• SANS

• SANS Security Essentials Course Topics

o Risk Assessment and Auditing
o Host and Network Based Intrusion Detection
o Honeypots, Firewalls and Perimeter Protection
o Security Policy
o Password Management
o Security Incident Handling - The Six Steps
o Information Warfare
o Web Security
o Network Fundamentals and IP Concepts and Behavior
o Cisco Router Filters
o Four Primary Threats for Perimeter Protection
o PGP, Steganography
o Anti-Viral Tools
o Windows (2000, XP, 2003, Vista) Security Administration and Auditing
o IIS Security
o Unix Security Fundamentals
 SECURITY 401 - Day 1
Networking Concepts
A key way attackers gain access to a company's resources is through a network connected to the Internet.
A company wants to try to prevent as many attacks as possible; but in cases where it cannot prevent an
attack, it must detect it in a timely manner. Therefore, an understanding of how networks and the
related protocols like TCP/IP work is critical to being able to analyze network traffic and determine
hostile traffic. It is just as important to know how to protect against these attacks using devices such as
routers and firewalls. These essentials, and more, will be covered to provide a firm foundation for the
consecutive days training.

• Network Fundamentals • IP Concepts

o Network Types (LANs, WANs) o Packets and Addresses
o Network Topologies o IP Service Ports
o Ethernet, Token Ring o IP Protocols
o ATM, ISDN, X.25 o TCP
o Wiring o UDP
o Network Devices o ICMP
o Voice over IP o DNS

• IP Behavior • IOS and Router Filters

o TCPdump o Routers
o Recognizing and Understanding o IOS
o UDP o Routing
o ICMP o Routing Protocols
o UDP Behavior o Access Control Lists

• Physical Security
o Facility Requirements
o Technical Controls
o Environmental Issues
o Personal Safety
o Physical Security Threats
o Elements of Physical Security
 SECURITY 401 - Day 2
Defense In-Depth
In order to secure an enterprise network, you must have an understanding of the general principles of
network security. In this course, you will learn about six key areas of network security. The day starts
with information assurance foundations, where students look at both current and historical computer
security threats, and how they have impacted confidentiality, integrity and availability. The first half of
the day also covers the instruction for creating sound security policies and password management,
including tools for password strengths on both Unix and Windows platforms. The second half of the day is
spent on understanding the information warfare threat and the six steps of incident handling. The day
draws to a close by looking at what can be done to test and protect a web server in your company.

• Information Assurance Foundations • Computer Security Policies

o Risk Model o Elements When Well Written
o Authentication vs. Authorization o How Policies Serve as Insurance
o Data Classification o Roles and Responsibilities
o Vulnerabilities
o Defense In-Depth

• Contingency and Continuity Planning • Business Impact Analysis

o Legal and Regulatory o Emergency Assessment
Requirements o Business Success Factors
o Disaster Recovery Strategy and o Critical Business Functions
Plan

• Password Management • Incident Handling

o Password Cracking for Windows o Preparation, Identification and
and Unix Containment
o Alternate Forms of o Eradication , Recovery and
Authentication (Tokens, Lessons Learned
Biometrics) o Investigation Techniques and
o Single Sign On and RADIUS Computer Crime
o Ethics

• Offensive and Defensive Information • Web Security

Warfare o Web Communication
o Web Security Protocols
o Active Content
o Cracking Web Applications
o Web Application Defenses
 SECURITY 401 - Day 3
Laptop Required
Military agencies, banks and retailers offering electronic commerce programs, and dozens of other types
of organizations are demanding to know what threats they are facing and what they can do to alleviate
those threats. In this course, you will obtain a roadmap that will help you understand the paths available
to organizations that are considering or planning to deploy various security devices and tools such as
intrusion detection systems and firewalls. The course goes beyond the narrow technical view and offers a
full context for the deployment of these promising new technologies. When it comes to securing your
enterprise, there is no single technology that is going to solve all of a company's security issues. However,
by implementing an in-depth defense strategy that includes multiple defensive measures, you can go a
long way in securing your enterprise. Each section in this course covers one tool that will play a part in a
company's overall information assurance program.

