Download - brochure

Reasons to Take SANS OnDemand Four months of access to comprehensive online training

Taught by SANS’ Top Gun instructors including Dr. Eric Cole, Rob Lee, Ed Skoudis, and Dr. Johannes Ullrich

Includes video labs and hands-on exercises

Integrated assessments for GIAC Prep

No travel or time away from the o!ce

Over 40 courses available – anytime, anywhere

O N L I N E T R A I N I N G & A S S E S S M E N T S

2 0 1 1 C O U R S E C ATA LO G

The most extensive online library for cutting-edge information security

courses in the world

FREE COURSE DEMOS www.sans.org/ondemand

...Current SpecialSave 20% on SANS OnDemand courses & more

with Flex Passes! EXPIRES DEC 27, 2010

“OnDemand allowed me to prepare well in every aspect. I earned a 97% on my GIAC exam because of the training methods OnDemand delivers.” -TREVOR ALEXANDER, IDAHO STATE INSURANCE FUND

Register and pay for any SANS OnDemand job-based course by December 27, 2010 and receive 20% o" your course. Register with the discount code ODEY2010Additional savings of 5-7% are available on our already discounted SANS OnDemand Flex Pass for Groups & Individuals. With the Flex Pass, you’ll be able to spend your remaining 2010 training budgets and have the #exibility of using the training throughout 2011.

www.sans.org/ondemand

https://www.sans.org/registration/register.php?conferenceid=1032

http://www.sans.org/ondemand/flexpass.php

Stephen Northcutt

Dear Colleague,

I would like to invite you to take at least one of our cutting-edge SANS security courses in our newest version of the SANS OnDemand online training and assessment system. This is the most comprehensive online training system available anywhere in the world, and with it, SANS delivers the same unparalleled content you would receive in our classroom environment. Choose a course from our online library, with courses taught by our top instructors including Dr. Eric Cole, Rob Lee, Ed Skoudis, and Dr. Johannes Ullrich. I’m also very excited to announce the availability of SANS OnDemand courses for the iPad. Enabling OnDemand courses for the iPad continues SANS’ commitment to delivering the most trusted online security training anytime, anywhere.

SANS OnDemand is the perfect training solution for companies of all sizes, as well as individuals. OnDemand is one of SANS’ most affordable training options and ideal for getting the most flexibility out of your training budget. Anyone taking SANS OnDemand realizes immediate cost savings by avoiding the travel expense and time away from the office associated with classroom-based training.

SANS OnDemand’s comprehensive training format allows faster learning and better retention so students can return to work immediately, putting new skills and techniques to work on the same day. Additionally, students have access to SANS OnDemand for four months allowing them to achieve maximum content retention and the ability to revisit the content as they apply their new found skills on the job.

If you are pursuing a GIAC certification or a Master’s Degree at SANS Technology Institute (STI), OnDemand is the perfect option for you. SANS OnDemand provides the time and budget flexibility you need to fulfill the requirements for these demanding programs.

Whether you’re a returning customer or new to SANS OnDemand, we’re excited to announce several new features in OnDemand:

1. iPad Compatibility. All SANS courses have been redesigned and optimized to run on the iPad and take advantage of the iPad’s unique features and functionality. You can now access any OnDemand course from your desktop, laptop, or remotely with your iPad.

2. Enhanced OnDemand Player. This enhanced player incorporates many new features resulting from direct student feedback and suggestions. The new “continuous-play” feature allows you to play through all slides in a module without user interaction. With the “video scrubber” you can now effortlessly fast forward, rewind, or jump to any point in a slide. These are just a couple of the exciting new features we’ve added.

3. New and Updated Courses. As you’ll see throughout the pages of this catalog, we’ve added many new courses previously not available through OnDemand. We’ve also significantly updated many others making SANS OnDemand the most trusted and by far the largest source for online security training.

SANS OnDemand is the perfect solution if you have training requirements for just one person or a group of any size. Contact us at (301) 654-7267 or [email protected] and ask about the OnDemand Flex Pass. The OnDemand Flex Pass is a 12-month online training pass available for both groups and individuals. Many organizations have found it to be the perfect solution for meeting their varied training needs. The OnDemand Flex Pass is the most cost effective way to take SANS training with tremendous savings off of our list prices.

Stephen Northcutt

President

SANS Technology Institute, a postgraduate computer security college

Table of Contents

To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-7267 1

SANS Cyber Guardian Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

DoD Directive 8570 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

GIAC – Global Information Assurance Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

SANS Training and Your Career Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

SEC301: Intro to Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

SEC401: SANS Security Essentials Bootcamp Style . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

SEC501: Advanced Security Essentials – Enterprise Defender . . . . . . . . . . . . . . . . . .8

SEC502: Perimeter Protection In-Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

SEC503: Intrusion Detection In-Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

SEC504: Hacker Techniques, Exploits, and Incident Handling . . . . . . . . . . . . . . . . 11

SEC505: Securing Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SEC506: Securing Linux/Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

SEC509: Securing Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

SEC542: Web App Penetration Testing and Ethical Hacking . . . . . . . . . . . . . . . . . . 15

SEC560: Network Penetration Testing and Ethical Hacking . . . . . . . . . . . . . . . . . . 16

SEC566: Implementing and Auditing the Twenty Critical Security Controls - In Depth 17

SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses . . . . . . . . 18

FOR408: Computer Forensic Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

FOR508: Computer Forensic Investigations and Incident Response . . . . . . . . . . 20

FOR558: Network Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

FOR610: Reverse-Engineering Malware: Malware Analysis Tools & Techniques 22

MGT411: SANS 27000 Implementation & Management . . . . . . . . . . . . . . . . . . . . . 23

MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam . . . . 24

MGT512: Security Leadership Essentials for Managers with Knowledge Compression™ 25

AUD410: IT Security Audit and Control Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

AUD507: Auditing Networks, Perimeters, and Systems . . . . . . . . . . . . . . . . . . . . . . 27

DEV522: Defending Web Applications Security Essentials . . . . . . . . . . . . . . . . . . . 28

DEV541: Secure Coding in Java/JEE: Developing Defensible Applications. . . . . 29

DEV544: Secure Coding in .NET: Developing Defensible Applications . . . . . . . . 29

LEG523: Law of Data Security and Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

SANS OnDemand Skill-Based Short Courses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Other SANS Training Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32-33

SANS vLive! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

SANS Technology Institute – Master’s Degree in Information Security . . . . . . . . . 33

OnDemand Flex Pass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

SANS 2011 Live Training Calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

OnDemand Registration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

OnDemand Course Fees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

2

Become a SANS Cyber Guardian

and stay one step ahead of the threats as well as

know what to do when a breach occurs.

www.sans.org/ cyber-guardian

CYBER GUARDIANP R O G R A M

T H E

SANS CYBER GUARDIAN P R O G R A M

About the Program SANS’ Cyber Guardian program is designed for the elite teams of technical security professionals who are part of the armed forces, Department of Defense, government agencies, and organizations whose role includes securing systems, reconnaissance, counter-terrorism and counter hacks. These teams will be the ‘Cyber Security Special Forces’ where each individual’s role makes the team successful.

Program Overview • Core Courses and Certi!cations: - SEC503: Intrusion Detection In-Depth – GCIA - SEC504: Hacker Techniques, Exploits and

Incident Handling - GCIH - SEC508: Computer Forensics, Investigation,

and Response - GCFA - SEC560: Network Penetration Testing and

Ethical Hacking - GPEN• Select a Blue or Red Specialty• Successfully Complete Specialty Courses and

Pass Certi!cations• Pass the Hands-on GSE Exam

Program Benefits for Security Professionals

• You will be prepared for all types of cyber attacks and know how to react when a breach occurs

• Receive SANS’ elite, hands-on training• Earn an exclusive GIAC Security Expert Certi!cation

that will set you apart in the infosec !eld • Receive a SANS Cyber Guardian Patch and use of

the logo for business cards and proposals

Program Benefits for Services and Employers

• Gain the reassurance that your systems are being protected by the most quali!ed security professionals available

• Your employees will be able to keep you up-to-date on the latest attacks

• Use of the SANS Cyber Guardian logo for business proposals, stationery, and business cards

Learn more at www.sans.org/cyber-guardian

Real Threats, Real Skills, Real Success

http://www.sans.org/cyber-guardian

EARN YOUR CERTIFIC ATION

Top Four Reasons to ‘Get GIAC Certi!ed’1. Promotes hands-on technical skills and improves knowledge retention “The GIAC certification process forced me to dig deeper into the information that I was taught

in class. As a result of this, I integrated this training into my practical skill set and improved my hands-on skills.” -DEAN FARRINGTON, INFORMATION SECURITY ENGINEER, WELLS FARGO

2. Provides proof that you possess hands-on technical skills “GIAC proves that I have a very solid technical background to support any challenge I deal

with every day. There are so many new tools coming up daily, but the underlying background essentially remains the same.” -WAYNE HO, BUSINESS INFORMATION SECURITY OFFICER, GLOBAL BANK

3. Positions you to be promoted and earn respect among your peers “I think the GIAC certification has definitely helped provide credibility for me in the workplace.

This, in turn, has helped me be more effective at my job.” -MATT AUSTIN, SENIOR SECURITY CONSULTANT, SYMANTEC

4. Proves to hiring managers that you are technically quali!ed for the job “Hiring managers are always looking for ways to help sort through candidates. GIAC certifica-

tions are a major discriminator. They ensure that the candidate has hands-on technical skills.” -CHRIS SCHOCK, NETWORK ENGINEER, STATE OF COLORADO


DoD Directive 8570 requires:By the end of CY 2010, ALL personnel performing IAT and IAM functions must be certi!ed.

By the end of CY 2011 ALL personnel performing CND-SP and IASAE roles must be certi!ed.

ALL IA jobs will be categorized as ‘Technical’ or ‘Management’ Level I, II, or III, and to be quali!ed for those jobs, you must be certi!ed.

