SANS™ Institute - Computer Security Education and Information Security Training
curve Training Events SANS PortalCreate Account curve
SysAdmin, Audit, Network, Security Computer Security Training The Most Trusted Source For Computer Security Training     
line
spacer
SANS Store Reading Room Internet Storm Center GIAC Certification S.C.O.R.E. Vendor Opportunities
spacer
. February 02, 2005: Spam Prevention: Past, Present and Future
spacer
Internet Threat Level Green: Current Threat Level Is Green

Expand Your
Knowledge With:
SB_atlogo
FE_LoneStar05
spacer SANS Audit Essentials
“Jacked my paranoia level up around my ears, and then gave me the tools to manage the threat. ”
Don Geiger, DCPS Division of Tech.
 
SANS Local Mentor Program - Click for more information
SANS Stay Sharp Program - Click for more information SANS™ Computer Security Training Events Calendar
US Training   Special Offering

Special offerings are courses/tracks ouside of our normal track structure. These course may be either lecture or hands on. Examples of such courses are.

Securing Windows 2000 - Gold Standard
SANS Security Essentials Flight School
Revese Engineeringing Malware
CCNA +S
MCNS +S
Wireless Networks
Building a syslog Infrastructure

And many others.   Track 1: SANS Security Essentials Bootcamp 

Maximize your training time and turbo-charge your career in security by learning both the CISSP 10 Domains needed to pass the CISSP exam and the full SANS Security Essentials curriculum needed to qualify for the GSEC certification.

In this track, you will learn the language and underlying theory of computer security; and at the same time, you will learn the essential, up-to-the-minute knowledge and skills required for effective performance if you are given the responsibility for securing systems and/or organizations.

This course meets both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice immediately upon returning to work and (2) SANS identifies the best security instructors to teach their courses, by choosing from those who have ranked highest in a nine-year competition among potential security faculty. As always, great teaching sets SANS courses apart. This program offers great teaching along with the ability to master the material needed for the two most popular certifications in information security: CISSP and GSEC.   Track 2: Firewalls, Perimeter Protection and VPNs

Remember the good old days when you could install "a firewall" and deem your perimeter to be secure? Well, today's attackers are creating and launching attacks specifically designed to circumvent firewalls; payload based, fragmentation and cross-site scripting attacks are assaulting systems throughout the Internet constantly nowadays. Commercial networking companies are even releasing "helpful" software that lets users tunnel all sorts of non-company-sanctioned applications right through firewalls via the http port. Gone are the days when a single security solution can lock down a network perimeter. In this course, students will learn about all the pieces required to really secure a network and keep it secure in today's incredibly hostile environment. Decoding IP packets, firewalls, intrusion detection, centralized logging and alerting, VPNs, auditing, and network design are all covered in depth, using real-world examples to illustrate the practical knowledge.   Track 3: Intrusion Detection In-Depth

This hands-on track offers a practical working knowledge in intrusion detection and traffic analysis, taught by top practitioners/authors in the field. This is the most advanced program in network intrusion detection that has ever been taught. All of the courses are either new or just updated to reflect the latest attack patterns. This series is jam-packed with network traces and analysis tips.

The emphasis of this track is to familiarize students with TCP/IP, general network traffic analysis, and one specific network intrusion detection system - Snort. This track is not a comparison or demonstration of multiple NIDS. It is expected that with the knowledge acquired from this track, students will be better able to understand the qualities of a sound NIDS to make a wise selection for their site's particular needs.   Track 4: Hacker Techniques, Exploits and Incident Handling

Let's face it. If your organization is connected to the Internet or has any disgruntled employees, your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. By helping you understand attackers' tactics and strategies in detail, giving you hands-on experience in discovering vulnerabilities, and equipping you with a comprehensive incident handling plan, the in-depth information in this course helps you turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors and the oldie-but-goodie attacks that are still so prevalent, and everything in between.

Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents, a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them, and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

This track can be used to prepare for the GIAC Certified Incident Handler (GCIH) certification.   Track 5: Securing Windows

The Securing Windows track is a comprehensive curriculum for securing Windows 2000 and Windows XP networks. This program brings the confusing complexity of Windows 2000/XP security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec. This track provides best practices for security, hands-on exercises, extensive documentation/screenshots in the book-like manuals, a CD-ROM of security/scripts and an objective account of Windows security (neither bashing Microsoft nor towing the party line). You cannot claim to be a Windows 2000/XP security expert without mastering the information and skills presented in Track 5.