• Host-based Intrusion Detection and • Network-based Intrusion Detection and

Prevention Prevention
o TCP Wrappers, Tripwire, o Syslog
o Intrusion Detection o Commercial Tools
o What They Are and How to o Denial of Service
Deploy Them o Deception Toolkit
o Calculation of Acceptable Loss
o Automated Response

• Honeypots • Methods of Attacks

o Forensics o Buffer Overflows
o Honeypots o Default Accounts
o Honeynets o Spamming
o Honey Tokens o Browsing
o Effect of Firewalls on IDS o Race Conditions
Sensors

• Firewalls and Perimeters • Risk Assessment and Auditing

o Types of Firewalls o Risk assessment methodology
o Pros and cons of firewalls o Risk approaches
o Firewall placement o Calculating risk
o SLE
o ALE
o How All These Capabilities Work
Together
o Where These Technologies are
Heading
 SECURITY 401 - Day 4
Secure Communications
There is no silver bullet when it comes to security. However, there is one technology that would help
solve a lot of security issues, though few companies use it. This technology is encryption. Concealing the
meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at
various aspects of encryption and how it can be used to secure a company's assets. A related area called
steganography, or information hiding, is also covered. Wireless is becoming a part of most modern
networks but they are often implemented in a non-secure manner. Security issues associated with
wireless and what can be done to protect these networks will also be discussed. This section finishes by
tying all of the other pieces together by looking at Operations Security.

• Cryptography • Steganography
o Need for Cryptography o Types
o Types of Encryption o Applications
o Symmetric o Detection
o Asymmetric
o Hash
o Ciphers
o Digital Substitution
o Algorithms
o Real-world Cryptosystems
o Crypto Attacks
o VPNs
o Types of Remote Access
o PKI
o Digital Certificates
o Key Escrow

• PGP • Wireless
o Installing and Using PGP o Common Protocols
o Signing Data and What It Means o Common Topologies
o Key Management o Misconceptions
o Key Servers o Security Issues
o Securing Wireless

• Operations Security
o Legal Requirements
o Administrative Management
o Individual Accountability
o Need to Know
o Privileged Operations
o Control Types
o Operation Controls
o Reporting
 SECURITY 401 - Day 5
Windows Security
Windows is the most widely-used and hacked operating system on the planet, and Internet Explorer is
every hacker's "favorite" browser. The simple days of Windows 98 desktops and Windows NT 4.0 domains
are long gone, replaced by the complexities of Active Directory, Group Policy, PKI, BitLocker, etc. This
section will help you to quickly master the world of Windows security while showing you the tools you can
use to simplify and automate your work. You will complete the day with a solid grounding in Windows
security, including the important new features in Windows Vista.

• Topics Covered • Topics Covered (continued)

o The Security Infrastructure o Service Packs, Patches, and
 The Windows Family of Backups
Operating Systems  Service Packs
 Workgroups And Local  E-Mail Security Bulletins
Accounts  Patch Installation
 What Is Active  Automatic Updates
Directory?  Windows Server Update
 Domain Users and Services
Groups  Windows Backup
 Kerberos, NTLMv2,  System Restore
Smart Cards  Device Driver Rollback
 Forests and Trusts o Securing Network Services
 What is Group Policy?  Firewalls and Packet
o Permissions and User Rights Filtering
 User Rights  IPSec and VPNs
 NTFS Permissions  Wireless Networking
 File and Print Sharing  The Security
Service Configuration Wizard
 Shared Folders  IIS URLSCAN
 Encrypting File System  Terminal Services
 BitLocker Drive o Auditing and Automation
Encryption  Microsoft Baseline
o Security Policies and Templates Security Analyzer
 Group Policy Objects  SECEDIT.EXE
 Password Policy  Windows Event Logs
 Lockout Policy  NTFS and Registry
 Anonymous Access Auditing
 Software Restriction  IIS Logging
Policies  Creating System
 NTLMv2 Authentication Baselines
 Protecting Critical  Scripting Tools
Accounts  Scheduling Jobs
 SECURITY 401 - Day 6
Unix Security
Based on industry consensus standards, this course provides step-by-step guidance on improving the
security of any Unix operating system. The course combines practical "how to" instructions with
background information for Unix beginners and security advice and "best practices" for administrators of
all levels of expertise.

• Patching and Software Installation • Minimizing System Services

o The Need for Patches o Guidance for Dangerous Services
o Obtaining and Installing System o Controlling Services at Boot
Patches Time
o Managing Third-party Software o inetd and xinetd
Apps o IP-based Access Control

• Logging • Warning Banners

o Syslog and Other Standard Logs o Sample Warning Banner Texts
o System Accounting o Standard Warning Banner Config
o Process Accounting o Banners for Networked Services

• Access Control • Additional Security Configuration

o Usernames, UIDS, the Superuser o File System Access Control
o Blocking Accounts, Expiration, o Kernel Tuning for Security
etc. o Security for the cron System
o Restricting Superuser Access
o Boot-level Access Control
o Disabling .rhosts

• Backups and Archives

o tar, dump, and dd
o Tricks and Techniques
o Networked Backups