“It’s not about the cert, it’s about the

knowledge gained in pursuit

of the cert.” -DAVE HULL,

TRUSTED SIGNAL, LLC

Get more information at www.sans.org/8570

DoD Baseline IA Certi!cationsTECH II: GSEC • Security + TECH III: GSE • GCED • GCIH • CISSP • CISA

MGT I: GSLC • GISF • Security + MGT II: GSLC • CISSP MGT III: GSLC • CISSP

Information Assurance System Architecture & Engineering (IASAE) Certi!cations

IASAE I: CISSP IASAE II: CISSP

Computer Network Defense (CND) Certi!cationsCND Analyst: GCIA CND Incident Responder: GCIH CND Auditor: GSNA • CISA

Training for Certi!cationsAUD423: CISA AUD507: GSNA MGT414: CISSP MGT512: GSLC SEC301: GISF SEC401: GSEC

SEC334: Security + SEC503: GCIA SEC504: GCIH SEC401, SEC503 & SEC504: GSE

http://www.sans.org/8570

http://www.giac.org/

A P P S E C C U R R I C U L U MSecure Coding

General / Management

DEV304Software Security

Awareness

DEV320Introduction to the Microsoft Security

Development Lifecycle

DEV538Web App Pen

Testing Immersion

Design & TestDEV522

Defending Web Applications

Security Essentials

DEV542Web App

Pen Testing and Ethical Hacking

GWAPT

DEV530Essential Secure

Coding in Java/JEE

(2-Day Course)

DEV541Secure Coding

in Java/JEE (4-Day Course)

GSSP-JAVA

JAVA

DEV543Secure Coding

in C

C & C++

DEV545Secure Coding

in PHP

PHPDEV534

Secure Code Review for Java

Web Apps

Code Review

DEV536Secure Coding for

PCI Compliance

PCI

DEV532Essential

Secure Coding in .NET

(2-Day Course)

DEV544Secure Coding

in .NET (4-Day Course)

GSSP-.NET

.NET

Intrusion Analysis CurriculumSEC502Perimeter Protection In-Depth

GCFW

SEC501Advanced Security

Essentials – Enterprise Defender

GCED

SEC503Intrusion Detection In-Depth

GCIA

S E C U R I T Y C U R R I C U L AIncident Handling Curriculum

SEC504Hacker Techniques,

Exploits, and Incident Handling

GCIH



GCED

System Administration CurriculumSEC505Securing Windows

GCWN



GCED

SEC506Securing

Linux/Unix

GCUX

Network Security CurriculumSEC501

Advanced Security Essentials –

Enterprise DefenderGCED

SEC566 Implementing & Auditing the Twenty

Critical Security Controls - In-Depth

SEC301Intro to Information

SecurityGISF

Beginners

Penetration Testing CurriculumSEC540

VoIP Security

SEC560Network Pen Testing and Ethical Hacking

GPEN

SEC542Web App Pen Testing and Ethical Hacking

GWAPT

SEC660Advanced Penetration Testing, Exploits, and

Ethical Hacking

SEC617Wireless Ethical

Hacking, Pen Testing, and Defenses

GAWN

FOR508Computer Forensic Investigations and Incident Response

GCFA

FOR408Computer Forensic

EssentialsGCFE

FOR508Computer Forensic Investigations and Incident Response

GCFA

FOR558Network Forensics

FOR563Mobile Device

Forensics

FOR610REM: Malware

Analysis Tools & Techniques

GREM

M A N A G E M E N T C U R R I C U L U M

S A N S T R A I N I N G A N D Y O U R C A R E E R R O A D M A PF O R E N S I C S

C U R R I C U L U M

L E G A L C U R R I C U L U M

LEG523Law of Data Security

and InvestigationsGLEG


SecurityGISF


SecurityGISF


SecurityGISF

SEC401SANS Security Essentials

Bootcamp StyleGSEC

SEC401SANS Security

Essentials Bootcamp Style

GSEC

MGT512SANS Security

Leadership Essentials For Managers

with Knowledge Compression™

GSLC

Additional Intrusion Analysis CoursesSEC577: Virtualization Security Fundamentals

Additional Incident Handling CoursesSEC517: Cutting-Edge Hacking TechniquesSEC550: Information Reconnaissance: Competitive Intelligence and Online Privacy

Additional Network Security CoursesSEC440: 20 Critical Security Controls: Planning,

Implementing, and AuditingSEC556: Comprehensive Packet Analysis SEC565: Data Leakage Prevention - In Depth

Additional Penetration Testing CoursesDEV538: Web App Pen Testing ImmersionSEC561: Network Penetration Testing: Maximizing the E!ectiveness of

Reports, Exploits, and Command ShellsSEC567: Power Packet Crafting with Scapy

SEC580: Metasploit Kung Fu for Enterprise Pen Testing SEC710: Advanced Exploit Development

SEC301 NOTE: If you have experience in the !eld, please

consider our more advanced course – SEC401.

Additional Forensics CoursesFOR526: Advanced Filesystem Recovery

and Memory Forensics

Additional Management CoursesMGT305: Technical Communication and Presentation Skills for Security Professionals MGT404: Fundamentals of Information Security Policy MGT405: Critical Infrastructure Protection MGT411: SANS 27000 Implementation & Management G7799 MGT421: SANS Leadership and Management Competencies MGT431: Secure Web Services for ManagersMGT432: Information Security for Business ExecutivesMGT438: How to Establish a Security Awareness ProgramMGT442: Information Security Risk ManagementMGT514: Information Security Policy – In Depth MGT570: Social Engineering Defense

GIAC certi!cation available for

courses indicated with GIAC acronyms

A U D I T C U R R I C U L U M

AUD507Auditing Networks,

Perimeters, and SystemsGSNA

SEC401SANS Security Essentials

Bootcamp StyleGSEC


SecurityGISF

Additional Audit CoursesAUD305: Technical Communication &

Presentation Skills AUD410: IT Security Audit & Control EssentialsAUD423: Training for the ISACA® CISA® Cert ExamAUD429: IT Security Audit Essentials Bootcamp AUD440: 20 Critical Security Controls: Planning,

Implementing, and AuditingAUD521: Meeting the Minimum: PCI/DSS 1.2:

Becoming and Staying Compliant AUD566: Implementing & Auditing the Twenty

Critical Security Controls – In-Depth

MGT414SANS® +S™

Training Program for the CISSP® Certi!cation

ExamGISP

MGT525Project Mgt

and E"ective Communications for

Security Professionals and Managers

GCPM

SEC401SANS Security

Essentials Bootcamp Style

GSEC

5

Additional System Administration CoursesSEC434: Log Management In-DepthSEC509: Securing Oracle SEC531: Windows Command-Line Kung Fu SEC546: IPv6 EssentialsSEC564: Hacker Detection for System AdministratorsSEC569: Combating Malware in the Enterprise:

Practical Step-by-Step Guidance

http://www.giac.org/

Intro to Information SecurityS E C U R I T Y

301O N L I N E T R A I N I N G

Who Should Register• Professionals who need to hit

the ground running and need an overview of information assurance

• Managers, information security o!cers, and system administra-tors who need an overview of risk management and defense-in-depth techniques

• Anyone who writes, implements, or must adhere to policy, disaster recovery, or business continuity

Get GISF Certified

www.giac.org

With SANS OnDemand, students receive:• Four months of access to our 24/7

online training and integrated assessment quizzes

• A full set of course books and hands-on CDs

• Labs and hands-on exercises• Synchronized online courseware

and lectures• E-mail access to OnDemand

virtual mentors• Progress reports

Fred Kerby is an engineer, manager, and security practitioner whose experience spans several generations of networking. He is the information assurance manager at the Naval Surface Warfare Center, Dahlgren Division and has vast experience with the political side of security incident handling. His team is one of the recipients of the SANS Security Technology Leadership Award as well as the Government Technology Leadership Award. Fred received the Navy Meritorious Civilian Service Award in recognition of his technical and management leadership in computer and network security. A frequent speaker at SANS, Fred’s presentations re!ect his opinions and are not the opinions of the Department of the Navy.

IAM Level I of the Department of Defense Baseline Certification for 8570

This introductory certification course is the fastest way to get up to speed in information security.

Written and taught by battle-scarred security veterans, this entry-

level course covers a broad spectrum of security topics and is

liberally sprinkled with real life examples. A balanced mix of

technical and managerial issues makes this course appealing to

attendees who need to understand the salient facets of information

security and risk management. Organizations often tap someone

who has no information security training and say, “Congratulations,

you are now a security officer.” If you need to get up to speed fast,

Security 301 rocks!

We begin by covering basic terminology and concepts, and then

move to the basics of computers and networking as we discuss

Internet Protocol, routing, Domain Name Service, and network

devices. We cover the basics of cryptography, and wireless

networking, then we look at policy as a tool to effect change in your

organization. In the final day of the course, we put it all together

with an introduction to defense in-depth.

If you’re a newcomer to the field of

information security, this is the course

for you! You will develop the skills to

bridge the gap that often exists between

managers and system administrators

and learn to communicate effectively

with personnel in all departments and at

all levels within your organization.

This is the course SANS offers for

the professional just starting out

in security. If you have experience

in the field, please consider our

more advanced offerings, such

as SEC401: SANS Security

Essentials Bootcamp Style.

6 To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-7267

http://www.sans.org/ondemand/description.php?tid=2507

http://www.giac.org/certifications/software/gisf.php


Who Should Register• Security professionals who want

to "ll the gaps in their under-standing of technical information security

• Network engineers wanting to enter the "eld of security

• Security engineers, admins, managers, and others wanting a more detailed understanding of the technical components of security

• Anyone new to information security with some background in information systems and networking

• Individuals with operational responsibility for a "rewall, VPN, or Internet-facing device

Get GSEC Certified

www.giac.org

SANS Security Essentials Bootcamp Style

S E C U R I T Y


This course is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC).

Maximize your training time and turbo-charge your career in security by learning the full SANS Security Essentials curriculum needed to qualify for the GSEC certification.

Security Essentials is designed to give anyone interested in network

security the skills required to be an effective player in this space. This

in-depth, comprehensive course provides the essential, up-to-the-

minute knowledge and skills required for securing systems and/or

organizations. It also gives you the language and theory of computer

security, all of it taught by the best security instructors in the industry.

With SANS OnDemand, students receive:

• Four months of access to our 24/7 online training and integrated assessment quizzes

• A full set of course books and hands-on CDs• Labs and hands-on exercises• Synchronized online courseware and lectures• E-mail access to OnDemand virtual mentors• Progress reports

Please note that some course material for SEC401 and MGT512 may overlap. We recommend SEC401 for those interested in a more technical course of study and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

IAT Level II of the Department of Defense Baseline Certification for 8570

Dr. Eric Cole is an industry-recognized security expert with over 15 years of hands-on experience. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a master’s degree in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author.



http://www.giac.org/certifications/software/gsec.php


SANS Security Essentials – Enterprise Defender

S E C U R I T Y


Who Should Register• Students who have taken Secu-

rity Essentials and want a more advanced 500-level course similar to SEC401

• People who have foundational knowledge covered in SEC401, do not want to take a specialized 500-level course, and still want a broad advanced coverage of the core areas to protect their systems

• Anyone looking for detailed technical knowledge on how to protect against, detect, and react to the new threats that will continue to cause harm to an organization

Get GCED Certified

www.giac.org




• Labs and hands-on exercises• Synchronized online

courseware and lectures• E-mail access to OnDemand



Cyber security will continue to increase in importance as attacks become stealthier, have a greater financial impact on an organization, and cause reputational damage.

While Security Essentials lays a solid foundation for the security practitioner, there is only so much that can be packed into a six-day course. SEC501 is a follow up to SEC401: SANS Security Essentials (with no overlap) and continues to focus on more technical areas needed to protect an organization. The course focus is on:

Prevention - configuring a system or network correctly

Detection - identifying that a breach has occurred at the system or network level

Reaction - responding to an incident and moving to evidence collection/forensics

Prevention is ideal, but detection is a must. We have to ensure that we constantly improve security to prevent as many attacks as possible. This prevention/ protection occurs externally and internally. Attacks will continue to pose a threat to an organization as data becomes more portable and networks continue to be porous. Therefore a key focus needs to be on data protection – securing our critical information whether it resides on a server, in a robust network architecture, or on a portable device.

Despite our best effort at preventing attacks and protecting critical data, some attacks will still be successful. Therefore we need to be able to

detect attacks in a timely fashion. This is accomplished by understanding the traffic flowing on your networks and looking for indication of an attack. It also includes

performing penetration testing and vulnerability analysis against an organization to identify problems and issues before a compromise occurs.

