SEC401: SANS Security Essentials: GSEC

Network, Endpoint and Cloud

Security Essentials
giac.org/gsec

6 46 Laptop This course will show you the most effective steps to prevent attacks and detect
Required
Day Program CPEs adversaries with actionable techniques that can be used as soon as you get back to
work. You’ll learn tips and tricks designed to help you win the battle against the wide
You Will Be Able To range of cyber adversaries that want to harm your environment.
• Understand the core areas of cybersecurity and Organizations are going to be targeted, so they must be prepared for eventual
how to create a security program that is built on a
compromise. Today more than ever before, TIMELY detection and response is critical. The
foundation of Detection, Response, and Prevention
longer an adversary is present in your environment, the more devastating and damaging
• Apply practical tips and tricks that focus on
addressing high-priority security problems within the impact becomes. The most important question in information security may well be,
your organization and doing the right things that “How quickly can we detect, respond, and REMEDIATE an adversary?”
lead to security solutions that work
• Understand how adversaries adapt tactics and Information security is all about making sure you focus on the right areas of defense,
techniques, and importantly how to adapt your especially as applied to the uniqueness of YOUR organization. In SEC401 you will learn
defense accordingly the language and underlying workings of computer and information security, and how
• Know what ransomware is and how to better best to apply them to your unique needs. You will gain the essential and effective
defend against it
security knowledge you will need if you are given the responsibility to secure systems
• Leverage a defensible network architecture (VLANs,
NAC, and 802.1x) based on advanced persistent and/or organizations.
threat indicators of compromise
Whether you are new to information security or a seasoned practitioner with a
• Understand the Identity and Access Management specialized focus, SEC401 will provide the essential information security skills and
(IAM) methodology, including aspects of strong
authentication (Multi-Factor Authentication) techniques you need to protect and secure your organization’s critical information and
• Leverage the strengths and differences among the technology assets, whether on-premise or in the cloud. SEC401 will also show you how to
top three cloud providers (Amazon, Microsoft, and directly apply the concepts learned into a winning defensive strategy, all in the terms of
Google), including the concepts of multi-cloud
the modern adversary. This is how we fight; this is how we win!
• Identify visible weaknesses of a system using
various tools and, once vulnerabilities are
discovered, configure the system to be more Is SEC401: Security Essentials: Network, Endpoint, and Cloud
secure (realistic and practical application of a the right course for you?
capable vulnerability management program)
• Sniff network communication protocols to
Ask yourself the following questions:
determine the content of network communication • Do you fully understand why some organizations become compromised and others
(including access credentials) using tools such as
tcpdump and Wireshark do not?
• Use Windows, Linux, and macOS command line • If there were compromised systems on your network, are you confident that you
tools to analyze a system looking for high-risk would be able to find them?
indicators of compromise, as well as the concepts
of basic scripting for the automation of continuous • Do you understand the effectiveness of each security control and are you certain
monitoring that they are all configured correctly?
• Build a network visibility map that can be used to • Are the proper security metrics set up and communicated to your executives to help
validate the attack surface and determine the best
methodology to reduce the attack surface through drive the best security decisions?
hardening and configuration management
SEC401 provides the information security knowledge necessary to help you answer these
• Know why some organizations win and some lose
when it comes to security, and most importantly, questions, delivered in a bootcamp-style format and reinforced with hands-on labs.
how to be on the winning side

“SEC401 gives you a fantastic knowledge base to build on,

and I would say it’s essential for anyone working in cybersecurity.”
— Thomas Wilson, Agile Systems

• Watch a preview of this course

sans.org/sec401 • Discover how to take this course: Online, In-Person
Section Descriptions

