Vous êtes sur la page 1sur 73

Las Vegas

September 19-29, 2010

2010
2010

THE MOST TRUSTED NAME IN INFORMATION AND SOFTWARE SECURITY

“Getting hands-on experience with the latest tools and having fun learning gives SANS an edge no other training organization has yet mastered.”

-JASON FOWLER, UBC

SANS WhatWorks in Legal Issues and PCI Compliance in Information Security Summit being held in
SANS WhatWorks in
Legal Issues
and PCI Compliance
in
Information
Security
Summit
being held in
conjunction
with is
Network Security 2010
– Sept 22 - 29.
www.sans.org/
pci-legal-info-tech-summit-2010

Hands-on immersion training programs taught by the world’s highest-rated instructors!

Security Essentials Bootcamp Style Hacker Techniques, Exploits & Incident Handling Network Penetration Testing & Ethical Hacking Computer Forensic Investigations & Incident Response Security Leadership Essentials for Managers +S™ Training Program for the CISSP® Cert Exam Auditing Networks, Perimeters & Systems Intrusion Detection In-Depth Web App Penetration Testing and Ethical Hacking

…and more than 30 other courses in network and software security, forensics, legal, management, and IT audit.

security, forensics, legal, management, and IT audit. At Caesar’s Palace Register at
security, forensics, legal, management, and IT audit. At Caesar’s Palace Register at

At

Caesar’s Palace

Register at

www.sans.org/network-security-2010

Dear Colleague,

Please join us for SANS Network Security 2010 at Caesars Palace in Las Vegas, September 19-29, where SANS will provide your best training in the industry today* from the Security, Forensics, Management, Audit, and Legal curricula.

At SANS Network Security 2010, you’ll get valuable immersion training from our top SANS instructors and learn skills and tools for dealing with the cyber threats you face daily. SANS Network Security 2010 offers a high-energy program with world-class instructors, a huge Vendor Solutions Expo, hands-on labs, evening talks and a myriad of networking opportunities to expand your peer group and exchange challenges and solutions.

SANS continues to offer the newest and most relevant courses to meet your needs. As you review this brochure, be aware that not only can you select a job-based, full course for complete immersion training, but you can also select

a short, skill-based course of a day or two either before or after to maximize your

training investment. Course topics include Implementing and Auditing the Twenty Critical Security Controls – In Depth, Virtualization Security Fundamentals, and much, much more! Many of the hottest new courses are selling out, so register today!

Networking is a hidden jewel at Network Security 2010! Where else will you meet others in your field or in your role who deal with the same exploits and challenges you do? Several networking opportunities are available at SANS Network Security 2010. Along with your course, you can attend the SANS@Night presentations, evening talks with keynote speakers like Lenny Zeltser and Jason Fossen, and our Vendor events. SANS Network Security 2010 Vendor Expo provides a look at solutions and vendor products that can help address your organization’s key security issues. In addition, we will be featuring Lunch & Learn sessions and Cocktail Briefs throughout this event so take advantage of these great networking opportunities.

Enhance your learning by attending the Legal Issues & PCI Compliance in Information Security Summit 2010 being held in conjunction with Network Security 2010.

The information technology industry changes daily, and the challenges you face are undoubtedly complex. If you know any key stakeholders in the security of your organization, take them to Las Vegas this fall. They’ll be glad they came!

It is our goal to help you get the most out of your SANS Network Security 2010

experience. If you have suggestions on how we can better help you find the information you need, then I would love to hear from you, stephen@sans.edu.

See you in Las Vegas!

Kind regards,

When you register, be sure to use the promo code on the back of this brochure. Those who do will receive a special invitation to the SANS Presidential Reception.

a special invitation to the SANS Presidential Reception. Stephen Northcutt President The SANS Technology Institute, a

Stephen Northcutt President The SANS Technology Institute, a postgraduate computer security college

*Based on SC Magazine’s Best Professional Training Program Award 2010

Stephen Northcutt

Here is what a few of last year’s attendees had to say:

“Again, SANS has managed to take incredibly complicated material and make it easy to understand”

-MARC STOUFER, MEIJER

“I like the fact that this course contained no u . All the information was of bene t and no time was wasted”

-AMALIA DOMINGUEZ,

NV ENERGY

“No other training has provided such instant value to me as a professional and to my company.