Finally, once an attack has been detected, we must react in a timely fashion and perform forensics. By understanding how the attacker broke in, this can be fed back into more effective and robust preventive and detective measures, completing the

security lifecycle.



http://www.giac.org/certifications/software/gced.php

Who Should Register• Information security o!cers• Intrusion analysts• IT managers• Network architects• Network security engineers• Network and system

administrators• Security managers• Security analysts• Security architects• Security auditors

Get GCFW Certified

www.giac.org

With SANS OnDemand, students receive:• 4-months access to our 24/7 online

training and integrated assessment quizzes


• Labs & hands-on exercises• Synchronized online courseware

and lectures• E-mail access to OnDemand virtual

mentors• Progress reports

Perimeter Protection In-DepthS E C U R I T Y


There is no single fix for securing your network. That’s why this course is a comprehensive analysis of a wide breadth of technolo-gies. This is probably the most diverse course in the SANS catalog, as mastery of multiple security techniques are required to defend your network from remote attacks. You cannot just focus on a single OS or security appliance. A proper secu-rity posture comprises multiple layers. This course was developed to give you the knowledge and tools necessary at every layer to ensure your network is secure.

The course starts by looking at common problems: Is there traffic passing by my firewall I didn’t expect? How did my system get compromised when no one can connect to it from the Internet? Is there a better solution than anti-virus for con-trolling malware? We’ll dig into these questions and more and answer them.

We all know how to assign an IP address, but to secure your network you really need to understand the idiosyncrasies of the protocol. We’ll talk about how IP works and how to spot the abnormal patterns. If you can’t hear yourself saying “Hummm, there are no TCP options in that packet. It’s probably forged,” then you’ll gain some real insight from this portion of the material.

Once you have an understanding of the complexities of IP, we’ll get into how to control it on the wire. We focus on the underlying technology used by all of the projects rather than telling you which are good and which are bad ones. A side-by-side product comparison is only useful for that specific moment in time. By gaining knowledge of what goes on under the cover, you will be empowered to make good product choices for years to come. Just because two firewalls are stateful inspection, do they really work the same on the wire? Is there really any difference between stateful inspection and network-based intrusion prevention, or is it just marketing? These are the types of questions we address in this portion of the course.

We move on to a proper, wire-level assessment of a potential product, as well as what options and features are available. We’ll even get into how to deploy traffic control while avoiding some of the most common mistakes. Feel like your firewall is generating too many daily entries for you to review the logs effectively? we’ll ad-dress this problem not by reducing the amount of critical data, but by streamlining and automating the back end process of evaluating it.

But you can’t do it all on the wire. A properly layered defense needs to include each individual host – not just the hosts exposed to access from the Internet, but hosts that have any kind of direct or indirect Internet communication capability as well. We’ll start with OS lockdown techniques and move on to third party tools that can permit you to do anything from sandbox insecure appli-cations to full-blown application policy enforcement.

Most significantly, I’ve developed this course material using the following guiding principles: Learn the process, not just one specific product; You learn more by doing so hands-on problem-solving is key; Always peel back the layers and identify the root cause. While technical knowledge is important, what really matters are the skills to properly leverage it. This is why the course is heavily focused on problem solving and root cause analysis. While these are usually con-sidered soft skills, they are vital to being an effective role of security architect. So along with the technical training, you’ll receive risk management capabilities and even a bit of Zen empowerment.

Chris Brenton is a private consultant with over ten years of experience in the "eld. He is one of the founding members of the initial Honeynet Project, one of the original Internet Storm Center handlers, and started up one of the "rst managed security ISPs. Over the years, he’s been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Protection In-Depth course. In his spare time, Chris teaches rally and high-speed o# road security driving where he can be found teaching students to make their side window the front of the car.



http://www.giac.org/certifications/software/gcfw.php

Who Should Register• Intrusion detection analysts

(all levels)• Network engineers• System, security, and network

administrators• Hands-on security managers• Individuals with operational

responsibility for a "rewall, VPN, or Internet-facing device

Get GCIA Certified

www.giac.org







Intrusion Detection In-DepthS E C U R I T Y


Mike Poor is a founder and senior security analyst for the DC "rm Inguardians, LLC. In his recent past life he has worked for Source"re as a research engineer and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certi"cations and is an expert in network engineering and systems, network, and Web administration. Mike is a contributing author of the international best selling book Snort 2.1 from Syngress and is a handler for the Internet Storm Center.

Learn practical, hands-on intrusion detection and traffic analysis from top practitioners/authors in the field.

This is the most advanced program in network intrusion detection that

has ever been taught. All of the course material is either new or just

updated to reflect the latest attack patterns. This series is jam-packed

with network traces and analysis tips. The emphasis is on increasing

students’ understanding of the workings of TCP/IP and Hex, methods of

network traffic analysis, and one specific network intrusion detection

system—Snort. This course is not a comparison or demonstration of

multiple NIDS. Instead, the knowledge/information provided here allows

students to better understand the qualities that go into a sound NIDS

and the “whys” behind them, and thus, to be better equipped to make a

wise selection for their site’s particular needs.

This is a fast-paced course and students are expected to have a basic

working knowledge of TCP/IP (see: www.sans.org/training/tcpip_quiz.

php) in order to fully understand the topics that will be discussed.

Although others may benefit from this course, it is most appropriate

for students who are or who will become intrusion detection analysts.

Students generally range from novices with some TCP/IP background

all the way to seasoned analysts. The challenging, hands-on exercises

are specially designed for all experience levels. We strongly recommend

that you spend some time getting familiar with TCPdump,

WINdump, or another network analyzer output before

coming to class.

PREREQUISITEYou must possess at least a working knowledge of TCP/IP and Hex. See

www.sans.org/training/tcpip_quiz.php to test your TCP/IP and Hex basics knowledge.

CND Analyst for the Department of Defense Baseline Certification for 8570



http://www.giac.org/certifications/software/gcia.php


www.sans.org/training/tcpip_quiz.php

www.sans.org/training/tcpip_quiz.php

If your organization has an Internet connection or a disgruntled employee (and whose doesn’t!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets to the spyware your otherwise wholesome users inadvertently downloaded, attackers are targeting your systems with increasing viciousness and stealth.

By helping you understand attackers’ tactics and strategies in detail, giving you hands-on experience in finding vulnerabilities and discovering intru-sions, and equipping you with a comprehensive incident handling plan, the in-depth information helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors, the ‘oldie-but-goodie’ attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discov-ering holes before the bad guys do. This workshop also includes the unique SANS Capture-the-Flag event on the last day where you will apply your skills developed throughout the session to match wits with your fellow students and instructor in a fun and engaging learning environment. You’ll get to attack the systems in our lab and capture the flags to help make the lessons from the whole week more concrete. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

It is imperative that you get written permission from the proper authority in your organization before using these tools and techniques on your company’s system and also that you advise your network and computer operations teams of your testing.

Who Should Register• Members and leaders of incident

handling teams• System administrators and

security personnel• Ethical hackers/penetration

testers who want to understand the concepts underlying their testing regimen

Get GCIH Certified

www.giac.org





courseware and lectures • E-mail access to

OnDemand virtual mentors

• Progress reports

IAT Level II and CND Incident Responder for the Dept. of Defense Baseline Certification for 8570

Ed Skoudis is a founder and senior security consultant with InGuardians. Ed’s expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over "fteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (SEC560) and incident response (SEC504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in "nancial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against "nancial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips. http://blog.commandlinekungfu.com

S E C U R I T Y


Hacker Techniques, Exploits, and Incident Handling



http://www.giac.org/certifications/software/gcih.php


S E C U R I T Y


Who Should Register• Windows network security

engineers and architects• Windows administrators with

security duties• Anyone with Windows machines

who wants to implement the SANS 20 Critical Security Controls

• Active Directory designers and administrators

• Those who must enforce security policies on Windows hosts

• Those deploying or managing a PKI or smart cards

• IIS administrators and Web mas-ters with Web servers at risk

• Administrators who use the command line or scripting to automate their duties and must learn PowerShell (the replace-ment for CMD scripting and VBScript)

Get GCWN Certified

www.giac.org





and lectures• E-mail access to



Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute’s week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He graduated from the University of Virginia, received his master’s degree from the University of Texas at Austin, and holds a number of professional certi"cations. He currently lives in Dallas, Texas. Jason blogs about Windows Security Issues at https://blogs.sans.org/windows-security.

Will you be transitioning from Windows XP to Windows 7? The Securing Windows course is fully updated for Windows Server 2008-R2 and Windows 7. Most of the content applies to Windows Server 2003 and XP too, but the focus is on 2008/Vista/7.

Concerned about the 20 Critical Security Controls of the Consensus Audit Guidelines? This course will help you implement , not just audit, the critical controls relevant to Windows systems and will walk you through most of the tools step by step, too.

As a Windows security expert, how can you stand out from the crowd and offer management more than the usual apply-this-checklist advice? Be a security architect who understands the big picture. You can save your organization money, maintain compliance with regulations, secure your networks, and advance your career all at the same time. How? By leveraging the Windows infrastructure you’ve already paid for.

This program is a comprehensive set of courses for Windows security architects and administrators. It tackles tough problems like Active Directory forest design, how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS Web servers, and PowerShell scripting.

PowerShell is the future of Windows scripting and automation. Easier to learn and more powerful than VBScript, PowerShell is an essential tool for automation and scalable management. If there is one skill that will most benefit the career of a Windows specialist, it’s scripting. Most of your competition lack scripting skills, so it’s a great way to make your resume stand out. Scripting skills are also essential for being able to implement the 20 Critical Security Controls.

You are encouraged to bring a virtual machine running Windows Server 2008 Enterprise Edition configured as a domain controller, but this is

not a requirement for attendance since the instructor will demo everything discussed on-screen. You can get a free

evaluation version of Server 2008 from Microsoft’s Web site (just do a Google search on “site:microsoft.com

Server 2008 trial”). You can use VMware, Virtual PC or any other virtual machine software.

This is a fun and fascinating course, a real eye-opener even for Windows administrators

with years of experience. Come see why there’s a lot more to Windows

security than just applying patches and changing pass-

words; come see why a Windows network needs a security architect.

Securing Windows


http://www.sans.org/security-training/securing-windows-77-mid

http://www.giac.org/certifications/software/gcwn.php

Who Should Register

• Security professionals looking to learn the basics of securing Unix operating systems

• Experienced administrators looking for in-depth descriptions of attacks on Unix systems and how they can be prevented

• Administrators needing information on how to secure common Internet applications on the Unix platform

• Auditors, incident responders, and InfoSec analysts who need greater visibility into Linux and Unix security tools, procedures, and best practices

Get GCUX Certified

www.giac.org

Hal Pomeranz is founder and CEO of Deer Run Associates, a systems management and security consulting "rm. He has spent more than 15 years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. He is the technical editor for SysAdmin Magazine and was the recipient of the 2001 SAGE Outstanding Achievement award for his teaching and leadership in the "eld of system administration. Hal participated in the "rst SANS training program and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming. Hal also blogs about command line tips on a regular basis. http://blog.commandlinekungfu.com

S E C U R I T Y


Experience in-depth coverage of Linux and Unix security issues.

Examine how to mitigate or eliminate general problems that apply to

all Unix-like operating systems, including vulnerabilities in the password

authentication system, file system, virtual memory system, and applica-

tions that commonly run on Linux and Unix. This course provides specific

configuration guidance and practical, real-world examples, tips, and tricks.

Throughout this course, you will become skilled at utilizing freely available

tools to handle security issues, including SSH, AIDE, sudo, lsof, and many

others. SANS’ practical approach with “hands-on” exercises every day

ensures that you can start using these tools as soon as you return to work.

We will also put these tools to work in a special section that covers simple

forensic techniques for investigating compromised systems.

