Provided by Sans

About the course

To determine if SANS SEC301: Introduction to Cyber Security is right for you, ask yourself five simple questions:

• Do you have basic computer knowledge, but are new to cyber security and in need of an introduction to the fundamentals?
• Are you bombarded with complex technical security terms that you don't understand?
• Are you a non-IT security manager who lays awake at night worrying that your company will be the next mega-breach headline story on the 6 o'clock news?
• Do you need to be conversant in basic security concepts, principles, and terms, even if you don't need "deep in the weeds" detail?
• Have you decided to make a career change to take advantage of the job opportunities in cyber security and need formal training and certification?

If you answer yes to any of these questions, the SEC301: Introduction to Cyber Security training course is for you. Students with a basic knowledge of computers and technology but no prior cyber security experience can jump-start their security education with insight and instruction from real-world security experts in SEC301.

This completely revised and comprehensive five-day course covers a wide range of baseline topics, including terminology, the basics of computer networks, security policies, incident response, passwords, and even an introduction to cryptographic principles. The hands-on, step-by-step learning format will enable you to grasp all the information presented even if some of the topics are new to you. You'll learn fundamentals of cyber security that will serve as the foundation of your security skills and knowledge for years to come.

Written by a security professional with over 30 years of experience in both the public and private sectors, SEC301 provides uncompromising real-world insight from start to finish. The course prepares you for the Global Information Security Fundamentals (GISF) certification test, as well as for the next SANS course in this progression, SEC401: Security Essentials Bootcamp Style. It also delivers on the SANS promise: You will be able to use the knowledge and skills you learn in SEC301 as soon as you return to work.

Important additional Information:

• You will receive approximately 15 pounds of books as part of this training. If you are traveling to a training event from out of town, expect your luggage to be heavier on your return trip. Shipping facilities (FedEx, UPS, etc.) may not be available.
• When making plans to fly home, do not expect the course to end early on the final day. It is common for Day 5 of the SEC301 course to end at 5pm.

Course Syllabus

SEC301.1: Security's Foundation

Overview

Every good security practitioner and every good security program begins with the same mantra: learn the fundamentals. SEC301 starts by instilling familiarity with core security terms and principles. By the time you leave the classroom after the first day, you will fully understand the Principle of Least Privilege and Confidentiality, Integrity, Availability (CIA), and you'll see why those principles drive all security discussions. You will be conversant in the fundamentals of risk management, security policy, and authentication/authorization/accountability.

Exercises

• Lab - Introduction of the "Lab On Demand System" (LODS) Used for the Lab Environment Throughout the Course. We will ensure that students can access the LODS environment - it will be necessary to be able to disable any VPN software on your system to access the environment in the classroom. We also ensure students know how to use the LODS lab environment to ensure success in completing labs throughout the course. Also, students receive a course USB thumb drive on day one of the class. This drive gives students access to videos of the course author performing the labs and explaining each step. It also contains quizzes that students can take as many times as they like for each module of the course (students take the first quiz via the LODS). There are also additional files on the thumb drive that students may find useful.

NOTE: We do not give time in class to watch the videos or complete the quizzes. These are extra activities students can do outside of class. If you think you may want to view the videos during the week of the course (perhaps during breaks), please bring ear-buds or headphones so that you do not distract other students with the audio.

• Lab - Building Better Passwords: We'll use a tool that shows how long it takes to compromise various passwords via a brute force attack. The emphasis of the lab is on how to help your entire organization, yourself, your users, your family, and your friends choose better, stronger, and easier-to-use passwords.

SEC301.2: Computer Functions and Networking

Overview

This course day begins with an explanation of how computers handle numbers using decimal, binary, and hexadecimal numbering systems. It also provides an understanding of how computers encode letters using the American Standard Code for Information Interchange (ASCII).

We then spend the remainder of the day on networking. All attacks or exploits have one thing in common: they take something that exists for perfectly valid reasons and misuse it in malicious ways. Always! So as security practitioners, to grasp what is invalid we must first understand what is valid - that is, how things like networks are supposed to work. Only once we have that understanding can we hope to understand the mechanics of malicious misuse of those networks - and only with that knowledge can we understand how security devices such as firewalls seek to thwart those attacks.

The networking discussion begins with a non-technical explanation of how data move across a network. From there we move to fundamental terminology dealing with network types and standards. You'll learn about common network hardware such as switches and routers, and terms like "protocol" and "encapsulation." We'll give a very basic introduction to network addressing and port numbers and then work our way up the Open Systems Interconnection (OSI) protocol stack, introducing more detail only as we proceed to the next layer. In other words, we explain networking starting in non-technical terms and gradually progress to more technical detail as students are ready to take the next step.

By the end of our discussions, you'll have a fundamental grasp of any number of critical technical networking acronyms that you've often heard but never quite understood, including TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS.

Exercises

• Lab - Computer Number Conversions: Apply the knowledge you have learned to convert decimal numbers to binary, binary numbers to hexadecimal, etc. We'll also turn a string of binary numbers into readable ASCII text.
• Lab - Networking: Use several network tools that are built into the Windows Operating System to determine your network settings, and discover if Network Address Translation (NAT) is being used inside the classroom.