This track can be used to prepare for the GIAC Certified Windows Security Administrator (GCWN) certification.   Track 6: Securing Unix

The distributed denial of service attacks that incapacitated Yahoo and other high profile internet sites in February 2000 were all launched from improperly configured Unix systems. Hundreds of scripts are continuously searching the internet for vulnerable Unix systems. SANS is pleased to offer a Unix security certification track. This track can be used to prepare for the GIAC Certified Unix Security Administrator (GCUX) certification.

The track provides in-depth coverage of Unix-specific security issues. We will look at how the Unix semantics for file storage, program execution, and memory layout help - or hinder! - your ability to secure a Unix system. We will also look at the specific configuration choices needed to secure the most commonly used Unix servers: Apache, Sendmail, and more. You will see the exact steps necessary to secure the two most common Unix flavors: Solaris and Linux.

All through the course, you will learn how to use freely available tools to handle security issues. We will cover the installation, basic use, and advanced options so that you can start using these tools as soon as you return to work. We will put these tools to use in the special section on Unix Forensics.

We will also include a detailed section on the installation, configuration, basic use, and advanced operation of SSH, as it is so crucial for Unix system management.   Track 7: Auditing Networks, Perimeters and Systems

The recently expanded Auditing Track is the end product of the efforts of over one hundred skilled system, network and security administrators working with one common goal: to improve the state of information security. This track, like all SANS courses, is based on known and validated threats and vulnerabilities. These threats and vulnerabilities are explained based on validated information from real world situations that can be used to raise awareness within an organization and build an understanding of why auditing is important. From these threats and vulnerabilities, we build the countermeasures and defenses including instrumentation, metrics and auditing. The course begins with a high level introduction on methods and audit programs. It then takes you through all of the particulars of how you actually audit devices and IT systems ranging from firewalls and routers, all the way down to the underlying operating systems. You'll be able to use what you learn the day you get home. Four days out of the six days in the track will include hands-on exercises with the demonstrated tools on a live in-class network. Each student is invited to bring their own Windows 2000 or higher laptop for use during class. The hands-on exercises will allow you to experiment with the audit tools discussed in class and to actually perform audit functions against SANS-provided servers in class. A great audit is more than marks on a checklist; it is the understanding of the best practices, system analysis and forensics. Sign up for this course and experience the mix of theory and hands-on, pragmatic knowledge.

This track can be used to prepare for the GIAC Systems and Network Auditor (GSNA) certification.   Track 8: System Forensics, Investigations, and Response

Current research indicates that unpatched, unprotected computers that have been connected to the Internet are being compromised in 3 days or less. In such a harsh environment, even protected systems can become the victim of a successful attack - and we see evidence of this daily. To be effective, today's incident response personnel must be trained in a variety of operating systems, investigation techniques, incident response tactics, and even legal issues. This track is designed to equip frontline incident handlers with the knowledge, tools, and hands-on experience needed to successfully investigate and respond to computer incidents in their organizations.

Beginning with foundation concepts such as file system structures, MAC times, and basic forensic auditing, the content and difficulty level of this track advances rapidly. You'll learn how and when to use various tools such as the UNIX The Coroner's Toolkit (TCT), the Windows Incident Response Collection Report (IRCR), and then quickly move on to advanced forensic and incident response topics and techniques. Five days of intense, hands-on courses, and a deep-knowledge education into legal challenges and issues culminate with an over-the-shoulder view of an investigation performed on a real-world compromised system collected by the Honeynet Project.

Many of the courses in this track provide the unique opportunity to learn forensic techniques in a lab-style, hands-on setting. Where possible, tools and techniques for both Windows and UNIX investigations will be discussed. This track can be used to prepare for the GIAC Certified Forensic Analyst (GCFA) Certification.   Track 9: Intro to Information Security 
 
SANS is the MIT of Information Security and this introduction certification track is the fastest possible way to get up to speed on the terminology and concepts of information security. Understand the threats and risks to information resources and identify generally accepted best practices. Master risk management, security management, access controls, attacks and counter measures, secrecy and privacy, along with auditing concepts. 

