SANS SECURITY 502 - Perimeter Protection In-Depth
English | ISO | 1.33GB
SANS SECURITY 502 is the course for GIAC Certified Firewall Analyst (GCFW). This is contains MP3 audio recordings, and Tools CD used in the course.
There is no single fix for securing your network. That's why this course is a comprehensive analysis of a wide breath of technologies. In fact, this is probably the most diverse course in the SANS catalog, as mastery of multiple security techniques are required to defend your network from remote attacks. You cannot just focus on a single OS or security appliance. A proper security posture must be comprised of multiple layers. This course was developed to give you the knowledge and tools necessary at every layer to ensure your network is secure.
The course starts by looking at common problems we need to resolve. Is there traffic passing by my firewall I didn't expect? How did my system get compromised when no one can connect to it from the Internet? Is there a better solution than anti-virus for controlling malware? We'll dig into these questions and more and answer them.
We spend quite a bit of time learning about IP. Sure we all know how to assign an IP address, but to secure your network you really need to understand the idiosyncrasies of the protocol. We'll talk about how IP works and how to spot the abnormal patterns. If you can't hear yourself saying "Hummm, there are no TCP options in that packet. it's probably forged," then you'll gain some real insight from this portion of the material.
Once you have an understanding of the complexities of IP, we'll get into how to control it on the wire. Rather than trying to tell you what are good and bad products, we focus on the underlying technology used by all of them. This is extremely practical information because a side-by-side product comparison is only useful for that specific moment in time. By gaining knowledge of what goes on under the cover you will empowered to make good product choices for years to come. Just because two firewalls are stateful inspection, do they really work the same on the wire? Is there really any difference between stateful inspection and network-based intrusion prevention, or is it just marketing? These are the types of questions we address in this portion of the course.
From there, it's a hands-on tour through how to perform a proper wire-level assessment of a potential product, as well as what options and features are available. We'll even get into how to deploy traffic control while avoiding some of the most common mistakes. Feel like your firewall is generating too many daily entries for you to review the logs effectively? We'll address this problem not by reducing the amount of critical data, but by streamlining and automating the backend process of evaluating it.
But you can't do it all on the wire. A proper layered defense needs to include each individual host - not just the hosts exposed to access from the Internet, but hosts that have any kind of direct or indirect Internet communication capability as well. We'll start with OS lockdown techniques and move on to third party tools that can permit you to do anything from sandbox insecure applications to full-blown application policy enforcement.
Most significantly, I've developed this course material using the following guiding principals:
* Learn the process, not one specific product.
* You learn more by doing, so hands-on problem solving is key.
* Always peel back the layers and identify the root cause.
While technical knowledge is important, what really matters are the skills to properly leverage it. This is why the course is heavily focused on problem solving and root cause analysis. While these are usually considered soft skills, they are vital to being effective in the role of security architect. So along with the technical training, you'll receive risk management capabilities and even a bit of Zen empowerment.
Who has taken this class and found it to be valuable?
* Information security officers
* Intrusion analysts
* IT managers
* Network architects
* Network security engineers
* Network and system administrators
* Security managers
* Security analysts
* Security architects
* Security auditors
More info:
_http://www.sans.org/security-training/perimeter-protection-in-depth-17-mid
| 
Comments (0)
All