Sampling of Topics• Memory attacks, bu#er over!ows• File system attacks, race conditions• Trojan horse programs and rootkits• Monitoring and alerting tools• Unix logging and kernel-level auditing• Building a centralized logging infrastructure• Network security tools• SSH for secure administration• Server “lockdown” for Linux and Unix• Controlling root access with sudo• SELinux and chroot() for

application security• DNSSEC deployment and

automation• mod_security and Web

application "rewalls• Secure con"guration of BIND,

Sendmail, Apache• Forensic investigation

Securing Linux/Unix


With SANS OnDemand, students receive:• Four months of access to our 24/7 online training and

integrated assessment quizzes• A full set of course books and hands-on CDs• Labs and hands-on exercises• Synchronized online courseware and lectures• E-mail access to OnDemand virtual mentors• Progress reports

PREREQUISITEStudents must possess at least a

working knowledge of Unix. Most students who attend the course have a minimum of three to five

years of Unix system administration experience. To test your knowledge,

see our Unix Knowledge Quiz at http://www.sans.org/training/

unix_quiz.php.


http://www.giac.org/certifications/software/gcux.php

http://www.sans.org/training/unix_quiz.php

Who Should Register

• Oracle database administrators responsible for installation and management of Oracle databases

• Developers who wish to create secure data access applications and Web sites

• Security professionals who are concerned about the secu-rity of their organization’s Oracle databases

• Auditors and penetration testers who need to evaluate the security of Oracle databases

• Security managers who need to understand the security risks with data held in an Oracle database

Securing OracleS E C U R I T Y


Tanya Baccam is a senior SANS instructor as well as a SANS courseware author. She also provides many security consulting services, such as system audits, vulnerability and risk assessments, database assessments, Web application assessments, and penetration testing. She has previously worked as the director of assurance services for a security services consulting "rm, as well as manager of infrastructure security for a healthcare organization. She also served as a manager at Deloitte & Touche in the Security Services practice. Throughout her career she has consulted with many clients about their security architecture, including areas such as perimeter security, network infrastructure design, system audits, Web server security, and database security. She has played an integral role in developing multiple business applications and currently holds the CPA, GCFW, GCIH, CISSP, CISM, CISA, CCNA, CCSE, CCSA, and Oracle DBA certi"cations.

Experts agree that Oracle is one of the most complex software packages available today.

Unfortunately, complexity often introduces an increased risk for

vulnerabilities. These vulnerabilities are being increasingly targeted by

attackers. It is not uncommon for the SANS Internet Storm Center to see

hundreds of thousands of hack attempts against Oracle databases each

month.

SANS recognizes the need for comprehensive Oracle security training

to help organizations protect their most critical information resources.

In this course, the student is lead through the process of auditing and

securing Oracle by defining the risks to data, using auditing techniques

for detecting unauthorized access attempts, using Oracle access controls

and user management functions, and developing reliable backup and

restore processes and techniques to secure the Oracle database, as well

as applications.

Throughout the course the student will be exposed to the database as

seen through the eyes of an attacker, including public and unreleased

techniques that are used to compromise the integrity of the database

or escalate a user’s privileges. In this fashion, the student gains a better

understanding of how an attacker sees a database as a target and

how we can configure the database to be resistant to known and

unknown attacks.

This course has been updated for versions of Oracle up to and

including 11g on Unix and Windows operating systems.


With SANS OnDemand, students receive:• Four months of access to our 24/7 online training and integrated

assessment quizzes• A full set of course books and hands-on CDs• Labs and hands-on exercises• Synchronized online courseware

and lectures• E-mail access to OnDemand virtual mentors• Progress reports


Who Should Register• General security practitioners • Web site designers and

architects• Developers

Get GWAPT Certified

www.giac.org

With SANS OnDemand, students receive:• Four months of access to

our 24/7 online training and integrated assessment quizzes





Web App Penetration Testing and Ethical Hacking

S E C U R I T Y


Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin’s involvement in open-source projects is spread across a number of projects and e#orts. He is the founder of many di#erent projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certi"ed instructor for SANS and the author of SEC542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Assess Your Web Apps in Depth

Web applications are a major point of vulnerability in organizations today.

Web app holes have resulted in the theft of millions of credit cards, major

financial and reputational damage for hundreds of enterprises, and even

the compromise of thousands of browsing machines that visited Web

sites altered by attackers. In this class, we’ll learn the art of exploiting Web

applications so we can find flaws in our enterprise’s Web apps before the

bad guys do. Through detailed, hands-on exercises and training from a

seasoned professional, we will learn the four-step process for Web ap-

plication penetration testing. We will inject SQL into back-end databases

to learn how attackers exfiltrate sensitive data. We will use Cross-Site

Scripting attacks to dominate a target infrastructure in our unique hands-

on laboratory environment. And, we will explore various other Web app

vulnerabilities in depth with tried-and-true techniques for finding them

using a structured testing regimen. We will learn the tools and methods of

the attacker so that you can be a powerful defender.

We will study the attacker’s view of the Web and analyze the art of

reconnaissance, specifically targeted to Web applications. We will also

examine the mapping phase when we interact with a real application

to determine its internal structure. In the discovery phase we’ll focus on

client-side portions of the application, such as Flash objects and Java

applets. We then move into the final stage, exploitation, using advanced

methods to gain further access within the application and

wrapping things up with a walk-through of an entire attack

scenario. Students will learn methods of combining

various attacks to better gauge the business impact of

application vulnerabilities.

Throughout the class, we will learn the context behind

the attacks so that you understand the real-life

applications of our exploitation. In the end, we

will be able to assess your own organization’s Web

applications to find some of the most common and

damaging Web app vulnerabilities. By knowing

your enemy, you can defeat your enemy. General

security practitioners as well as Web site designers,

architects, and developers will benefit

from learning the practical art of Web

application penetration testing.



http://www.giac.org/certifications/software/gwapt.php

Who Should Register• Penetration testers• Ethical hackers• Auditors who need to build deeper

technical skills • Security personnel whose job

involves assessing target networks and systems to "nd security vulnerabilities

Get GPEN Certified

www.giac.org





courseware and lectures

• E-mail access to OnDemand virtual mentors


Network Penetration Testing and Ethical Hacking

S E C U R I T Y


Ed Skoudis is a founder and senior security consultant with InGuardians. Ed’s expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over "fteen years of experience in informa-tion security. Ed authored and regularly teaches the SANS courses on network penetration testing (SEC560) and incident response (SEC504), helping over three thousand information security professionals each year improve their skills and abili-ties to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in "nancial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against "nancial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).

Find Security Flaws Before the Bad Guys Do.

Security vulnerabilities, such as weak configurations, unpatched systems, and botched architectures, continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise’s security stance.

We address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.

Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will

include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab en-vironment. The class also discusses how to prepare a final report tailored to maximize the value of the test from both a manage-ment and technical perspective. The final portion of the class in-cludes a comprehensive hands-on exercise in which students will

conduct a penetration test against a hypothetical target organization following all of the steps.

The course also describes the limitations of penetration testing techniques

and other practices that can be used to augment penetration testing to find

vulnerabilities in architecture, policies, and processes. We address how penetration testing should be integrated as a piece of a comprehensive enterprise

information security program.

Attendees are expected to have a working knowledge of TCP/IP; cryptographic routines,

such as DES, AES, and MD5; and the Windows and Linux command lines

before they step into class.



http://www.giac.org/certifications/software/gpen.php

Who Should Register• Information assurance auditors• System implementers/

administrators• Network security engineers• IT administrators• DoD personnel/contractors• Federal agencies/clients• Private sector organizations

looking for information assurance priorities for securing their systems

• Security vendors and consulting groups looking to stay current with frameworks for information assurance

• Alumni of SEC/AUD 440, SEC401, SEC501, SANS Audit classes, and MGT512

With SANS OnDemand, students receive:• Four months of access to

our 24/7 online training and integrated assessment quizzes


• Labs and hands-on exercises • Synchronized online

courseware and lectures • E-mail access to OnDemand

virtual mentors • Progress reports

Implementing and Auditing the Twenty Critical Security Controls - In Depth

S E C U R I T Y



In the last couple of years it has become obvious that in the world of information security, the offense is outperforming the defense. Even though budgets increase and management pays more attention to the risks of data loss and system penetration, data is still being lost and systems are still being penetrated. Over and over people are asking, “What can we practically do to protect our information?” The answer has come in the form of 20 information assurance controls known as the Consensus Audit Guidelines (CAG), located at http://www.sans.org/critical-security-controls/guidelines.php.

This course has been written to help those setting/implementing/deploying a strategy for information assurance in their agency or organization by enabling them to better understand these guidelines. Specifically the course has been designed in the spirit of the offense teaching the defense to help security practitioners understand not only what to do to stop a threat, but why the threat exists and how later to audit to ensure that the organization is indeed in compliance with their standards. Walking away from this course students should better understand how to create a strategy for successfully defending their data, implement controls to prevent their data from being compromised, and audit their systems to ensure compliance with the standard. And in SANS style, this course will not only provide a framework for better understanding, but will give you a hands-on approach to learning these objectives to ensure that what you learn today, you’ll be able to put into practice in your organization tomorrow.

This course helps you master specific, proven techniques and tools needed to implement and audit the Top Twenty Most Critical Security Controls. These Top 20 Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented. It closely reflects the Top 20 Critical Security Controls.


http://www.sans.org/security-training/implementing-auditing-twenty-critical-security-controls-in-depth-1362-mid

http://www.sans.org/critical-security-controls/guidelines.php

Who Should Register• Security professionals who are

concerned about the weaknesses of wireless networks

• Penetration testers who want to include wireless network security assessments in their organization’s services o#erings

• Auditors who must evaluate wireless networks to ensure they meet an acceptable level of risk and are compliant with organizational policy

Get GAWN Certified

www.giac.org







Wireless Ethical Hacking, Penetration Testing, and Defenses

S E C U R I T Y


Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security "eld, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to signi"cantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics. He also blogs about ethical hacking tips. http://www.willhackforsushi.com/

Wireless technology fundamentally changes accepted security paradigms.

With the pervasive deployment of wireless technology, attackers have

latched on with sophisticated and effective techniques to exploit wireless

systems at work, at home, or on the road. Despite the significant threats,

organizations are deploying WiFi, Bluetooth, and proprietary wireless

technology at a breakneck pace. This can expose internal networks and

client systems, often allowing attackers to bypass intrusion detection

systems and other defenses.

To be a wireless security expert, you need to have a comprehensive

understanding of the technology, the threats, the exploits, and the defense

techniques along with hands-on experience in evaluating and attacking

wireless networks. This course takes an in-depth look at these fields,

exposing you to wireless security threats through the eyes of an attacker.

Using readily available and custom-developed tools, you’ll navigate

your way through the techniques attackers use to exploit WiFi networks,

including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems.

We’ll also examine the commonly overlooked threats associated with

Bluetooth, WiMAX, and proprietary wireless systems. With the SWAT

toolkit, we’ll back up the course content with hands-on labs and practical

exercises designed to reinforce the course concepts.

Through the use of assessment and analysis techniques,

this course will show you how to identify the threats that

expose wireless technology, building on this knowledge

to identify defensive techniques that can be used to

protect wireless resources.