 If you are a freshman in the field of information security, this is the course for you! You will develop the skills to bridge the gap that often exists between managers and system administrators and communicate effectively with personnel in all departments and at all levels within your organization.   Track 10: IT Security Audit Essentials

The IT Security Audit Essentials Track is designed for individuals entering the information security industry who are tasked with auditing organization policy, procedure, risk, or policy conformance. The first three days of this track are from SANS' top rated Security Essentials track, borrowing approximately three days of material covering general security principles. Topics include fundamentals of cryptography, an introduction to covert channels, basic network theory and network security, an introduction to firewalls, wireless technologies and other topics from that track. The last three days of this track deal with auditing theory and its real world application. Specific attention is given to effective auditing of Windows NT, Windows 2000, Domain Controllers, Active Directory Peers, Novell 6 Servers, Unix hosts, routers, wireless devices, and palmtop computing devices. Students attending this class are not required to have any in-depth technical experience or knowledge of the technologies to be discussed. After attending this track, students will have a firm grasp of information security principles and issues and will be equipped to develop best practice audit checklists. Students will also be prepared to perform limited risk assessments as well as security and conformance audits based on established best practice.   Track 11: SANS 17799 Security and Audit Framework

This track is designed for information security officers or other management professionals who are looking for a how-to guide for implementing ISO-17799 effectively. While the standard is very well written, anyone who has actually tried to shift to an ISO-17799 structured security organization knows that there can be some significant hurdles to overcome. This course will give you the information you need to go back to your organization with a plan of action to get the job done!   Track 12: SANS Security Leadership Essentials Bootcamp for Managers

This course is designed to empower senior and advancing managers who want to get up to speed fast on information security issues and terminology. Lecture sections are intense; the most common student comment is drinking from a fire hose. The diligent manager will learn vital, up-to-date knowledge and skills required to supervise the security component of any information technology project.   Track 13: Security Consultant  
This track is designed for information security officers or other management professionals who are looking for a how-to guide for implementing ISO-17799 effectively. While the standard is very well written, anyone who has actually tried to shift to an ISO-17799 structured security organization knows that there can be some significant hurdles to overcome. This course will give you the information you need to go back to your organization with a plan of action to get the job done!   SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam

This  Course will cover the security concepts needed in order to take the CISSP(R) exam.  This course is an accelerated review course that assumes the student has a basic understanding of networks and operating systems and focuses solely on the ten domain of knowledge as determined by ISC2.   Track 15: Secure Internet Presence - LAMP

The SANS LAMP course is an advanced course designed to enable you to build, configure, and maintain a secure, effective web presence from the ground up. For each component of LAMP, students will become experts at installation, configuration, maintenance, performance tuning, and security.   Track 16: .NET Security

Seeking .NET enlightenment? This course is for you. .NET is the foundation of Microsoft's future, which means it will be the future of everyone employing Microsoft technologies (and maybe a few more). No individual within the security community or Windows community can ignore .NET. .NET is here, it's powerful, and will affect everything you do.   Track 17: Linux Administration Bootcamp