-TERRY PACK, WELLPOINT

S

A

N

S

T

R

A

I

N

I

N

G

A

N

D

Y

O

U

R

C

A

R

E

E

R

R

O

A

 

S

E

C

U

R

I

T

Y

C

U

R

R

I

C

U

L

U

M

Incident Handling

 

SEC504

 

FOR508

Hacker Techniques,

Computer Forensic

Exploits, and

Investigations and

Incident Handling

Incident Response

GCIH

PG 52

GCFA

PG 28

Beginners

SEC301

Intro to Information

Security

GISF

PG

21

SEC301 NOTE:

If you have experience in the eld, please consider our more

PG 18 GSEC
PG 18
GSEC
advanced course – SEC401.
advanced course –
SEC401.

SEC401

SANS

Security

Essentials

Bootcamp

Style

PG 44

SANS Security Essentials Bootcamp Style PG 44 Penetration Testing Network and Application Security SEC501

Penetration Testing

Network and Application Security

SEC501

Advanced Security

Essentials –

Enterprise Defender

GCED

PG 46

Additional Network and Application Security Courses

SEC440: 20 Critical Security Controls: Planning, Implementing, and Auditing SEC556: Comprehensive Packet Analysis PG 18 SEC565: Data Leakage Prevention - In Depth PG 17 SEC566: Implementing & Auditing the Twenty Critical Security Controls - In-Depth PG 20

Intrusion Analysis

 

SEC501

SEC502

 

SEC503

Advanced Security

Perimeter

Intrusion

Essentials –

Protection

Detection

Enterprise Defender

In-Depth

In-Depth

GCED

PG 46

GCFW

PG 48

GCIA

PG 50

Additional Intrusion Analysis Courses

SEC577: Virtualization Security Fundamentals PG 19

System Administration

 

SEC501

SEC505

SEC506

Advanced Security

Securing

Securing

Essentials –

Windows

Linux/Unix

Enterprise Defender

GCED

PG 46

GCWN

PG 54

GCUX

PG 56

SEC509

Securing

Oracle

PG 58

Additional System Administration Courses

SEC434: Log Management In-Depth SEC531: Windows Command-Line Kung Fu SEC546: IPv6 Essentials PG 18 SEC564: Hacker Detection for System Administrators PG 19

D

M

A

P

F O R E N S I C S C U R R I C U L U M

FOR408 Computer Forensic Essentials PG 26
FOR408
Computer
Forensic Essentials
PG 26
   

FOR508

   

Computer Forensic

Investigations and

Incident Response

GCFA

PG 28

 
   
 

FOR558

     

FOR563

Network

Mobile Device

Forensics

Forensics

PG 30

PG 32

 
   
 
   

FOR610

   

REM: Malware Analysis Tools & Techniques

GREM

PG 34

Additional Forensics Courses

FOR526: Advanced Filesystem Recovery and

Memory Forensics

PG 17

SEC501

Advanced Security

Essentials –

Enterprise Defender

GCED

PG 46

Additional Incident Handling Courses

SEC517: Cutting-Edge Hacking Techniques SEC550: Information Reconnaissance: Competitive Intelligence and Online Privacy

SEC540

   

SEC542

   

SEC560

 
 

VoIP

Web App Pen Testing and Ethical Hacking

Network Pen Testing and Ethical Hacking

Security

 
 

GWAPT

PG 60

GPEN

PG 62

 
   
 
   

SEC617

   

SEC709

     

Wireless Ethical Hacking, Pen Testing, and Defenses

Developing Exploits for Penetration Testers and Security Researchers

GAWN

PG 64

 

PG 66

 

Additional Penetration Testing Courses

DEV538: Web App Pen Testing Immersion SEC561: Network Penetration Testing: Maximizing the E ectiveness of Reports, Exploits, and Command Shells SEC567: Power Packet Crafting with Scapy PG 18 SEC580: Metasploit Kung Fu for Enterprise Pen Testing PG 19

A P P L I C A T I O N

S E C U R I T Y

C U R R I C U L U M

Design & Test

DEV522

Defending Web

Applications

Security Essentials

PG 22

SEC542

Web App Pen Testing and Ethical Hacking

GWAPT

PG 60

Secure Coding

DEV530

Essential Secure Coding in Java/JEE

DEV543

Secure Coding in C & C++

DEV541

Secure Coding

in Java/JEE

GSSP-JAVA

PG 15

DEV544

Secure Coding

in .NET

GSSP-.NET

DEV545

Secure Coding

in PHP

GSSP-PHP

Code Review

DEV534

Secure Code Review for Java Web Apps

Additional Secure Coding Courses

DEV304: Software Security Awareness

DEV536: Secure Coding for PCI Compliance

A U D I T C U R R I C U L U M

SEC301

SEC401

Intro to

SANS Security

Information

Essentials

Security

Bootcamp Style

GISF

PG 21

GSEC

PG 44

AUD507 Auditing Networks, Perimeters, and Systems GSNA PG 24
AUD507
Auditing Networks,
Perimeters,
and Systems
GSNA
PG 24