The SWAT Toolkit consists of:• Powerful 500 mW ALFA 802.11b/g wireless card

• USB Global Positioning System (GPS) adapter

• High-power Bluetooth interface with external antenna connector

• Linksys Router

• All software and tools used in lab exercises based on Backtrack 4



http://www.giac.org/certifications/software/gawn.php


Who Should Register• Information technology profes-

sionals who wish to learn core concepts in computer forensics investigations and e-discovery

• Law enforcement o!cers, federal agents, or detectives who desire to be introduced to core forensic techniques and topics

• Information security managers who need a digital forensics background in order to manage investigative teams and under-stand the implications of potential ligation-related issues

• Information technology lawyers and paralegals who need to understand the basics of digital forensic investigations

• Anyone interested in computer forensic investigations with some background in information systems, information security, and computers

Get GCFE Certified

www.giac.org

Computer Forensic EssentialsF O R E N S I C S


Rob Lee is a director for MANDIANT (www.mandiant.com). Rob is the curriculum lead for digital forensic training at the SANS Institute (forensics.sans.org). He has over 14 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the Air Force as a founding member of the 609th Information Warfare Squadron, the "rst U.S. military unit focused on information operations. Later, as a member of the Air Force O$ce of Special Investigations, he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob coauthored Know Your Enemy, 2nd Edition. He earned his MBA from Georgetown University in Washington DC. Rob was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast 2009 Awards. He blogs about computer forensic and incident response topics at the SANS Computer Forensic Blog. http://blogs.sans.org/computer-forensic

Master computer forensics. Learn essential investigation techniques.With today’s ever-changing technologies and environments, it is inevitable that organizations will deal with some form of cyber crime, such as computer fraud, insider threat, industrial espionage, or phishing. As a result, many organizations are hiring digital forensic professionals and are callling cybercrime law enforcement agents to help fight and solve these types of crime.

FOR408: Computer Forensic Essentials focuses on the essentials that a forensic investigator must know to investigate core computer crime incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

This course covers the fundamental steps of the in-depth computer forensic methodology so that each student will have the complete qualifications to work as a computer forensic investigator in the field helping solve and fight crime. This is the first course in the SANS Computer Forensic Curriculum. If you have never taken a SANS forensics course before, we recommend that you take this introductory course first to set a strong foundation for the full SANS Computer Forensic Curriculum.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME.

With this course, you will receive a FREE SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit. The entire kit will enable each investigator to accomplish proper and secure examinations of SATA, IDE, or Solid State Drives (SSD).

The FREE SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit includes:• One Tableau T35es Write Blocker (Read-Only)• HELIX Incident Response & Computer Forensics Live CD• SANS Windows XP Forensic Analysis VMware Workstation• Fully functioning tools that include working with Access Data’s

Forensic Toolkit (FTK)• IDE Cable/Adapters• SATA Cable/Adapters• FireWire and USB Cable Adapters• Forensic Notebook Adapters (IDE/SATA)• Course DVD: Loaded with case examples,

tools, and documentation


http://www.sans.org/security-training/computer-forensic-essentials-1207-mid

http://www.giac.org/certifications/software/gcfe.php

16 To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-726712 To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-7267

Who Should Register• Incident response team members

responding to complex security inci-dents/intrusions and need computer forensics to help solve their cases

• Computer forensic professionals who want to solidify and expand their understanding of "le system forensic and incident response related topics

• Law enforcement o!cers, federal agents, or detectives who want to master computer forensics and expand their investigative skill set to include data breach investigations, intrusion cases

• Information security professionals with some background in hacker exploits, penetration testing, and incident response

• Information security managers who would like to master digital forensics to understand information security implications and potential litigation or manage investigative teams

Get GCFA Certified

www.giac.org

Rob Lee is a director for MANDIANT (www.mandiant.com). Rob is the curriculum lead for digital forensic training at the SANS Institute (forensics.sans.org). He has over 14 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the Air Force as a founding member of the 609th Information Warfare Squadron, the "rst U.S. military unit focused on information operations. Later, as a member of the Air Force O$ce of Special Investigations, he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob coauthored Know Your Enemy, 2nd Edition. He earned his MBA from Georgetown University in Washington DC. Rob was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast 2009 Awards. He blogs about computer forensic and incident response topics at the SANS Computer Forensic Blog. http://blogs.sans.org/computer-forensic

Unpatched, unprotected computers connected to the Internet can be compromised in less than three days. In the commercial sector, TJ Maxx, Hannaford, and TD Ameritrade are victims of large-scale data breaches and intrusions. Personal or account information of more than 100 million individuals has been compromised. In the government sector, cyber attacks on government agencies and contractors, originating from China, have proved difficult to suppress. In both situations, incident response and mitigation, class action lawsuits, and fines place remediation costs in the billions of dollars.

This course will give you a firm understanding of computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases. Utilizing ad-vances in spear phishing, Web application attacks, and persistent malware, these new sophisticated attackers advance rapidly through your network. Forensic in-vestigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve challenging cases. FOR508 will teach you critical forensic analysis techniques and tools in a hands-on setting for both Windows- and Linux-based investigations.

We will examine various investigation methodologies and techniques, discover-ing new places to find evidence and discover the tracks of a cyber criminal or hacker who is trying to stay hidden inside your network. You will be able to demonstrate how forensic tools function and become skilled with new tools, such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS

hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve advanced com-

puter forensics cases.

FIGHT CRIME. UNRAVEL INCIDENTS… ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools

and techniques, we also teach you the legally approved forensic methodology that will result in success.

FREE SANS Investigative Forensic Toolkit (SIFT) Advanced


Computer Forensic Investigations and Incident Response

F O R E N S I C S


The SIFT Kit Advanced consists of:• Hard Drive adapter kit for SATA/IDE hard drives

1.8”/2.5”/3.5”/5.25” (Read and Write)• SANS Forensic Analysis Workstation 2.0 (Course Version)• Course DVD loaded with case examples, tools, and

documentation • Best-selling book “File System Forensic Analysis”

by Brian Carrier • Helix3 Pro: individually licensed to each

student


http://www.giac.org/certifications/software/gcfa.php

To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-7267 17To register or get more information, visit www.sans.org/ondemand • e-mail: [email protected] • Phone: 301-654-7267 13

Who Should Register• Network and/or computer

forensic examiners • Computer incident response team

members • Security architects • Security administrators • Law enforcement• Anyone responsible for orches-

trating a corporate or govern-ment network for evidence acqui-sition in the face of a criminal or civil investigation

With SANS OnDemand, students receive:• 4-months access to our 24/7






Network Forensics F O R E N S I C S


Jonathan Ham is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through sta$ng and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He’s been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certi"cations, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a di#erent kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.

“CATCHING HACKERS ON THE WIRE.” Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames, passwords, and a wealth of other valuable data are surreptitiously transferred across the network. Insider attacks leverage cutting-edge covert tunneling techniques to export data from highly secured environments. Attackers’ fingerprints remain throughout the network in firewall logs, IDS/IPS, Web proxies, traffic captures, and more.

This course will teach you to how to follow the attacker’s footprints and analyze evidence from the network environment. Network equipment, such as Web proxies, firewalls, IDS, routers and switches, contains evidence that can make or break a case. Forensic investigators must be savvy enough to find network-based evidence, preserve it, and extract the evidence. You will gain hands-on experience analyzing covert channels, carving cached Web pages out of proxies, carving images from IDS packet captures, and correlating the evidence to build a solid case. We will dive right into covert tunnel analysis, DHCP log examination, and sniffing traffic. By day two, you’ll be extracting tunneled flow data from DNS NULL records and extracting evidence from firewall logs. On day three, we analyze Snort captures and the Web proxy cache. You’ll carve out cached Web pages and images from the Squid Web proxy. The last two days, you’ll be part of a live hands-on investigation. Working in teams, you’ll use network forensics to solve a crime and present your case.

During hands-on exercises, we will use tools, such as tcpdump, Snort, ngrep, tcpxtract, and Wireshark, to understand attacks and trace suspect activity. Each student will be given a virtual network to analyze and will have the opportunity to conduct forensic analysis on a variety of devices. Underlying all of our forensic procedures is a solid forensic methodology. This course complements FOR508: Computer Forensic Investigations and Incident Response, using the same fundamental methodology to recover and analyze evidence from network-based devices.


http://www.sans.org/security-training/network-forensics-1227-mid

Who Should Register• Anyone whose job requires an

understanding of key aspects of malicious programs

• Individuals with responsibilities in incident handling, forensic analysis, Windows security, and system administration

• Individuals responsible for supporting their organizations’ internal security needs

• Engineers from security product and service companies who are looking to deepen their malware analysis expertise

Get GREM Certified

www.giac.org





and lectures• E-mail access to



Lenny Zeltser leads the security consulting practice at Savvis. He is also a Board of Directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books. Lenny is one of the few individuals in the world who has earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certi"cation. Lenny has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. For more information about his projects, see www.zeltser.com.

Expand your capacity to fight malicious code by learning how to analyze bots, worms, and trojans. This popular course discusses practical approaches to examining Windows malware using a variety of monitoring utilities, a disassembler, a debugger, and other tools useful for reverse-engineering malicious software. You don’t have to be a full-time malware searcher to benefit from this course—as organizations increasingly rely on their staff to act as first responders during a security incident, malware analysis skills become increasingly important.

By covering both behavioral and code analysis approaches, this unique course provides a rounded approach to reverse-engineering. As a result, the course makes malware analysis accessible even to individuals with a limited exposure to programming concepts. The materials do not assume that the students are familiar with reverse-engineering; however, the difficulty level of concepts and techniques increases quickly as the course progresses.

In the first half of the course, you will learn how to set up an inexpensive and flexible laboratory for understanding inner-workings of malware and demonstrate the process by exploring capabilities of real-world specimens. You will learn to examine the program’s behavioral patterns and assembly code and study techniques for bypassing common code obfuscation mechanisms. The course also explores how to analyze browser-based malware.

In the second half of the course, you will review key assembly language concepts. You will learn to examine malicious code to understand its flow by identifying key logic structures, looking at examples of bots, rootkits, key loggers, and so on. You will understand how to work with PE headers and handle DLL interactions. You will also develop skills for analyzing self-

defending malware through advanced unpacking techniques and bypassing code-protection mechanisms. Finally, you will discover

how to bypass obfuscation techniques employed by browser-based malicious scripts.

You will also learn how to analyze malicious document files that take the form of Microsoft Office and Adobe PDF documents. Such documents act as a common infection vector and need to be understood by enterprises concerned about both large-scale and targeted attacks. The course also explores memory forensics approaches to examining rootkits. Memory-based analysis techniques also help you to understand the context of an incident involving malicious software.

Hands-on workshop exercises are an essential aspect of this course and allow you to apply reverse-

engineering techniques by examining malicious code in a carefully controlled environment. When performing the analysis, you will study the supplied specimen’s behavioral patterns, and examine key

portions of its assembly code.

REM course on YouTube http://www.youtube.com/

watch?v=5AFdZ0v23YA

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

F O R E N S I C S




http://www.giac.org/certifications/software/grem.php

http://www.youtube.com/watch?v=5AFdZ0v23YA


Who Should Register

• ISOs

• ISSMs

• Management professionals considering or implementing ISO/IEC 27000 standard

• Auditors

Get G7799 Certified

www.giac.org


• Four months of access to our 24/7 online training and integrated assessment quizzes


• Labs and hands-on exercises

• Synchronized online courseware and lectures



SANS 27000 Implementation and Management

M A N A G E M E N T


With more than twenty years of experience, David Hoelzer has served in positions ranging from the highly technical to senior management for a variety of organizations. For the last ten years, David has been the director of research for Cyber-Defense and the principal examiner for Enclave Forensics. In addition to day-to-day responsibilities, he has acted as an expert witness for the Federal Trade Commission and continues to teach at major SANS events, teaching security professionals from organizations including NSA, USDA Forest Service, Fortune 500 security engineers and managers, DHHS, various DoD sites, national laboratories, and many colleges and universities. From time to time David also speaks nationally and internationally on various security topics.