SECTION 1: Network Security & Cloud SECTION 2: Defense-in-Depth Who Should Attend
Essentials This course section looks at the “big picture” threats to • Security professionals who want to fill the
our systems and how to defend against them. You will gaps in their understanding of technical
A typical way attackers gain access to a company’s
learn that protections need to be layered, leveraging information security
resources is through a network connected to the
Internet. Organizations try to prevent as many attacks a principle called defense-in-depth. Starting with • Managers who want to understand
as possible, but since not all attacks will ultimately be information assurance foundations, we will move into information security beyond simple
prevented, they must be detected in a timely manner. identity and access management (IAM), then progress to terminology and concepts
Therefore, an understanding of and ability to create modern security controls that work in the presence of an • Operations personnel who do not have
and identify the goals of building a defensible network adversary and conclude with the benefits (and security security as their primary job function but
architecture are critical. A defensible network would not risks) of mobile devices ranging from Bring Your Own need an understanding of security to be
be complete without an in-depth understanding of what Device (BYOD) to Mobile Device Management (MDM). effective
the cloud is and, more importantly, the security abilities TOPICS: Defense-in-Depth; Identity and Access • IT engineers and supervisors who need to
(and related concerns) of the cloud that must also be Management (IAM); Critical Controls; Authentication know how to build a defensible network
taken into account. It is just as important to know and and Password Security; Security Frameworks; Data Loss against attacks
understand the architecture of the system, types of Prevention; Mobile Device Security
• Administrators responsible for building and
designs, communication flow and how to protect against
maintaining systems that are being targeted
attacks using devices such as routers and firewalls.
SECTION 4: Data Security Technologies by attackers
These essentials, and more, will be covered in this first
section in order to provide a firm foundation for the There is no silver bullet when it comes to security. • Forensic specialists, penetration testers,
consecutive sections of training. However, there is one technology that would help solve and auditors who need a solid foundation
a lot of security issues, though few companies deploy it of security principles to be as effective as
TOPICS: Defensible Network Architecture; Protocols and possible at their jobs
correctly. This technology is cryptography. Concealing the
Packet Analysis; Virtualization and Cloud Essentials;
meaning of a message can prevent unauthorized parties • Anyone new to information security with
Securing Wireless Networks
from reading sensitive information. This course section some background in information systems and
looks at various aspects of encryption and how it can be networking
SECTION 3: Vulnerability Management and used to secure a company’s assets. A related area called
Response steganography, or information hiding, is also covered.

Vulnerabilities represent weaknesses that adversaries TOPICS: Cryptography; Cryptography Algorithms and
exploit. In this section you will discover various areas Deployment; Applying Cryptography; Network Security
where vulnerabilities arise. The section begins with
vulnerability assessments and penetration testing, then
Devices; Endpoint Security
GSEC
Security Essentials
move into attack methodologies and conclude with how SECTION 6: Linux, Mac and Smartphone giac.org/gsec
to create a proper response plan.
Security
TOPICS: Vulnerability Assessments; Penetration Testing;
Attacks and Malicious Software; Web Application
While organizations do not have as many Linux systems, GIAC Security Essentials
those that they do have are often some of the most
Security; Security Operations and Log Management; The GIAC Security Essentials (GSEC)
critical systems that need to be protected. This final
Digital Forensics and Incident Response certification validates a practitioner’s
section focuses on the practical guidance necessary
knowledge of information security beyond
to improve the security of any Linux system. The day
simple terminology and concepts. GSEC
SECTION 5: Windows and Azure Security combines practical “how to” instructions with background
certification holders are demonstrating that
Remember when Windows was simple? Windows XP information for Linux beginners, as well as security advice
they are qualified for hands-on IT systems
desktops in a little workgroup…what could be easier? and best practices for administrators with various levels
roles with respect to security tasks.
A lot has changed over time. Now, we have Windows of expertise. You will learn what containers are, what they
do and best practices for their management. Next you • Active defense, defense in depth, access
tablets, Azure, Active Directory, PowerShell, Office 365, control and password management
Hyper-V, Virtual Desktop Infrastructure (VDI), and so will learn about Linux and UNIX concepts, discuss AWS
on. Microsoft is battling Google, Apple, Amazon.com, in relation to Microsoft Azure and end the course with a • Cryptography: basic concepts, algorithms and
and other cloud giants for supremacy. The trick is to through review of Apple’s MacOS. deployment, and application
do it securely, of course. Windows is the most widely- TOPICS: Linux Fundamentals: Linux Security • Defensible network architecture, networking
used and targeted operating system on the planet. At Enhancements and Infrastructure; Containerized and protocols, and network security
the same time, the complexities of Active Directory, Security; AWS Fundamentals; AWS Security Controls, AWS • Incident handling and response, vulnerability
Public Key Infrastructure, BitLocker, AppLocker, and Hardening; macOS Security scanning and penetration testing
User Account Control represent both challenges and
opportunities. This section will help you quickly master • Linux security: structure, permissions, and
access; hardening nd securing; monitoring
the world of Windows security while showing you the
tools that can simplify and automate your work. You
“Excellent material for security and attack detection; and security utilities
will complete the section with a solid grounding in professionals wanting a deeper level of • Security policy, contingency plans, critical
Windows security by looking at automation, auditing and controls and IT risk management
forensics. knowledge on how to implement security • Web communication security, virtualization
TOPICS: Windows Security Infrastructure; Windows as policies, procedures, and defensive and cloud security, and endpoint security
a Service; Windows Access Controls; Enforcing Security mechanisms in an organization.” • Windows: access controls, automation,
Policy; Microsoft Cloud Computing; Automation, auditing, forensics, security infrastructure,
Logging, and Auditing —B
 randon Smit, Dynetics and securing network services