GIAC Security Essentials (GSEC)
What You Will Learn
This course will teach you the most effective steps to prevent attacks and detect adversaries with actionable techniques that can be used as soon as you get back to work. You will learn tips and tricks designed to help you win the battle against the wide range of cyber adversaries that want to harm your environment.
Organizations are going to be targeted, so they must be prepared for eventual compromise. Today more than ever before, TIMELY detection and response is critical. The longer an adversary is present in your environment, the more devastating and damaging the impact becomes. The most important question in information security may well be, “How quickly can we detect, respond, and REMEDIATE an adversary?”
Information security is all about making sure you focus on the right areas of defense, especially as applied to the uniqueness of YOUR organization. In SEC401, you will learn the language and underlying workings of computer and information security, and how best to apply them to your unique needs. You will gain the essential and effective security knowledge you will need if you are given the responsibility to secure systems or organizations.
Whether you are new to information security or a seasoned practitioner with a specialized focus, SEC401 will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud. SEC401 will also show you how to directly apply the concepts learned into a winning defensive strategy, all in the terms of the modern adversary. This is how we fight; this is how we win!
You will learn (applied to on-premise and in the Cloud)
- The core areas of cybersecurity and how to create a security program that is built on a foundation of Detection, Response, and Prevention
- Practical tips and tricks that focus on addressing high-priority security problems within your organization and doing the right things that lead to security solutions that work
- How adversaries adapt tactics and techniques, and importantly how to adapt your defense accordingly
- What ransomware is and how to better defend against it
- How to leverage a defensible network architecture (VLANs, NAC, and 802.1x) based on advanced persistent threat indicators of compromise
- The Identity and Access Management (IAM) methodology, including aspects of strong authentication (Multi-Factor Authentication)
- How to leverage the strengths and differences among the top three cloud providers (Amazon, Microsoft, and Google), including the concepts of multi-cloud
- How to identify visible weaknesses of a system using various tools and, once variabilities are discovered, configure the system to be more secure (realistic and practical application of a capable vulnerability management program)
- How to sniff network communication protocols to determine the content of network communication (including access credentials) using tools such as tcpdump and Wireshark
- How to use Windows, Linux, and macOS command line tools to analyze a system looking for high-risk indicators of compromise, as well as the concepts of basic scripting for the automation of continuous monitoring
- How to build a network visibility map that can be used to validate the attack surface and determine the best methodology to reduce the attack surface through hardening and configuration management
- Why some organizations win and why some lose when it comes to security, and most importantly, how to be on the winning side
With the rise in advanced persistent threats, it is inevitable that organizations will be targeted. Defending against attacks is an ongoing challenge, with new threats emerging all the time, including a next generation of threats. In order to be successful in defending an environment, organizations need to understand what really works in cybersecurity. What has worked – and will always work – is taking a risk-based approach to cyber defense.
SEC401 is an interactive hands-on training course. The following is a sample of the lab activities that students will carry out:
- Set up a virtual lab environment
- Conduct tcpdump network analysis
- Use Wireshark to decode network traffic
- Crack passwords
- Use hashing to verify the integrity of digital evidence
- Analyze networks with hping3 and Nmap
- Secure and audit a Windows system against a security template
“SEC401 covered a very wide range of security technologies, processes, and tools that will really open your eyes. I liked how the course shows that not everything is magic, and packets of data can be interpreted even without fancy tools. The labs were great for demonstrating the concepts, with flawless instruction and seamless packet capture.” – Fei Ma, DESE
What You Will Receive
Course books and labs
TCP IP reference guides
MP3 audio files of the complete course lecture
This course prepares you for the GSEC certification that meets the requirements of the DoD8140 IAT Level 2.
GIAC Security Essentials
The GIAC Security Essentials (GSEC) certification validates a practitioner’s knowledge of information security beyond simple terminology and concepts. GSEC certification holders are demonstrating that they are qualified for hands-on IT systems roles with respect to security tasks.
