion Detection using Firewall Logs
• Effect of Firewalls on IDS Sensors
• Firewall Avoidance Techniques, Modems,
• Backdoors

• Introduction to Risk Management
• Calculation of Acceptable Loss
• Dollar Driven Versus Qualitative
• Knowledge Based (Accreditation)
• Securing NT Step by Step
• Introduction to Auditing
• Risk Assessment Checklists
• Vulnerability scanners
• Common Vulnerability and Initiative
• Saint
• Nessus
• ISS Security Scanner

• How all these Capabilities Work Together
• Automated Response
• Chain of Custody and Legal Issues

• Know your Enemy-Ankle Biters to full IW
• Cyberwar in the Real World
• Cyberwar Scenario

• Where these Technologies are Heading

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies use it. This technology is encryption. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at various aspects of encryption and how it can be used to secure a company's assets. A related area called steganography, or information hiding, is also covered. Based on the wide number of viruses that are being circulated and the impact they have to companies, virus and virus detection are addressed as well. This section finishes by looking at various attacks that encryption can help prevent.

?

• Need for cryptography
• Types of encryption
  • Symmetric
  • Asymmetric
  • Hash
• Ciphers
• Digital substitution
• Algorithms
• Real-world cryptosystems
• VPN's

Steganography

• Types of stego
• Applications
• Detection

• Installing and using PGP
• Signing data and what it means
• Key Management
• Key Servers

Anti-Viral Tools on Desktops

• Malicious code
• Virus and hoax information
• Organizational anti-viral policy
• Desktop anti-viral care, feeding, and recovery of damaged files and systems

You will find many different versions of the Windows operating system in use in the enterprise, so as a security professional, it is invaluable to have a general understanding of how these variants work. In this section, different versions of the Windows operating system will be covered-Windows 98, Windows NT 4.0, Windows XPand Windows 2000/XP. Differences between desktop and server editions will be clarified. Critical security functions, such as the use of NTFS for access control, enabling and using auditing, hardening the OS and backing up a Windows system, will be covered. A Microsoft's IIS web server module is included.

?

• Legacy Windows Desktop Systems
• Setting File System Access Controls
• Setting Security Relevant Registry Keys
• Hardening Windows NT Step-by-Step
• Secure Account Policies
• Group Policy
• Security Baselines

• Third Party Products
• NT Backup
• Best Practices
• NT Tape Management
• Emergency Repair Strategies

• What Makes a Good Audit
• User, Service, and File Auditing
• Log Management
• Log Filtering
• Free and Nearly Free Tools
• Automation

• Installing and Configuring
• Hardening the Web Server
• Removing Unneeded Components

Based on industry consensus standards, this course provides step-by-step guidance on improving the security of any Unix operating system. The course combines practical "how to" instructions with background information for Unix beginners and security advice and "best practices" for administrators of all levels of expertise.

?

• A Brief History of Unix
• Booting Unix

• File System Layout
• Files, Directories, and Links
• Ownership and Permissions
• The Physical File System
• Manipulating Files and Directories
• Unix Privilege

• Usernames and User IDs
• The Superuser

• Usernames, UIDs, the superuser
• Blocking accounts, expiration, etc.
• Restricting superuser access
• Boot-level access control
• Disabling .rhosts

• File system access control
• Kernel tuning for security
• Security for the cron system

• tar, dump, and dd
• Tricks and techniques
• Networked backups