This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. SANS – SEC401 Security Essentials Day – 2. You will learn: * To develop effective security metrics that provide a focused playbook that the IT department can implement, auditors can validate, and executives can understand SEC401 course content has been incredibly useful and will be directly applicable to my job, and the labs have practical use and are great demonstrations of the concepts presented in lectures." While some SANS courses have now added an index to match industry standards, creating your own with proper tabbing and references is still highly advisable for referencing speed during the exam and as a study aid. Day 5 will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. Apple's venerable macOS provides extensive opportunity for hardware and software security but is often misunderstood from what can and cannot be achieved. This document details the required system hardware and software configuration for your class. Module 20: Cryptography Algorithms and Deployment. Training; United States » West, USA » Arizona » Tucson April 4th, 2019 - May 16th, 2019 Event Website. In essence, data loss will be any condition that results in data being corrupted, deleted, or made unreadable in any way by a user and/or software (application). Isolation techniques can help to mitigate the initial damage caused by an adversary giving us more time for detection. A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module covers the tools, technology, and techniques used for reconnaissance (including gathering information, mapping networks, scanning for vulnerabilities, and applying mapping and scanning technology). After reading through, I create my index (SANS now provides pre-built indexes for some classes apparently, I ignore those). Each have their own unique approaches and benefits. The first course for the SANS Master of Science in Information Security Engineering program is SEC401 Security Essentials. While the truth is often complicated, fortunately for us, the answer is simple. You will need your course media immediately on the first day of class. This is a big picture overview of the Windows security model. 180 multiple choice questions 2. If you are scoring in the 80’s on your practice exams, I believe you are definitely ready to take the real thing. We will spend time discussing the various types of authentication: Something you know, something you have, some place you are, and something you are. This course and certification can be applied to a master's degree program at the SANS Technology Institute. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills that you can put into practice immediately upon returning to work; and (2) You will be taught by the best security professionals in the industry. This module discusses the principles of identity management and access control. Security 401.2 – Defense In Depth. One of those five steps is ensuring that you bring a properly configured system to class. Containers, what they are, deployment best practice, and how to secure them will be explored. Adversaries need our networks just as much as we do. Can I learn this on my own using books, videos, websites etc or is a classroom (virtual or actual) a must? The number of classes using eWorkbooks will grow quickly. My first run through of the books was solely reading with no note taking. GIAC certifications provide the highest and most rigorous assurance of cyber security knowledge and skill available to industry, government, and military clients across the world. Made the class flow smoothly. SEC401.1 Monday, March 19, 2018 10:10 AM Pg22 Pg23 - Ethernet Collision Detection … I like his teaching style which often comprises of live demos in which he performs exploits on his lab machine to help illustrate key concepts. Index length is up to you. Great that he(the instructor) was able to bring real world examples to class. Last, but certainly not least, a discussion of defense-in-depth would not be complete without a discussion of, perhaps, the most important aspect of any security program - Security Plans and Risk Management. In this module, we will examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. Internet connections and speed vary greatly and are dependent on many different factors. Containers, while not specifically designed for information security purposes, are built on elements of minimization and that is something we can leverage in an overall information security methodology (as a part of defense-in-depth). what is a disadvantage of virtualizing a DMZ infrastructure? Module 29: Automation, Auditing, and Forensics. Course Books are from 2019 Training, copyrighted@2019, Books are prepared for GIAC GSEC Exam, valuable GSEC Exam Prep Resources Guide. During the first half of Day 4 we'll look at various aspects of cryptographic concepts and how they can be used in securing an organization's assets. My instructor was Bryce Galbraith– one of the principle instructors at SANS. We conclude with an important discussion on the management of public keys (and their related certificates) in terms of a Public Key Infrastructure (PKI). During the second half of the day, we shift our focus to the various types of prevention technologies that can be used to stop an adversary from gaining access to our organization (firewalls, intrusion prevention systems) and the various types of detection technologies that can detect the presence of an adversary on our networks (intrusion detection systems). Anyone who works in security, is interested in security, or has to understand security should take this course, including: "SEC401 should be a prerequisite for anyone involved in the security space. Module 15: Attacks and Malicious Software. Open bookAt 180 questions and 5 hours long, the GSEC exam is one of, if not the longest GIAC exam. SEC401 will show you how to apply the knowledge you gain, forming it into a winning defensive strategy in the terms of the modern adversary. It would be more useful if the students could review the questions after the practice exam was over, so we don’t feel rushed trying to write down why we got the questions wrong but still trying to take the test. 2 pages. SANS SEC401 Security Essentials April 4th, 2019 There are no reviews yet. A lot has changed over time. Apple does not support x86-based virtual machines under their Rosetta 2 capability for translation to their new Apple M1 processor. Containers is one example of such. @pete-s said in SANS SEC401: Security Essentials - alternatives?. Click to share on Twitter (Opens in new window), Click to share on Facebook (Opens in new window), Course Review: SANS SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling (GCIH), Course Review: SANS SEC401 Security Essential (GSEC), Official courseware books (sent via USPS). You need to allow plenty of time for the download to complete. We will also spend considerable time discussing the most common (and problematic) example of the "something you know" authentication type: the password. We will explore their underlying principles, strengths, and weaknesses. 