The International Standards Organization (ISO) has recently revised what has become the de facto document for creating and maintaining a secure enterprise, today known as the ISO/IEC 27000 standard.

The strength of this document is derived from the meticulous attention

to detail provided by the many contributing authors and organizations as

well as the applicability of the standard to the realities of doing business

today. The standard seeks to offer best practice guidance regarding all

manner of security issues and can assist any organization that chooses

to adopt it to develop a truly security minded corporate culture. Using

our tested method for developing and applying controls using the ISO

27000 standard, you will learn to implement the guidance contained in

ISO-27000 with step-by-step pragmatic examples to move quickly into

compliance with the specification.

This track is designed for information security officers or other

management professionals who are looking for a how-to guide for

implementing ISO-27000 effectively and quickly. While the standard

is very well written, anyone who has actually tried to shift to an ISO-

27000 structured security organization knows that there can be some

significant hurdles to overcome. This course will give

you the information you need to go back to

your organization with a plan of action to

get the job done! This course has proven

especially valuable for organizations whose

27000 implementation is currently “stuck in

the mud” or is simply taking longer than

management would like.


http://www.giac.org/certifications/software/g7799.php


IAT Level III, IAM Levels II and III, and IASAE Levels I and II of the Dept. of Defense Baseline Certification for 8570Who Should Register

• Security professionals who are interested in understanding the concepts covered in the CISSP® exam

• Managers who want to under-stand the critical areas of network security

• System, security, and network administrators who want to understand the pragmatic applica-tions of the CISSP® 10 Domains

• Security professionals and manag-ers looking for practical ways the 10 domains of knowledge can be applied to their current job

• In short, if you desire a CISSP or your job requires it, MGT414 is the training for you

Get GISP Certified

www.giac.org





courseware and lectures• E-mail access to OnDemand



The SANS® +S™ Training Program for the CISSP® Certification Exam will cover the security concepts needed to pass the CISSP® exam. This is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the 10 domains of knowledge of the CISSP:

Domain 1 - Information Security Governance & Risk ManagementDomain 2 - Access ControlsDomain 3 - CryptographyDomain 4 - Physical (Environmental) SecurityDomain 5 - Security Architecture & DesignDomain 6 - Business Continuity & Disaster Recovery PlanningDomain 7 - Telecommunications & Network SecurityDomain 8 - Application SecurityDomain 9 - Operations SecurityDomain 10 - Legal, Regulations, Compliance & Investigations Each domain of knowledge is dissected into its critical components. Every component is discussed in terms of its relationship to other components and other areas of network security. After completion

of the course, the student will have a good working knowledge of the 10 domains of knowledge and,

with proper preparation, be ready to take and pass the CISSP® exam.

SANS® +S™ Training Program for the CISSP® Certi!cation Exam

M A N A G E M E N T


Obtaining your CISSP® certi!cation consists of: • Ful!lling minimum requirements for professional

work experience

• Completing the Candidate Agreement

• Review of Resume

• Passing the CISSP® 250 multiple-choice question exam with a scaled score of 700 points or greater

• Submitting a properly completed and executed Endorsement Form

• Period Audit of CPEs to maintain the credential

Note: The o"cial (ISC)2 courseware and the CISSP® exam are NOT provided as

part of the training.


http://www.giac.org/certifications/software/gisp.php



Who Should Register• This course is designed and

taught for mid-level to C-level managers and leaders. It will give you the ability to better manage IT projects in a secure manner.

• Anyone with 8570 information assurance management responsibilities

• Managers who have recently been assigned security responsibilities

• Security or assurance o!cers and managers

• Upwardly mobile managers

Get GSLC Certified

www.giac.org




• Labs and hands-on exercises • Synchronized online

courseware and lectures • E-mail access to OnDemand

virtual mentors • Progress reports

SANS Security Leadership Essentials for Managers with Knowledge Compression™

M A N A G E M E N T


Stephen Northcutt founded the GIAC certi"cation and currently serves as president of the SANS Technology Institute, a postgraduate level IT security college (www.sans.edu). Stephen, a graduate of Mary Washington College, is author/coauthor of four books, including Inside Network Perimeter Security 2nd Edition and IT Ethics Handbook. Since 2007 Stephen has conducted over 34 in-depth interviews with leaders in the security industry to research the competencies required to be a successful leader. He maintains the SANS Leadership Laboratory, where research on these competencies is posted and is lead author for Execubytes, a monthly news-letter for security managers. Stephen is the lead author/instructor for MGT421: SANS Leadership and Management Competencies, as well as MGT512: SANS Security Leadership Essentials for Managers, a prep course for the GSLC certi"cation that meets all levels of requirements for DoD Security Managers per DoD 8570. Stephen also blogs at https://blogs.sans.org/security-leadership.

This completely updated course is designed to empower advancing managers who want to get up to speed quickly on information security issues and terminology. You won’t just learn about security, you will learn how to manage security. Lecture sections are intense; the most common student comment is that it’s like drinking from a fire hose. The diligent manager will learn vital, up-to-date knowledge and skills required to supervise the security component of any information technology project. Additionally, the course has been engineered to incorporate the NIST Special Papers 800 guidance so that it can be particularly useful to US government managers and supporting contractors.

Essential security topics covered in this management track include: network fundamentals and applications, power, cooling and safety, architectural approaches to defense in depth, cyber attacks, vulnerability assessment and management, security policies, contingency and continuity planning, awareness management, risk management analysis, incident handling, Web application security, offensive and defensive information warfare, culminating with our management practicum. The material uses Knowledge Compression™, special charts, and other proprietary SANS techniques to help convey the key points of critical slides and keep the information flow rate at a pace senior executives demand every teaching hour of the course. The course has been evaluated and approved by CompTIA’s CAQC program for Security + 2008 to ensure that managers and their direct reports have a common baseline for security terminology and concepts. You will be able to put what you learn into practice the day you get back into the office.

Knowledge Compression™ uses specialized material, in-class reviews, examinations, and test-taking training to ensure that students have a solid understanding of the material that has been presented to them.

Please note that some course material for SEC401 and MGT512 may overlap. We recommend SEC401 for those interested in a more technical course of study and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

IAM Levels I, II, and III of the Department of Defense Baseline Certification for 8570


http://www.giac.org/certifications/software/gslc.php


Who Should Register

• Professionals entering the audit "eld

• Auditors taking on information security validation responsibilities

• Managers overseeing the audit and validation process

• Anyone seeking to improve overall security through addition of validation capabilities

• Auditors with a CISA or CIA certi-"cation who are seeking to learn practical methods of auditing the technology that is in use today


• 4-months access to our 24/7 online training and integrated assessment quizzes


• Labs & hands-on exercises




James Tarala is a principal consultant with Enclave Hosting, LLC and is based out of Venice, FL. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many of their auditing and security courses. As a consultant he has spent the past few years architecting large enterprise IT security and infrastructure, speci"cally working with many Microsoft-based, directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues and often performs independent security audits and assists internal audit groups to develop their programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He also holds numerous professional certi"cations.

This hands-on course will help you get started in the field of information technology and security auditing.

In this course, we will examine or work with tools ranging from URLScan

(a part of Microsoft’s IIS Security Wizard) and various CIS Scoring Tools to

HFNetCheck (hfnetchk.exe) and Unix syslog, helping the student to see

how each of these can be applied in security and audit validation. In IT

Security Audit and Control Essentials, we have put together a very strong

audit training program, giving both audit theory and technical details. It

covers the essentials of security, compliance, and IT auditing—everything

you need, nothing you don’t. As each topic is discussed, we will first teach

the underlying theories and then explain how and what about these

topics require the attention of an auditor or compliance officer.

The course is presented hands-on so that students can receive the most

benefit by actually trying what is described in the lectures. This class is not

a CISA prep course. Instead, this course and advanced course Audit 507:

Auditing Networks, Perimeters, and Systems fill in all of the technical how-

to blanks, giving you real-world, hands-on audit practice for technologies

currently in use. Throughout the class we’ve tried very hard to make sure

that we are presenting all of the foundations of information security in

connection with current information technology,

while continually asking—and answering! – Why

does an auditor care about this?


IT Security Audit and Control Essentials

A U D I T


“This course has fully fulfilled

my expectations and needs.

The instructor, James Tarala, is

outstanding, qualified, talked very

clearly and showed great pedagogic

skills. I will deeply recommend this

course to my colleagues.”

-KURT BJERNEMOSE,

UNIVERSITY OF COPENHAGEN

http://www.sans.org/security-training/security-audit-control-essentials-45-mid


Who Should Register• Auditors seeking to identify

key controls in IT systems• Audit professionals looking for

technical details on IT auditing• Managers responsible for

overseeing the work of an IT audit or security team

• Security professionals newly tasked with audit responsibilities

• System and network administrators looking to better understand what an auditor is trying to achieve, how they think, and how to better prepare for an audit

• System and network administrators seeking to create strong change control management and detection systems for the enterprise

Get GSNA Certified

www.giac.org

Auditing Networks, Perimeters, and Systems

A U D I T


With more than twenty years of experience, David has served in positions ranging from the highly technical to senior management for a variety of organizations. For the last ten years, David has been the director of research for Cyber-Defense and the principal examiner for Enclave Forensics. In addition to day-to-day responsibilities, he has acted as an expert witness for the Federal Trade Commission and continues to teach at major SANS events, teaching security professionals from organizations including NSA, USDA Forest Service, Fortune 500 security engineers and managers, DHHS, various DoD sites, national laboratories, and many colleges and universities. From time to time David also speaks nationally and internationally on various security topics. David also blogs about IT Audit issues at the SANS It Audit blog. https://blogs.sans.org/it-audit

One of the most significant obstacles facing many auditors today is how exactly to go about auditing the security of an enterprise.

What systems really matter? How do we prioritize the audits that need to be performed and determine the scope of each? How do you validate the security of the perimeter? What settings should be checked on the various systems under scrutiny? Which set of processes can be put into place to allow an auditor to focus on the business processes rather than the security settings?

This course is organized specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program. After covering high-level audit issues and general audit best practice, students will have the opportunity to dive into the technical how-to for determining the key controls that can be used to provide a level of assurance to an organization. Tips on how to repeatedly verify these controls and techniques for automatic compliance validation will come from real-world examples.

One of the struggles that IT auditors face is helping management understand the relationship between the technical controls and the risks to the business. The instructor will use validated information from real-world situations to explain how they can be used to raise the awareness of management and others within the organization to understand why these controls specifically, and auditing in general, is important. Each student is invited to bring a Windows XP Professional or higher laptop for use during class. Macintosh computers running OS X may also be used with VMware Fusion.

A great audit is more than marks on a checklist; it is the understanding of the underlying controls, knowing what the best practices are, and having enough information to understand why. Sign up for this course and experience the mix of theory, hands-on, and practical knowledge.

With SANS OnDemand, students receive:• Four months of access to our 24/7 online training and

integrated assessment quizzes• A full set of course books and hands-on CDs• Labs and hands-on exercises• Synchronized online courseware and lectures• E-mail access to OnDemand virtual mentors• Progress reports

CND Auditor for the Department of Defense Baseline Certification for 8570

http://www.sans.org/security-training/auditing-networks-perimeters-systems-6-mid

http://www.giac.org/certifications/software/gsna.php



Who Should Register

• Application developers

• Application security analysts or managers

• Application architects

• Penetration testers who are interested to learn about defensive strategies

• Security professionals who are interested in learning about web application security

• Auditors who need to understand defensive mechanisms in web applications

• Employees of PCI compliant organizations who need to be trained to comply with PCI requirements


• 4-months access to our 24/7 online training and integrated assessment quizzes


• Labs & hands-on exercises




As chief research o$cer for the SANS Institute, Johannes Ullrich is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips. https://blogs.sans.org/appsecstreet"ghter

Defending Web applications is critical!

