SEC401: Security Essentials Bootcamp Style

Course Description

A key way that attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible, but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, an understanding and ability to create and identify the goals of building a defensible network architecture are critical. It is just as important to know and understand the architecture of the system, types of designs, communication flow and how to protect against attacks using devices such as routers and firewalls. These essentials, and more, will be covered during 401.1, in order to provide a firm foundation for the consecutive days of training.

Understanding attacks, the vulnerability behind those attacks and how to prioritize the information and steps to secure the systems will be essential. Common attacks occur with web applications, authentication and other forms of communication. It is imperative to gain familiarity with protocols and techniques used to monitor, stop and even perform attacks against systems.

What Do Participants Learn?

• Apply what you learned directly to your job when you go back to work
• Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise
• Run Windows command line tools to analyze the system looking for high-risk items
• Run Linux command line tools (ps, ls, netstat, etc.) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
• Install VMWare and create virtual machines to create a virtual lab to test and evaluate tools/security of systems
• Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness
• Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, cover ways to configure the system to be more secure
• Build a network visibility map that can be used for hardening of a network - validating the attack surface and covering ways to reduce that surface by hardening and patching
• Sniff open protocols like telnet and ftp and determine the content, passwords, and vulnerabilities using WireShark.

Who Should Attend?

Anyone who works in security, is interested in security, or has to understand security should take this course, including:

• Security professionals who want to fill the gaps in their understanding of technical information security
• Managers who want to understand information security beyond simple terminology and concepts
• Operations personnel who do not have security as their primary job function but need an understanding of security to be effective
• IT engineers and supervisors who need to know how to build a defensible network against attacks
• Administrators responsible for building and maintaining systems that are being targeted by attackers
• Forensic analysts, penetration testers, and auditors who need a solid foundation of security principles so they can be as effective as possible at their jobs
• Anyone new to information security with some background in information systems and networking.

What Will the Learning Experience Include?

Phase: 1

Introduce

• Comprehensive pre-program activities include:
• Web-based information forms & surveys completed by attendee.
• Direct consultation with the attendee about the expectations.

• During the training, participants engage in data, activities, and conversations that lead to insight and knowledge.
• Participants learn from expert trainers who have both academic and business experiences.
• Highly applicable training content & instructive activities for adding depth to training topics.
• **A half-day site visit for integrating the experience & plan next steps. Opportunities to provide connections, ideas & support.

Phase: 2

Explore & Practice

Phase: 3

Apply

• Apply & sustain the learning experience by using this ongoing support:
• To ensure participant has new skills or behavior progress.
• Optional, fee-based mentoring & coaching with the trainer.
• Training materials & additional documents (e-books, pdf files, presentations and articles)

• Evaluate your training experience by giving us feedbacks and help us to reach our organizational goals.
• Participant's Evaluation
• Trainer's Evaluation

Phase: 4

EVALUATE