The course covers Linux installation & configuration, user & group administration, disk & filesystem management, networking, advanced configuration & deployment, system troubleshooting, rescue, Apache Web Server, Samba, and more. The course is based upon the latest release of Fedora Linux and is a combination of instructor lecture and demonstrations, as well as student lab time.   Vendor Expo or Special Offering
spacer
spacer SANS@Home - XI, -Feb 02-23, 05   Security 601: Reverse-Engineering Malware
With Lenny Zeltser
spacer
spacer Immersion Training
Orlando, FL -Feb 03-09, 05
    Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs   Hands-on: Track 3: Intrusion Detection In-Depth   Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows       Hands-on: Track 7: Auditing Networks, Perimeters and Systems   Hands-on: Track 8: System Forensics, Investigations, and Response   Hands-on: Track 9: SANS Introduction to Information Security   Hands-on: Track 10: IT Security Audit Essentials   Hands-on: Track 11: SANS 17799 Security and Audit Framework   Hands-on: Track 12: SANS Security Leadership Essentials       Hands-on: Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam       Hands-on: Track 16: .NET Security       Vendor Expo
spacer
spacer Dallas, TX -Feb 14-19, 05   SANS® +S™ Dallas Training Conference
spacer
spacer Houston, TX -Mar 10-16, 05       Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs   Hands-on: Track 3: Intrusion Detection In-Depth   Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows       Hands-on: Track 7: Auditing Networks, Perimeters and Systems       Hands-on: Track 9: SANS Introduction to Information Security   Hands-on: Track 10: IT Security Audit Essentials   Hands-on: Track 11: SANS 17799 Security and Audit Framework   Track 12: SANS Security Leadership Essentials                       Vendor Expo
spacer
spacer Houston, TX -Mar 11-13, 05
  SANS Security Leadership Retreat for Managers
spacer
spacer SANS2005
San Diego, CA -Apr 05-12, 05
  Special Event   Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs   Hands-on: Track 3: Intrusion Detection In-Depth   Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows   Hands-on: Track 6: Securing Unix / Linux   Hands-on: Track 7: Auditing Networks, Perimeters and Systems   Hands-on: Track 8: System Forensics, Investigations, and Response   Hands-on: Track 9: SANS Introduction to Information Security   Hands-on: Track 10: IT Security Audit Essentials   Hands-on: Track 11: SANS 17799 Security and Audit Framework   Hands-on: Track 12: SANS Security Leadership Essentials   Hands-on: Track 13: Security Consultant   Hands-on: Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam   Hands-on: Track 15: Secure Internet Presence - LAMP   Hands-on: Track 16: .NET Security       Vendor Expo
spacer
Additional Upcoming Conferences >>
spacer
International Training   Special Offering   Track 1: SANS Security Essentials   Track 2: Firewalls, Perimeter Protection and VPNs   Track 3: Intrusion Detection In-Depth   Track 4: Hacker Techniques, Exploits and Incident Handling   Track 5: Securing Windows   Track 6: Securing Unix   Track 7: Auditing Networks, Perimeters and Systems   Track 8: System Forensics, Investigations, and Response   Track 9: Intro to Information Security   Track 10: IT Security Audit Essentials   Track 11: SANS 17799 Security and Audit Framework   Track 12: SANS Security Leadership Essentials for Managers   Track 13: Security Consultant   Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam   Track 15: Secure Internet Presence - LAMP   Track 16: .NET Security   Track 17: Linux Administration Bootcamp   Vendor Expo / Special Offering
spacer
spacer Sydney, Australia -Feb 19-26, 05   Special Event   Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs       Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows       Hands-on: Track 7: Auditing Networks, Perimeters and Systems               Hands-on: Track 11: SANS 17799 Security and Audit Framework                            
spacer
spacer Tokyo, Japan -Mar 21-26, 05       Hands-on: Track 1: SANS Security Essentials                           Hands-on: Track 8: System Forensics, Investigations, and Response                                        
spacer
Online / Onsite Training   Special Offering   Track 1: SANS Security Essentials   Track 2: Firewalls, Perimeter Protection and VPNs   Track 3: Intrusion Detection In-Depth   Track 4: Hacker Techniques, Exploits and Incident Handling   Track 5: Securing Windows   Track 6: Securing Unix   Track 7: Auditing Networks, Perimeters and Systems   Track 8: System Forensics, Investigations, and Response   Track 9: Intro to Information Security   Track 10: IT Security Audit Essentials   Track 11: SANS 17799 Security and Audit Framework   Track 12: SANS Security Leadership Essentials for Managers   Track 13: Security Consultant   Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam   Track 15: Secure Internet Presence - LAMP   Track 16: .NET Security   Track 17: Linux Administration Bootcamp   Vendor Expo / Special Offering
spacer
spacer Awareness Training   SANS Security Awareness Training
spacer
spacer SANS Self Study       Track 1: SANS Security Essentials   Track 2: Firewalls, Perimeter Protection and VPNs   Track 3: Intrusion Detection In-Depth   Track 4: Hacker Techniques, Exploits, and Incident Handling   Track 5: Securing Windows   Track 6: Securing Unix / Linux   Track 7: Auditing Networks, Perimeters and Systems   Track 8: System Forensics, Investigations, and Response   Track 9: SANS Introduction to Information Security       Track 11: SANS 17799 Security and Audit Framework   Track 12: SANS Security Leadership Essentials   Track 13: Security Consultant   Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam                
spacer
spacer Stay Sharp Program   Stay Sharp Program
spacer
spacer Local Mentor Program       Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs   Hands-on: Track 3: Intrusion Detection In-Depth   Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows   Hands-on: Track 6: Securing Unix / Linux   Hands-on: Track 7: Auditing Networks, Perimeters and Systems   Hands-on: Track 8: System Forensics, Investigations, and Response   Track 9: SANS Introduction to Information Security                   Hands-on: Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam                
spacer
spacer SANS@HOME     Track 1: SANS Security Essentials   Track 2: Firewalls, Perimeter Protection and VPNs   Track 3: Intrusion Detection In-Depth   Track 4: Hacker Techniques, Exploits, and Incident Handling   Track 5: Securing Windows       Track 7: Auditing Networks, Perimeters and Systems   Track 8: System Forensics, Investigations, and Response                       Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam                
spacer
spacer Onsite Training     Hands-on: Track 1: SANS Security Essentials   Hands-on: Track 2: Firewalls, Perimeter Protection and VPNs   Hands-on: Track 3: Intrusion Detection In-Depth   Hands-on: Track 4: Hacker Techniques, Exploits, and Incident Handling   Hands-on: Track 5: Securing Windows   Hands-on: Track 6: Securing Unix / Linux   Hands-on: Track 7: Auditing Networks, Perimeters and Systems   Hands-on: Track 8: System Forensics, Investigations, and Response   Hands-on: Track 9: SANS Introduction to Information Security   Hands-on: Track 10: IT Security Audit Essentials   Hands-on: Track 11: SANS 17799 Security and Audit Framework   Track 12: SANS Security Leadership Essentials   Hands-on: Track 13: Security Consultant   Hands-on: Track 14: SANS(R) +S(TM) Training Program for the CISSP(R) Certification Exam                
spacer
spacer Computer Security Webcast   February 02, 2005
Spam Prevention: Past, Present and Future
spacer
spacer GIAC Prep Teaching Kits                                       GIAC Prep Teaching Kit                                    
spacer
spacer GIAC Prep Practice Tests   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test   GIAC Prep Practice Test                
spacer
* Additional Track / Course Offerings