Traditional network defenses such as firewalls fail to secure Web

applications, which have to be available to large user communities.

The amount and importance of data entrusted to Web applications is

growing, and defenders need to learn how to secure it. DEV522 covers the

OWASP Top 10 and will help you to better understand Web application

vulnerabilities, thus enabling you to properly defend your organization’s

Web assets.

Mitigation strategies from an infrastructure, architecture, and coding per-

spective will be discussed alongside real-world implementations that really

work. The testing aspect of vulnerabilities will also be covered so you can

ensure your application is tested for the vulnerabilities discussed in class.

The course goes beyond classic Web applications and includes coverage

of Web 2.0 technologies like AJAX and web services.

To maximize the benefit for a wider range of audiences, the discussions

in this course will be programming language agnostic. Focus

will be maintained on security strategies rather than coding level

implementation.

The course will cover the topics outlined by OWASP’s Top 10 risks

document, as well as additional issues the authors found of importance in

their day to day web application development practice. An example of the

topics that will be covered include:

• Infrastructure security• Server con!guration• Authentication mechanisms• Application language con!guration• Application coding errors like SQL injection and cross

site scripting• Cross-site request forging• Authentication bypass• Web services and related "aws• Web 2.0 and it’s use of Web services• XPATH and XQUERY languages and injection• Business logic "aws

D E V E L O P E R


Defending Web Applications Security Essentials

http://www.sans.org/security-training/defending-web-applications-security-essentials-1442-mid

D E V E L O P E R


Secure Coding in .NET: Developing Defensible ApplicationsASP.NET and the .NET framework have provided Web developers with tools that allow them an unprecedented degree of flexibility and productivity.

On the other hand, these sophisticated tools make it easier than ever to miss the little details that allow security vulnerabilities to creep into an application. Since ASP.NET, 2.0 Microsoft has done a fantastic job of integrating security into the ASP.NET framework, but the onus is still on application developers to understand the limitations of the framework and ensure that their own code is secure.

During this four-day course we will analyze the defensive strategies and technical underpinnings of the ASP.NET framework and learn where, as a developer, you can leverage defensive technologies in the framework, where you need to build security in by hand. We’ll also examine strategies for building applications that will be secure both today and in the future.

Rather than focusing on traditional Web attacks from the attacker’s perspective, this class will show developers first how to think like an attacker, and will then focus on the latest defensive techniques specific to the ASP.NET environment. The emphasis of the class is a hands-on examination of the practical aspects of securing .NET applications during development.

Have you ever wondered if ASP.NET Request Validation is effective? Have you been concerned that XML Web services might be introducing unexamined security issues into your application? Should you feel un-easy relying solely only on the security controls built into the ASP.NET framework? Secure Coding in ASP.NET will answer these questions and far more.


With SANS OnDemand, students receive:• 4-months access to our 24/7 online training and integrated assessment quizzes• A full set of course books and hands-on CDs • Labs & hands-on exercises• Synchronized online courseware and lectures • Progress reports• E-mail access to OnDemand virtual mentors

D E V E L O P E R


Secure Coding in Java/JEE: Developing Defensible ApplicationsThe Difference between Good and Great Programmers

Great programmers have traditionally distinguished themselves by the elegance, effectiveness, and reliability of their code. That’s still true, but elegance, effectiveness, and reliability have now been joined by security. Major finan-cial institutions and government agencies have informed their internal development teams and outsourcers that programmers must demonstrate mastery of secure coding skills and knowledge, through reliable third-party testing, or lose their right to work on assignments for those organizations. More software buyers are joining the movement every week.

Such buyer and management demands create an immediate response from programmers, Where can I learn what is meant by secure coding? This unique SANS course allows you to bone up on the skills and knowledge being measured in the third-party assessments as defined in the Essential Skills for Secure Programmers Using Java/JavaEE. http://www.sans-ssi.org/blueprint_files/java_blueprint.pdf

This is a comprehensive course covering a huge set of skills and knowledge. It’s not a high level theory course. It’s about real programming. In this course you will examine actual code, work with real tools, build applications, and gain confidence in the resources you need for the journey to improving security of Java applications.

Rather than teaching students to use a set of tools, we’re teaching students concepts of secure programming. This involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for that flaw.

http://www.sans.org/security-training/secure-coding-java-jee-developing-defensible-applications-912-mid

http://www.giac.org/certifications/software/gssp-java.php

http://www.sans.org/security-training/secure-coding-net-developing-defensible-applications-1147-mid

http://www.sans.org/security-training/secure-coding-java-jee-developing-defensible-applications-912-mid

http://www.giac.org/certifications/software/gssp-net.php

Who Should Register• Security and IT professionals• Lawyers• Paralegals• Auditors• Accountants• Compliance managers• Vendors of security technologies

and services • Regulatory o!cials• Investigators

Get GLEG Certified

www.giac.org







Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 24 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security, and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular popular blog at http://legal-beagle.typepad.com.

New laws regarding privacy, e-discovery, and data security are creating an urgent need for professionals who can bridge the gap between the legal department and the IT department.

This necessary professional training is uniquely available in SANS’ LEG523 series of courses, including skills in the analysis and use of contracts, policies, and records management procedures.

GIAC certification under LEG523 demonstrates to employers that a professional has not only attended classes, but studied and absorbed the sophisticated content of these courses. Certification distinguishes any professional, whether an IT expert, an auditor, a paralegal, or a lawyer, and the value of certification will grow in the years to come as law and security issues become even more interlocked.

This course covers the law of business, contracts, fraud, crime, IT security, IT liability, and IT policy – all with a focus on electronically stored and transmitted records. LEG523 is a five-day package delivering the content of the following one-day courses:

Fundamentals of IT Security Law and Policy E-Records, E-Discovery, and Business Law Contracting for Data Security and Other Technology The Law of IT Compliance: How to Conduct Investigations

Lessons will be invaluable to the proper execution of any kind of internal investigation.

Applying Law to Emerging Dangers: Cyber DefenseIn-depth review of legal response to the major security breach at TJX.

Special Features! This legal o#ering will cover many recent developments, including TJX, amendments to the Federal Rules of Civil Procedure pertaining to the discovery of electronic records in litigation and the torment Hewlett-Packard has endured for spying on journalists and members of its board of directors. Hewlett-Packard employed its internal security team and outside investigators in ways that raised legal questions (can you say, “computer crime law”?) and led to criminal indictments. All security professionals should know the lessons from these cases.

L E G A L


Law of Data Security and Investigations


http://www.sans.org/security-training/law-data-security-investigations-122-mid

http://www.giac.org/certifications/software/gleg.php

SANS OnDemand Skill-Based Short Courses

SEC351: Computer and Network Security Awareness

SEC517: Cutting-Edge Hacking Techniques

SEC531: Windows Command-Line Kung Fu In-Depth for Info Sec Pros

SEC546: IPv6 Essentials

SEC550: Information Reconnaissance: Competitive Intelligence and Online Privacy

SEC556: Comprehensive Packet Analysis

SEC561: Network Penetration Testing: Maximizing the E"ectiveness of Reports, Exploits, and Command Shells

SEC564: Hacker Detection for System Administrators

SEC567: Power Packet Crafting with Scapy

SEC569: Combating Malware in the Enterprise: Practical Step-by-Step Guidance

SEC580: Metasploit Kung Fu for Enterprise Pen Testing

FOR526: Advanced Filesystem Recovery and Memory Forensics

MGT305: Technical Communication and Presentation Skills for Security Professionals

MGT404: Fundamentals of Information Security Policy

MGT421: SANS Leadership and Management Competencies

MGT438: How to Establish a Security Awareness Program

AUD429: IT Security Audit Essentials Bootcamp

AUD521: Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant

DEV304: Software Security Awareness

DEV530: Essential Secure Coding in Java/JEE

DEV532: Essential Secure Coding in ASP.NET

DEV536: Secure Coding for PCI Compliance

For a complete list of currently available skill-based short courses o!ered in SANS OnDemand, go to

www.sans.org/ondemand/courses.php


Live Training Events The Most Trusted Name for Information Security Training

SANS training events are recognized as the best place in the world to get information security education. With SANS, you will gain signi!cant return on investment (ROI) for your InfoSec investment. Our intensive, immersion classes are designed to help your sta" master the practical steps necessary for defending systems and networks against the most dangerous threats – the ones being actively exploited. SANS o"ers classes throughout the year in many major US cities as well as in Europe, Australia, Canada, Asia, India, and Dubai. These training events feature anywhere from one to over !fty courses, from intimate Community SANS gatherings to SANS action-paced national events! SANS is the place to network with other information security professionals, gain information on new vendor products, participate in challenges and contests, and hear world-class guest speakers. www.sans.org/training/bylocation

SANS OnSite Your Location - Your Schedule

With the SANS OnSite program you can bring a combination of high-quality content and world-recognized instructors to your location and realize signi!cant savings. For organizations that need to train a large number of professionals, the SANS OnSite program is hard to beat! www.sans.org/onsite

SANS Mentor Intimate Informal Instruction

The SANS Mentor program o"ers the #exibility of online, self-paced learning along with hands-on mentor-led interaction through sessions where students can try the exercises, discuss the material, ask and answer questions, and help each other learn and prepare for certi!cation. Mentors are people who have earned certi!cation with honors. If one of your employees has met this bar, he or she can begin leading a mentored program. By using in-house mentors, you enable the teachers and students to discuss sensitive issues that they might not feel comfortable discussing with outsiders. www.sans.org/mentor

SANS Self Study Books & MP3s Only (PLUS, Lab CDs & Kits, when applicable)

For the motivated student who enjoys working independently, we o"er the SANS Self Study program. Students receive SANS course books (PLUS, Lab CDs & Kits, when applicable) and online access to MP3 !les of SANS’ world-class instructors teaching the material. Study course books and listen to the lectures at your own convenience and pace! www.sans.org/selfstudy

Don’t forget to supplement your SANS training with the SANS OnDemand Bundle!

Available with all of these other SANS training options for up to $399.

www.sans.org/ondemand/bundle.php

“I have several GIAC certs. My highest exam scores are from when I use OnDemand training.”

-BRAD FULTON, SMS DATA PRODUCTSB U N D L E

Live Virtual Training. Top SANS Instructors.

Bene!ts of SANS vLive!: • Live virtual instruction as an alternative to classroom training • No travel expense • Train without missing a week of work • Study at your own pace with material archived 24/7

Schedule: (All times are 7:00pm-10:00pm ET)

1/17/11 to 2/17/11 FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

2/8/11 to 3/17/11 SEC560: Network Penetration Testing and Ethical Hacking

2/21/11 to 4/6/11 MGT414: SANS® +S™ Training Program for the CISSP® Certi!cation Exam

3/1/11 to 4/7/11 FOR408: Computer Forensic Essentials

3/22/11 to 4/21/11 SEC566: Implementing and Auditing the Twenty Critical Security Controls - In Depth

Check the vLive! schedule for upcoming courses by visiting www.sans.org/vlive

Any Questions? Call Steve Peterson at 630.922.7768

or e-mail [email protected]

33

O t h e r S A N S Tr a i n i n g O p t i o n s

Earn Your Master’s Degree in Information Security from the SANS Technology Institute!

