SEC401: Security Essentials - Network, Endpoint and Cloud

Overview

Master the effective steps to prevent attacks and detect adversaries with actionable techniques that can be used once you get onboarded to work. Gain tips and tricks designed to help you win the battle against the wide range of cyber adversaries.

Today, timely detection and response is critical. The longer an adversary remains undetected, the greater the devastation and damage done. The most important question in information security is, "How quickly can we detect, respond, and remediate an adversary?"

Information security ensures you focus on the right areas of defence, especially when applied to your organisation. In this programme, you will learn the language and foundational principles of computer and information security, and how best to apply them to your unique needs. Gain essential and effective security knowledge crucial for securing systems or organisations when entrusted with that responsibility. Whether you are new to information security or a seasoned practitioner with a specialised focus, this programme will show you how to directly apply the concepts learned into a winning defensive strategy, all in the terms of the modern adversary.

Key Takeaways

• Address high-priority security problems
• Leverage the strengths and differences among the top three cloud providers (AWS, Microsoft Azure, and Google Cloud Platform)
• Build a network visibility map to validate the attack surface
• Reduce your organisation's attack surface through hardening and configuration management

• The core areas of cybersecurity and how to create a security program that is built on a foundation of Detection, Response, and Prevention
• Practical tips and tricks that focus on addressing high-priority security problems within your organisation and doing the right things that lead to security solutions that work
• How adversaries adapt tactics and techniques, and importantly how to adapt your defence accordingly
• What ransomware is and how to better defend against it
• How to leverage a defensible network architecture (VLANs, NAC, and 802.1x) based on advanced persistent threat indicators of compromise
• The Identity and Access Management (IAM) methodology, including aspects of strong authentication (Multi-Factor Authentication)
• How to leverage the strengths and differences among the top three cloud providers (Amazon, Microsoft, and Google), including the concepts of multi-cloud
• How to identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, configure the system to be more secure (realistic and practical application of a capable vulnerability management program)
• How to conceptualise network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
• How to use Windows, Linux, and macOS command line tools to analyse a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
• How to build a network visibility map that can be used to validate the attack surface and determine the best methodology to reduce the attack surface through hardening and configuration management
• Why some organisations win and why some lose when it comes to security, and essentially, how to be on the winning side

With the rise in advanced persistent threats, it is inevitable that organisations will be targeted. Defending against attacks is an ongoing challenge, with new threats emerging all the time. To be successful in defending an environment, organisations need to understand what really works in cybersecurity. What has worked - and will always work - is taking a risk-based approach to cyber defence.

Who Should Attend

• Please refer to the job roles section.
• Security professionals who want to fill the gaps in their understanding of technical information security.
• Managers who want to understand information security beyond simple terminology and concepts.
• Operations personnel who do not have security as their primary job function but need an understanding of security to be effective.
• IT engineers and supervisors who need to know how to build a defensible network against attacks.
• Administrators responsible for building and maintaining systems that are being targeted by attackers.
• Forensic specialists, penetration testers, and auditors who need a solid foundation of security principles to be as effective as possible at their jobs.
• Anyone new to information security with some background in information systems and networking.

Prerequisites

This programme covers all the core areas of security and assumes a basic understanding of technology, networks, and security.

What To Bring

Please remember to bring along your own system configured according to the instructions below.

• A properly configured system (meeting all the below specifications) is required to fully participate in this programme.
• Back up your system before programme starts. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY SEC401 SYSTEM HARDWARE REQUIREMENTS

• CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this programme.
• CRITICAL: Apple systems using the M1/M2 processor line cannot perform the necessary virtualisation functionality and therefore cannot in any way be used for this programme.BIOS settings must be set to enable virtualisation technology, such as "Intel-VTx" or "AMD-V" extensions. Be certain you can access your BIOS if it is password protected in case changes are necessary.16GB of RAM or more is required.100GB of free storage space or more is required.At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before programme.Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

MANDATORY SEC401 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS

Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer

• Fully update your host operating system prior to the  to ensure you have the right drivers and patches installed.Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the programme materials and/or VMs.
• Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the programme, then you should plan to bring a different laptop.
• You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our programmes require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
• Any filtering of egress traffic may prevent accomplishing the labs in your programme. Firewalls should be disabled, or you must have the administrative privileges to disable it.
• Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to programme beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless experience.
• On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your programme materials.
• Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded programme materials.
• Your programme media is delivered via download. The media files for programme can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your programme media downloads as soon as you get the link. You will need your programme media immediately on the first day of programme. Do not wait until the night before programme to start downloading these files.
• Your programme materials include a "Setup Instructions" document that details important steps you must take before you travel to a live programme event or start an online programme. It may take 30 minutes or more to complete these instructions.

Your programme uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping programme materials visible while you are working on your programme's labs.