85% + to apply for SANS Mentor program Opportunity to teach SANS material to your peers First step on the road to Instructor 90% + to join GIAC Advisory Board Amazing mailing list(s) full of accomplished professionals Influence SANS/GIAC direction Some students coming out of day one might be relieved to find that day two is nothing like day one. To achieve this, you need to gain familiarity with the communication protocols of modern networks. We'll also identify common attacks used to subvert cryptographic defenses. Minimum passing score of 74% 4. Offense informs the defense. In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk. To develop effective security metrics that provide a focused playbook that the IT department can implement, auditors can validate, and executives can understand, To analyze the risk to your environment in order to drive the creation of a security roadmap that focuses on the right areas of security, Practical tips and tricks that focus on addressing high-priority security problems within your organization and doing the right things that lead to security solutions that work, Why some organizations win and why some lose when it comes to security and, most importantly, how to be on the winning side, The core areas of security and how to create a security program that is built on a foundation of Detection, Response, and Prevention. In this module, we look at some of the most important things to know on designing and deploying secure web applications. In this module, we explore the fundamentals of incident handling and why it is important to our organization. LEARN TO BUILD A SECURITY ROADMAP THAT CAN SCALE TODAY AND INTO THE FUTURE, PREVENTION IS IDEAL BUT DETECTION AND RESPONSE IS A MUST. "From all observations of the world around us, it would appear that we might be living in a world of never-ending compromise. The SANS Blog is an active, ever-updating wealth of information. Do you know the effectiveness of each security device and are you certain that they are all configured correctly? In this introductory module we review the structure of the course, the logistics of the class schedule in concert with 'bootcamp' hours, and the overall thematic view of the course topics. Label the first four columns with: “Page”, “Keyword 1”, “Keyword 2”, and “Keyword 3”. Even though, for more than 30 years, passwords (the most commonly used form of authentication for access control) were to be deprecated and moved away from, we still struggle today with the compromises that result from credential theft. And surely today, with more security at our avail than at any other point in the history of computing, an ever-continuing increase in worldwide compromise can't be attributed to poor security practice, can it? Create a spreadsheet with tabs labeled for each book in the course. In order to implement proper network security, you have to understand the various components of modern networks. This module will look at the three main categories of network security devices: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). In addition to a framework, the CIS controls also provide details to help organizations put together an effective plan for implementation of the controls they need. SEC401 is unique in its coverage of more than 30 topical areas of information security. @pete-s said in SANS SEC401: Security Essentials - alternatives?. Discovery of the adversary is only a small part of the overall battle; the remainder of SEC401 will show you how not only to defend, but better prevent (and remediate) the adversary. With the rise in advanced persistent threats, it is inevitable that organizations will be targeted. Containers provide powerful and flexible concepts for cloud computing deployments. SEC401 Installation Guide Version Kali and Windows 8 This document covers the installation guide to make sure you are ready for class. The module also covers how to leverage digital forensics methodologies to ensure our processes are repeatable and verifiable. How is it possible to have ever more compromise in the presence of ever more security? This module discusses the infrastructure that supports Windows security. A conversation on defensible networking would not be complete without an in-depth discussion of what cloud is, and more importantly, the important security considerations that must be taken into account. A key part of managing and governing risk is the formation of security plans built on a solid understanding of the "security risk' of the organization. I added several SANS cheat sheets to the back for reference and had the whole thing spiral bound at Staples for $5. Bring your own system configured according to these instructions! Cloud computing becomes an obvious topic of discussion in relation to our modern networks - public and private networks alike. Toward the end of the book we shift our focus to modern security controls that will work in the presence of the modern adversary. The truth is always more complicated. Throughout my journey I'll be creating book/course reviews, tutorials, and pretty much anything else I find interesting in the tech world. The extensive nature of the vulnerabilities that can manifest with ease from web applications dictate that we focus the attention of an entire module on web application security concepts. This is the old tool, new version/video here: https://youtu.be/bHpkTArlXWc Xenocrates is an indexing tool for GIAC certification examinations. He also mixes in humour and shares a bit of his professional experiences surrounding the top… This article provides instructions on how to determine if you have both a 64-bit CPU and OS. Additionally, certain