The SANS Technology Institute (STI) is one of the few master’s degree programs with a focus on information security engineering and information security management. STI di!ers from other programs in several important ways:• Our master’s degree programs provide a comprehensive array of courses to help

students gain technical mastery of technologies and processes, and includes GIAC Certi"cations and GIAC Gold Certi"cations

• Community Project Requirements (CPRs) enable students to master leadership skills such as oral and written communications, project management, mentoring, and persuasive skills

• We help you develop your reputation in the industry by ensuring your work is published through our online repositories including the SANS Reading Room and Security Policy Project and STI Web site

• Our faculty members are experts in the information security "eld with practical, current knowledge

Learn more about STI and our programs at www.sans.edu or contact us at [email protected].

http://www.sans.org/security-training/bylocation/index_na.php

http://www.sans.org/onsite/

http://www.sans.org/mentor

http://www.sans.org/selfstudy

http://www.sans.org/ondemand/bundle.php

http://www.sans.org/vlive

http://www.sans.edu

34

Use the SANS OnDemand Flex Pass to meet your entire organization’s information security

training needs.• Customize your 12-month training

pass with our 40+ online course library

• Learn on your own schedule – anytime, anywhere

• Save 100% of travel expenses and no time away from the o!ce

• Provides the best savings on SANS training

Custom Flex Pass OptionsWrite to us at [email protected] for a customized Flex Pass that will meet the training needs of your organization. We have account managers available to work with you to ful!ll your needs.

Options & Prices subject to change. Please check www.sans.org/ondemandfor most current information.

Group Flex Pass OptionsAllows companies the "exibility to purchase a deeply discounted 12-month online training pass consisting of multiple courses which can be used among employees, at the convenience of the company and employees.

Options Allows you to take... Training Value Discount Cost

Group Flex Pass 1 50 job-based (long) courses $178,000 Save 35% $115,700




Group Flex Pass 5 10 skill-based (short) courses $14,450 Save 15% $12,283

Individual Flex Pass OptionsAllows individuals to stock up on SANS training with the best discounts available! Our individual "ex passes are designed for those who have the desire to "ex their brain and training dollars with continuous training throughout the year.

Options Allows you to take... Training Value Discount Cost

Individual Flex Pass 1 4 job-based (long) $20,020 Save 25% $15,015 and 4 skill-based (short) courses

Individual Flex Pass 2 4 job-based (long) courses $14,240 Save 20% $11,392

Individual Flex Pass 3 4 skill-based (short) courses $5,780 Save 15% $4,913

“Hands down, SANS OnDemand is the best training money can buy! With budget cuts taking place in all organizations – big and small – SANS OnDemand provides a cost e!ective approach for a company to get their employees trained at

a fraction of the cost of traditional classroom training.” -MATT AUSTIN, SYMANTEC CORPORATION

WEB www.sans.org/ondemand/flexpass.php

E-MAIL [email protected]

PHONE (301) 654-7267 (Mon-Fri, 9am-8pm EST)

http://www.sans.org/ondemand/

35

SANS 2011 Live Training Calendar

SANS 2011Orlando, FL

March 27 - April 4, 2011 www.sans.org/sans-2011

SANS Security West 2011San Diego, CA

May 5-12, 2011 www.sans.org/security-west-2011

SANS Network Security 2011Las Vegas, NV

September 18-26, 2011 www.sans.org/network-security-2011

SANSFIRE 2011Washington, DC July 15-23, 2011

www.sans.org/sans!re-2011

SANS CDI 2011Washington, DC

December 6-16, 2011 www.sans.org/cyber-defense-initiative-2011

SANS Security East 2011 January 20 - 27, 2011 • New Orleans, LA

SANS Phoenix 2011 February 25 - March 2, 2011 • Phoenix, AZ

SANS AppSec 2011 March 7 - 14, 2011 • San Francisco, CA

SANS Northern Virginia 2011 April 14-21, 2011 • Reston, VA

http://www.sans.org/security-east-2011/

http://www.sans.org/phoenix-2011/

http://www.sans.org/appsec-2011/

http://www.sans.org/sans-2011/

http://www.sans.org/northern-virginia-2011/

http://www.sans.org/security-west-2011/

http://www.sans.org/sansfire-2011/

http://www.sans.org/network-security-2011/

http://www.sans.org/cyber-defense-initiative-2011/

SANS OnDemand Registration InformationTo register for SANS OnDemand, go to www.sans.org/ondemand.

36

All SANS OnDemand courses include 4 months of access to the comprehensive online training & assessment system, course book(s), hands-on CD/DVDs & labs (if applicable) and MP3 audio files.

How to Register1. Everyone with Internet access must complete the online registration form.

(We do not take registrations by phone.)

2. Even if you do not want to submit your payment information online, still complete the online registration form. There is an option to submit Credit Card information for payment by fax OR phone once the online form is completed and you have your invoice number.

3. SANS ONLY ACCEPTS US & CANADIAN FEDERAL GOVERNMENT PURCHASE ORDERS. If you normally use a PO, and are not part of the federal government, please see our additional PO information on the Tuition Information page.

4. You must print YOUR OWN INVOICE at the end of the online registration process, if you need one.

5. An immediate e-mail confirmation is sent to you when the registration is submitted properly.

What to Do Once RegisteredOnce your online registration is submitted, you will receive a copy of your invoice via e-mail. If you do not pay online with a credit card, your invoice will be marked as unpaid. Once your payment has been made, you will receive a paid receipt via email. Within 48 hours of payment, you will receive an email with information on how to access your course.

GIAC CertificationTo receive the discounted rate of $499 for the GIAC certification attempt, you must add the certification attempt when you register for your SANS training course. On the online registration form, simply choose to add the certification attempt with your course. The duration of access for your training and to pass the certification exams will be 4 months.

The GIAC certification attempt may also be purchased without SANS training at a higher rate of $899, through the GIAC Challenge program. For more information about the GIAC program and steps to certification, go to www.giac.org.

Acceptable Forms of Payment• Check

• Credit Card (Visa, Master Card, American Express, Diners Club, Eurocard)

• Wire Transfers

• Federal Government Purchase Orders (ONLY US & CANADIAN FEDERAL GOVERNMENT)

Although SANS only accepts Federal Government Purchase Orders, you may still process your PO internally. Once SANS receives payment, training access will be granted.

Time Extensions for Training and GIAC CertificationTime extensions are available for SANS OnDemand training and GIAC Certification attempts. The cost is $199 for each one-month extension. Write to [email protected] to request an extension.

For more detailed registration information, go to http://www.sans.org/ondemand/tuition.php

or contact the SANS registration office at [email protected] or call 301-654-7267 (Mon-Fri, 9:00am-8:00pm EST).

Course Progress Reports & Certificate of CompletionStudents may print a progress report, with their up to the minute course progress, at anytime throughout their course. A Certificate of Completion is also available once all slides have been viewed and all assessments are successfully completed.

SANS OnDemand Course Fees List Add Estimated CPEJob-Based Long Courses Price GIAC Cert Training Credits

SEC301 Intro to Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,140 $499 50 hours 30SEC401 SANS Security Essentials Bootcamp Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,645 $499 80 hours 46SEC501 Advanced Security Essentials - Enterprise Defender. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 46SEC502 Perimeter Protection In-Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36SEC503 Intrusion Detection In-Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36SEC504 Hacker Techniques, Exploits, and Incident Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36SEC505 Securing Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36SEC506 Securing Linux/Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36SEC509 Securing Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 N/A 70 hours 36SEC542 Web App Penetration Testing and Ethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,515 $499 70 hours 36SEC560 Network Penetration Testing and Ethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,870 $499 70 hours 36SEC566 Implementing and Auditing the Twenty Critical Security Controls - In Depth . . . . . . . . $3,200 N/A 50 hours 30SEC617 Wireless Ethical Hacking, Penetration Testing, and Defenses . . . . . . . . . . . . . . . . . . . . . . $3,645 $499 70 hours 36FOR408 Computer Forensic Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,875 $499 70 hours 36FOR508 Computer Forensic Investigations and Incident Response . . . . . . . . . . . . . . . . . . . . . . . . $3,875 $499 70 hours 36FOR558 Network Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 N/A 50 hours 31.5FOR610 Reverse-Engineering Malware: Malware Analysis Tools and Techniques . . . . . . . . . . . . $3,290 $499 50 hours 24MGT411 SANS 27000 Implementation & Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,425 $499 60 hours 36MGT414 SANS® +S™ Training Program for the CISSP® Certi"cation Exam . . . . . . . . . . . . . . . . . . . $3,470 $499 60 hours 51MGT512 SANS Security Leadership Essentials For Managers with Knowledge Compression™ . . $3,915 $499 50 hours 33LEG523 Law of Data Security and Investigations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,140 $499 50 hours 30AUD410 IT Security Audit and Control Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,425 N/A 60 hours 36AUD507 Auditing Networks, Perimeters, and Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,560 $499 70 hours 36DEV522 Defending Web Applications Security Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $3,515 N/A 70 hours 36DEV541 Secure Coding in Java/JEE: Developing Defensible Applications . . . . . . . . . . . . . . . . . . . $2,935 $499 50 hours 24DEV544 Secure Coding in .NET: Developing Defensible Applications . . . . . . . . . . . . . . . . . . . . . . . $2,935 $499 50 hours 24

List Add Estimated CPESkill-Based Short Courses Price GIAC Cert Training Credits

SEC351 Computer and Network Security Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$150 N/A 5 hours 3SEC517 Cutting-Edge Hacking Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$975 N/A 10 hours 6SEC531 Windows Command-Line Kung Fu In-Depth for Info Sec Pros . . . . . . . . . . . . . . . . . . . . . . . .$975 N/A 10 hours 6SEC546 IPv6 Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 10 hours 6SEC550 Information Reconnaissance: Competitive Intelligence and Online Privacy . . . . . . . . . . . .$890 N/A 10 hours 6SEC556 Comprehensive Packet Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 10 hours 6SEC561 Network Penetration Testing: Maximizing the E#ectiveness of Reports, Exploits, and Command Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 10 hours 6SEC564 Hacker Detection for System Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,870 N/A 20 hours 12SEC567 Power Packet Crafting with Scapy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 10 hours 6SEC569 Combating Malware in the Enterprise: Practical Step-by-Step Guidance . . . . . . . . . . . . $1,515 N/A 20 hours 12SEC580 Metasploit Kung Fu for Enterprise Pen Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,515 N/A 20 hours 12FOR 526 Advanced Filesystem Recovery and Memory Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 10 hours 6MGT305 Technical Communication and Presentation Skills for Security Professionals . . . . . . . . . .$890 N/A 10 hours 6 MGT404 Fundamentals of Information Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,135 N/A 10 hours 9MGT421 SANS Leadership and Management Competencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$975 N/A 10 hours 6MGT438 How to Establish a Security Awareness Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,135 N/A 10 hours 6AUD429 IT Security Audit Essentials Bootcamp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,605 N/A 20 hours 14AUD521 Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant . . . . . . . . . . . . . $1,515 N/A 20 hours 12DEV304 Software Security Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$890 N/A 5 hours 3DEV530 Essential Secure Coding in Java/JEE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .$1600 N/A 10 hours 12 DEV532 Essential Secure Coding in ASP.NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,600 N/A 20 hours 12DEV536 Secure Coding for PCI Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,445 N/A 20 hours 12

Groups & Multiple Course DiscountsTo obtain group pricing, contact us at [email protected]

or call us at (301)654-7267.

Course Availability & Prices subject to change. Please check http://www.sans.org/ondemand for most current information.

37