Computer Security Training Matrix Key
Navigating the SANS Computer Security Training Matrix
  • For detailed information on a computer security conference/event, simply click on the city/date in the left hand column of the training matrix.
  • To get detailed track/course outlines, click on the graphic in the track/course column of the training matrix.
Laptop = Hands-on - A red triangle icon indicates a sold-out course. Click the triangle to get to the waiting list.
Laptop = Hands-on - A laptop icon indicates hands-on activities.
Dot = no hands-on, lecture - A dot icon indicates all lecture no hands-on, or an online course.
V = vendor expo - A "V" icon indicates a computer security vendor exposition.
C = Challange Certification - A "C" icon indicates a GIAC Challenge Certification.
L= Local Mentor Session - A "L" icon indicates a Local Mentor Session taking place in the conference city.
SP - The SP column is for special course offerings not included in the standard tracks.
T1 - The T1 column is for SANS Security Essentials Bootcamp.
T2 - The T2 column is for Firewalls, Perimeter Protection, and VPNs.
T3 - The T3 column is for Intrusion Detection In-Depth.
T4 - The T4 column is for Hacker Techniques, Exploits and Incident Handling.
T5 - The T5 column is for Securing Windows.
T6 - The T6 column is for Securing Unix/Linux.
T7 - The T7 column is for Auditing Networks, Perimeters & Systems.
T8 - The T8 column is for System Forensics, Investigation and Response.
T9 - The T9 column is for Intro to Information Security.
T10 - The T10 column is for IT Security Audit Essentials.
T11 - The T11 column is for SANS 17799 Security and Audit Framework.
T12 - The T12 column is for SANS Security Leadership Essentials For Managers.
T13 - The T13 column is for Security Consultant.
T14 - The T14 column is for SANS® +S™ Training Program for the CISSP® Certification Exam.
T15 - The T15 column is for Secure Internet Presence - LAMP.
T16 - The T16 column is for .NET Security.
T17 - The T17 column is for Linux Administration Bootcamp.
V/SP - The V/SP column is for vendor expos or special courses.

 
. .