SEC301.3: An Introduction to Cryptography

Overview

Cryptography is one of the most complex issues faced by security practitioners. It is not a topic you can explain in passing, so we will spend some time on it. Not to worry, we won't take you through the math behind cryptography. Instead, we learn basic crypto terminology and processes. What is steganography? What is substitution and transposition? What is a "work factor" in cryptography and why does it matter? What do we mean by symmetric and asymmetric key cryptography and "cryptographic hash," and why do you need to know? How are those concepts used together in the real world to create cryptographic systems?

Exercises

• Lab - Crypto by Hand: Apply the knowledge and skills you've learned to encrypt information using mono and poly alphabetic ciphers and gain a better understanding of triple encryption (as used by Triple DES).
• Lab - Visual Crypto: Observe the encryption process that occurs by turning plaintext (what you can read) into ciphertext (what you cannot read) in real time. Increase your understanding of what "randomness in ciphertext" truly means and why it matters. See the ciphertext turned back into plaintext.

SEC301.4: Cyber Security Technologies - Part 1

Overview

Our fourth day in the classroom begins our exploration of cyber security technologies. We begin with wireless network security (WiFi and Bluetooth), and mobile device security (i.e., cell phones). We follow that with a brief look at some common attacks. We then move into a discussion of malware and anti-malware technologies. We end the day with an examination of several data protection protocols used for email encryption, secure remote access, secure web access, secure file transfer, and Virtual Private Network (VPN) technologies.

Exercises

• Lab - Configure a Wireless Access Point (also known as a Wireless Router). Students go through the steps of configuring a wireless access point from its default insecure state to a locked-down state. Industry best practices dictate the final settings. Students can take these lab instructions home or to work and apply them with some necessary modification given their device manufacturer.
• Lab - Run the Anti-malware Scanner "Malwarebytes" on a Virtual Machine Running within LODS. Discover active malware and remove it from the system. Also discover Potentially Unwanted Programs (PUPs) that are, in reality, authorized software. Whitelist the PUPs so they stop showing up in the scan results.

SEC301.5: Cyber Security Technologies - Part 2

Overview

The final day of our SEC301 journey continues the discussion of cyber security technologies. The day begins by looking at several security technologies, including compartmentalization, firewalls, Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS), sniffers, content filters, etc. We then take a good look at browser and web security, and the difficulties of securing the web environment. For example, students will understand why and how their browser connects to anywhere from 5 to 100 different Internet locations each time they load a single web page. We end the day with a look at system security to include hardening operating systems, patching, virtual machines, cloud computing, and backup.

Exercises

• Lab - Firewall Configuration with Firewall Builder. Students utilize an open-source tool called "Firewall Builder" to create a simple yet fully functional firewall configuration. The lab not only explains how to build each of the rules but also and more importantly explains WHY you build each rule.

Who Should Attend

The SEC301: Introduction to Cyber Security course is designed to address the needs of:

• Anyone new to cyber security and in need of an introduction to the fundamentals of security
• Those who feel bombarded with complex technical security terms they don't understand, but want to understand
• Non-IT security managers who deal with technical issues and understand them and who worry their company will be the next mega-breach headline story on the 6 o'clock news
• Professionals with basic computer and technical knowledge in all disciplines who need to be conversant in basic security concepts, principles, and terms, but who don't need "deep in the weeds" detail
• Those who have decided to make a career change to take advantage of the job opportunities in cyber security and need formal training and certification

Prerequisites

• SEC301 assumes basic knowledge of computers and technology
• SEC301 makes no assumptions regarding prior security knowledge
• We assume that students understand the basic functions of a computer and how to use one:
  • We assume students already know how to open and operate a web browser, copy a file from one location to another, and perform other basic computer user functions

Why Take This Course?

Why Choose a SANS Course?

The SEC301 course lives up to its name as a thorough introduction to cyber security. The course is designed for those who have limited background in information technology, but who need to understand cyber security concepts, principles, and terms. If you fall into that category, SEC301 will serve your needs well.

Which SANS Course Is Right for You?

SANS301 is the course SANS offers for the professional just starting out in security.

What You Will Receive with This Course

• Course books covering each of the five days of class
• A lab workbook with detailed instructions and explanations of labs
• Video of each lab
• MP3 audio files of the complete course lecture
• Quizzes for each module
• Extra materials as selected by the course author

You Will Be Able To

• Communicate with confidence regarding information security topics, terms, and concepts
• Understand and apply the Principles of Least Privilege
• Understand and apply the Confidentiality, Integrity, and Availability (CIA) Triad
• Build better passwords that are more secure while also being easier to remember and type
• Grasp basic cryptographic principles, processes, procedures, and applications
• Understand computer network basics
• Have a fundamental grasp of any number of critical technical networking acronyms, including TCP/IP, IP, TCP, UDP, MAC, ARP, NAT, ICMP, and DNS
• Utilize built-in Windows tools to see your network settings
• Recognize and be able to discuss various security technologies, including anti-malware, firewalls, and intrusion detection systems, content filters, sniffers, etc.
• Build a simple, but fully functional firewall configuration
• Secure your browser using a variety of security plug-ins
• Secure a wireless access point (also known as a wireless router)
• Scan for malware, clean malware from a system, and whitelist legitimate software identified by an anti-malware scanner as "potentially unwanted".
• Access a number of websites to better understand password security, encryption, phishing, browser security, etc.

What Courses to Take Next

The SANS courses SEC401, LEG523, and MGT512 are good follow-ups to SEC301.