classes are using an electronic workbook in addition to the PDFs. Module 2: Defensible Network Architecture. Note: Apple computers with the M1 processor (Apple Silicon) are NOT supported for use in class. Multi-Step Process for Handling an Incident. In this module, we'll discuss solutions for achieving our primary goals for using cryptography: protection of data in transit and protection of data at rest. 3) Take your time and read the question...I know Microsoft technologies but the way SANS does it may be different so even if you thing you know it double check your answer. By the end of this section, you will understand Defensible Network Architecture, Protocols and Packet Analysis, Network Device Security, Virtualization and Cloud, and Wireless Network Security. The truth is that we now live in a world of ever-increasing security capability, AND ever-increasing compromise. Apply what you learn directly to your job when you go back to work, Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise, Run Windows command line tools to analyze a system looking for high-risk items, Utilize Linux command line tools and basic scripting to automate the running of programs to perform continuous monitoring of systems, Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness, Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, configure the system to be more secure, Build a network visibility map that can be used for hardening of a network - validating the attack surface and determining the best methodology to reduce the attack surface through hardening and patching. While SEC301 is not a prerequisite for SEC401, it will provide the introductory knowledge to help maximize the experience with SEC401. Monolithic Architecture and Security Controls, Module 17: Security Operations and Log Management. A related discipline called steganography, or information hiding, is also covered. The labs reinforce the skills covered in class and enable students to use the knowledge and tools learned throughout the course in an instructor-led environment. If there were compromised systems on your network, are you confident that you would be able to find them? Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course. The methodology of an appropriate incident response is the subject of our final module of Day 3. Last, but certainly not least, all of the above wouldn't be as useful without applying the knowledge in our extensive hands-on lab-based environment. There can be a lot of misunderstanding as to what security benefits are truly afforded by the use of containers, and the potential security issues that might manifest within containers themselves. Unfortunately, not all attacks will be prevented, and as such, they must be detected it in a timely manner. Together, they provide a complement of prevention and detection capabilities. - study material from older SEC401 courses (this one may not be so helpful since specifics within the course and exam content changes frequently) - use learning platforms like Cybrary, ImmersiveLabs etc. The media files for class can be large, some in the 40 - 50 GB range. Being able to apply the concepts of 'knowing' our network, and how network operations are performed, will allow us to baseline 'normal'. Each day of SEC401 is built on a foundation of how to apply key topics and concepts in real-world application. You must also have a minimum of 8 GB of RAM or higher for the virtual machines to function properly. What I liked was that SANS provides an index in the back of book 6 so you don’t need to start from scratch. Once an adversary is inside the environment, damage will occur. We do so by leveraging the Center for Internet Security (CIS) controls to help prioritize our risk reduction activities and gather metrics as we construct our security roadmap. Windows XP desktops in a little workgroup...what could be easier? @scottalanmiller said in SANS SEC401: Security Essentials - alternatives?. Students will have the opportunity to install and configure a virtual lab environment and will utilize the tools and techniques that have been presented. The importance of segmentation and isolation techniques cannot be understated. SEC401 will provide you with real-world, immediately actionable knowledge and information, to put you and your organization on the best footing possible to counter the modern adversary. The CIS controls were created to help organizations prioritize the most critical risks they face. Be sure to go through the labs until you don't have to do the step-by-step. You will complete the section with a solid grounding in Windows security by looking at automation, auditing, and forensics. Because cloud computing is architected on virtualization, the module concludes with an extensive discussion of what cloud is (public and private cloud), how it works, the services made available by public cloud, and related security concepts. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. Remember when Windows was simple? 5 hours 3. In this module we discuss the various types of isolation techniques: Chroot, virtualization, and containers. The most commonly discussed aspect of defense-in-depth is predicated on access controls. Windows is the most widely used and targeted operating system on the planet. Defending against attacks is an ongoing challenge, with new threats emerging all the time, including the next generation of threats. How we achieve such a capacity is the subject of our penultimate module: Security Operations and Log Management. ... SEC401 GSEC Review – … We look at security threats and how they have impacted confidentiality, integrity, and availability. Concur with @MrsWilliams - an index is key to all GIAC exams. In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Penetration testing is often discussed in concert with vulnerability assessment, even though vulnerability assessment and penetration testing are quite distinct from each other. