Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification. In this course you will learn the language and underlying theory of computer security. At the same time you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations. This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work; and, (2) You will be taught by the best security instructors in the industry. As always, great teaching sets SANS courses apart, and SANS ensures this by choosing instructors who have ranked highest in a nine-year competition among potential security faculty.

SPECIAL NOTE: This course is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC).

Test your security knowledge with our SANS Security Essentials Assessment Test. Get your free test at https://portal.sans.org/assessments/

A key way attackers gain access to a company's resources is through a network connected to the Internet. A company wants to try to prevent as many attacks as possible; but in cases where it cannot prevent an attack, it must detect it in a timely manner. Therefore, an understanding of how networks and the related protocols like TCP/IP work is critical to being able to analyze network traffic and determine hostile traffic. It is just as important to know how to protect against these attacks using devices such as routers and firewalls. These essentials, and more, will be covered to provide a firm foundation for the consecutive days training.

In order to secure an enterprise network, you must have an understanding of the general principles of network security. In this course, you will learn about six key areas of network security. The day starts with information assurance foundations, where students look at both current and historical computer security threats, and how they have impacted confidentiality, integrity and availability. The first half of the day also covers the instruction for creating sound security policies and password management, including tools for password strengths on both Unix and Windows platforms. The second half of the day is spent on understanding the information warfare threat and the six steps of incident handling. The day draws to a close by looking at what can be done to test and protect a web server in your company.

Military agencies, banks and retailers offering electronic commerce programs, and dozens of other types of organizations are demanding to know what threats they are facing and what they can do to alleviate those threats. In this course, you will obtain a roadmap that will help you understand the paths available to organizations that are considering or planning to deploy various security devices and tools such as intrusion detection systems and firewalls. The course goes beyond the narrow technical view and offers a full context for the deployment of these promising new technologies. When it comes to securing your enterprise, there is no single technology that is going to solve all of a company's security issues. However, by implementing an in-depth defense strategy that includes multiple defensive measures, you can go a long way in securing your enterprise. Each section in this course covers one tool that will play a part in a company's overall information assurance program.

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies use it. This technology is encryption. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. Day 4 looks at various aspects of encryption and how it can be used to secure a company's assets. A related area called steganography, or information hiding, is also covered. Wireless is becoming a part of most modern networks but they are often implemented in a non-secure manner. Security issues associated with wireless and what can be done to protect these networks will also be discussed. This section finishes by tying all of the other pieces together by looking at Operations Security.

Windows is the most widely used and hacked operating system on the planet, and IIS is every hacker's "favorite" web server. Additionally, Windows 2000, Windows XP, Windows 2003 and Active Directory have dramatically changed the Windows landscape. The simple days of Windows 98 desktops and Windows NT 4.0 domains are gone. This section will quickly get you on top of the security changes in the new post-NT Microsoft world, and show the tools you can use to simplify and automate your work. You will complete the day with a solid grounding in Windows 2000/XP/2003 security.

Based on industry consensus standards, this course provides step-by-step guidance on improving the security of any Unix operating system. The course combines practical "how to" instructions with background information for Unix beginners and security advice and "best practices" for administrators of all levels of expertise.