- Active defense, defense in depth, access control & password management
- Cryptography: basic concepts, algorithms and deployment, and application
- Defensible network architecture, networking & protocols, and network security
- Incident handling & response, vulnerability scanning and penetration testing
- Linux security: structure, permissions, & access; hardening & securing; monitoring & attack detection; & security utilities
- Security policy, contingency plans, critical controls and IT risk management
- Web communication security, virtualization and cloud security, and endpoint security
- Windows: access controls, automation, auditing, forensics, security infrastructure, & securing network services
SEC401 covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, SEC275: Foundations – Computers, Technology and Security or SEC301: Introduction to Cyber Security would be the recommended starting point. While these courses are not a prerequisite for SEC401, they do provide the introductory knowledge to help maximize the experience with SEC401.
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
It is critical that you back-up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.
- Your system must be running either the latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
- Windows Credential Guard must be DISABLED (if running Windows as your host OS)
- Apple computers with the M1 processor (Apple Silicon) are NOT supported for use in class. Apple does not provide support for x86-based virtual machines under its Rosetta 2 x86 translation capability. Apple computers that use Intel processors are not affected by this issue and are still supported for use in-class.
- 64-bit Intel i5/i7 2.0+ GHz processor
- Your system’s processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. To verify on Windows 10, press Windows key + “I” to open Settings, then click “System”, then “About”. Your processor information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click “About this Mac”.
- Enabled “Intel-VT”
- Intel’s VT (VT-x) hardware virtualization technology should be enabled in your system’s BIOS or UEFI settings. You must be able to access your system’s BIOS throughout the class. If your BIOS is password-protected, you must have the password. This is absolutely required.
- 8 GB RAM (or more) is highly recommended for the best experience. To verify on Windows 10, press Windows key + “I” to open Settings, then click “System”, then “About”. Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click “About this Mac”.
Hard Drive Free Space
- 100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.
The requirements below are in addition to the baseline requirements provided above. Prior to the start of class, you must install VMware virtualization software and meet the additional software requirements as described below.
- VMware Player Install
- VMware Workstation Player 15.5+, VMware Workstation Pro 15.5.+, or VMware Fusion 11.5+.
- If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website. VMware Workstation Player is a free download that does not need a commercial license but has fewer features than Workstation Pro. THIS IS CRITICAL: Other virtualization products, such as Hyper-V and VirtualBox, are not supported and will not work with the course material.
- You must have administrator access to the host OS and to all installed security software.
- You must have the ability to reboot the laptop and login (i.e., you must have valid credentials for any drive encryption or other security software installed)
Your course media will be delivered via download. The media files for class can be large, some in the 20 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads when you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.
SANS has begun providing printed materials in PDF form. Additionally, certain classes are using an electronic workbook in addition to the PDFs. The number of classes using electronic workbooks will grow quickly. In this new environment, we have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
”From all observations of the world around us, it would appear that we might be living in a world of never-ending compromise. At first glance, an increase in compromise might be attributed to having more systems than ever before connected to more and more computer networks. On second glance, an increase in compromise might be attributed to poor security practices. If having more systems connected to more networks results in more compromise, we are in serious trouble. An ever-increasing number of systems will continue to be connected in an increasingly connected world.
Surely today, with more security available to us than at any other time in the history of computing, an ever-continuing increase in worldwide compromise can’t be attributed to poor security practices. Or can it? The truth is always complicated. It might be that we now live simultaneously in a world of ever-increasing security capability AND ever-increasing compromise. As distressing as that might be, the answer might be as simple as the notion that ‘Offense informs Defense.’
In the spirt of that notion, SEC401 will provide you with real-world, immediately actionable knowledge and information that will put you and your organization on the best footing possible to better counter the modern adversary. Join us to learn how to fight, and how to win.”
Bryan Simon, Lead Course Author, SEC401
“Bryan Simon’s knowledge and personal experience continue to astound me. SEC401 course content has been incredibly useful and will be directly applicable to my job, and the labs have practical use and are great demonstrations of the concepts presented in lectures.” – Thomas Wilson, Agile Systems