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS). I do not have much technical IT experience, and this will be my first exam attempt and certification. Steganography can be used for a variety of reasons but is most often is used to conceal the fact that sensitive information is being sent or stored. Module 10: Center for Internet Security (CIS) Controls. If you are paying out of pocket, I would suggest self-studying for CompTIA’s Security+. On initial glance, an increase in compromise might be attributed to having more systems than ever before connected to more and more computer networks. I pick up material faster by reviewing new topics via video. SEC401: Security Essentials Bootcamp Style consists of course instruction and integrated hands-on sessions. Mandatory Laptop Requirements / Checklist. It provides the background concepts necessary to understand everything else that follows. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Windows 8 will be used as the base operating system for you laptop. You do know that you can bring your books with you into the examination, correct? Join the SANS Community to receive the latest curated cybersecurity news, vulnerabilities, and mitigations, training opportunities, plus our webcast schedule. ", "Bryan Simon's knowledge and personal experience continue to astound me. While not required, it is recommended that students take SANS's SEC401: Security Essentials course or have the skills taught in that class. We'll also briefly discuss Group Policy Objects (GPOs) and the many security configuration changes that they can help to enforce throughout the domain. As Syslog continues to age it may end up being unable to provide the logging features that modern-day cyber defense might demand. Your laptop should NOT contain any personal or company data. One thing I did not like about the practice exams, is that once it was over, you are not able to review the test…you will need to write down what you got wrong while taking the test. I have read so many great things about SANS material and how their certification exams are open book, so I was very excited to get started and see what all the fuss was a … TOPICS: 20 critical controls defense in depth giac gsec sans sec 401 security. Security incidents can lead to (among other things) unintentional information disclosure, data leakage, information leakage and data spill. I have read so many great things about SANS material and how their certification exams are open book, so I was very excited to get started and see what all the fuss was a about. This naturally leads to a discussion on Data Loss Prevention techniques. Test your security knowledge with our free SANS Security Essentials Assessment Test. It is essential to understand attacks, the vulnerability behind those attacks, and how to prioritize the information and steps to secure the systems. Sniff network communication protocols to determine the content of network communication (including unprotected access credentials), using tools such as tcpdump and Wireshark. A discussion of identity and access management naturally leads to a conversation on authentication and password security. We'll look at some of the most important changes to make through the use of this tool, such as password policy, lockout policy, and null user session restrictions. Module 12: Security Plans and Risk Management. These essentials and more will be covered during the first section of this course in order to provide a firm foundation for the remaining sections of this training. If you are new to security, then I would definitely recommend this course if your company is going to foot the bill. During the course students will receive a USB with two virtual machines; it is critical that you have a properly configured system prior to class. We'll describe these attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks. See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140. Your course media will now be delivered via download. The right length is the one with which you feel comfortable. In this module we will take a look at the Marriott breach (a breach that compromised millions of people globally), as well as ransomware attacks that continue to cripple hundreds of thousands of systems across different industries. Module 24: Windows Security Infrastructure. I chose to include the glossary even though it is in the back of book six for the fact that I do not want to be flipping books too much during the test . In this module, we discuss the key elements of managing and governing risk within an organization. In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture. Finally, with the third run through, I didn’t necessarily read every word, but I reviewed what I highlighted and decided if it was worth writing down. What we can do for modern authentication is the focus of our discussion on authentication and password security. The role of penetration testing is well-understood by the majority of organizations and gave birth to newer testing techniques such as Red Teaming, Adversary Emulation, and Purple Teaming. My index includes five sections: The SANS SEC401 Books 1-6, Commands Index, Tools Index, Bonus Material, and Glossary of Terms/Acronyms. We will learn how to identify a risk, quantify and assess the probability of the risk, and leverage the classification of an asset to determine impact. SEC401 is 6 books not including the lab book. Assess your skill level in Cyber Security. This module introduces the core areas of computer networks and protocols. Prior to coming to class you need to download and install the latest version of Kali Linux and VMware Player on your Windows 8 system. This module starts with a quick comparison of the Android and iOS mobile operating systems and what makes them so different. Containers are a relatively new concept (as applied to information security perspectives). Use this justification letter template to share the key details of this training and certification opportunity with your boss. If having more systems connected to more networks results in more compromise, we are in serious trouble. Security is all about making sure you focus on the right areas of defense (especially as applied to the uniqueness of YOUR organization). I knocked out the 25+ hours of video within the first week (tip: play the video at x1.25 or x1.50 to save you some time). The GIAC GSEC exam is one of the more popular exams that GIAC is offering. In implementing security, it is important to have a framework with proper metrics. The module includes a brief discussion on authentication and authorization protocols and control. Arguably it is one of the more technically challenging days of the six day course – for those who don’t have a background in networking that is. Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.