Additional Audit Courses

AUD305: Technical Communication & Presentation Skills

AUD423: Training for the ISACA® CISA® Cert Exam

AUD429: IT Security Audit Essentials Bootcamp

AUD521: Meeting the Minimum: PCI/DSS 1.2:

Becoming and Staying Compliant PG 12

SEC440: 20 Critical Security Controls:

Planning, Implementing, and Auditing

SEC566: Implementing & Auditing the Twenty Critical Security Controls - In-Depth PG 20

L E G A L C U R R I C U L U M

SEC301 Intro to Information Security GISF PG 21 SEC401 SANS Security Essentials Bootcamp Style GSEC
SEC301
Intro to Information
Security
GISF
PG 21
SEC401
SANS Security
Essentials
Bootcamp Style
GSEC
PG 44
LEG523
Legal Issues in
Information
Technology and
Information Security
GLEG
PG 13

M A N A G E M E N T C U R R I C U L U M

SEC301

SEC301

SEC401

Intro to

Intro to

SANS Security

Information

Information

Essentials

Security

Security

Bootcamp Style

GISF

PG 21

GISF

PG 21

GSEC

PG 44

Style GISF PG 21 GISF PG 21 GSEC PG 44 MGT512 SANS Security Leadership Essentials For

MGT512

SANS Security Leadership Essentials For Managers with Knowledge Compression™

GSLC

PG 40

MGT414

SANS® +S™ Training Program for the CISSP® Certi cation Exam

GISP

PG 38

Additional Management Courses

MGT305: Technical Communication and Presentation Skills

MGT404: Fundamentals of Information Security Policy PG 16

MGT421: SANS Leadership and Management Competencies

MGT432: Information Security for Business Executives

MGT438: How to Establish a Security Awareness Program

MGT570: Social Engineering Defense PG 16

PG 15

PG 16

MGT525

Project Management and E ective Communications for Security Professionals and Managers

GCPM

PG 42

Courses-at-a-Glance

SUN

MON

TUE

WED

THU

FRI

SAT

SUN

MON

TUE

WED

9/19

9/20

9/21

9/22

9/23

9/24

9/25

9/26

9/27

9/28

9/29

AUD507

Auditing Networks, Perimeters, and Systems

 

PAGE 24

         

DEV522

Defending Web Applications Security Essentials

 

PAGE 22

         

DEV541

Secure Coding in Java/JEE: Developing Defensible Applications

 

PAGE 15

             

FOR408

Computer Forensic Essentials

 

PAGE 26

         

FOR508

Computer Forensic Investigations and Incident Response

 

PAGE 28

         

FOR526

Advanced Filesystem Recovery and Memory Forensics

             

P

17

     

FOR558

Network Forensics

 

PAGE 30

           

FOR563

Mobile Device Forensics

 

PAGE 32

           

FOR610

REM: Malware Analysis Tools and Techniques

 

PAGE 34

           

HOSTED

Drive and Data Recovery Forensics

 

PAGE 36

           

MGT305

Technical Communication and Presentation Skills for Security Professionals

             

P

15

     

MGT404

Fundamentals of Information Security Policy

P 16

                   

MGT414

SANS® +S™ Training Program for the CISSP® Certification Exam

 

PAGE 38

         

MGT421

SANS Leadership and Management Competencies

           

P 16

       

MGT512

SANS Security Leadership Essentials for Managers with Knowledge Compression™

 

PAGE 40

           

MGT525

Project Management and Effective Communications for Security Professionals and Managers

 

PAGE 42

         

MGT570

Social Engineering Defense

             

P

16

   

SEC301

Intro to Information Security

 

PAGE 21

           

SEC401

SANS Security Essentials Bootcamp Style

 

PAGE 44

         

SEC501

Advanced Security Essentials – Enterprise Defender

 

PAGE 46

         

SEC502

Perimeter Protection In-Depth

 

PAGE 48

         

SEC503

Intrusion Detection In-Depth

 

PAGE 50

         

SEC504

Hacker Techniques, Exploits, and Incident Handling

 

PAGE 52

         

SEC505

Securing Windows

 

PAGE 54

         

SEC506

Securing Linux/Unix

 

PAGE 56

         

SEC509

Securing Oracle

 

PAGE 58

         

SEC542

Web App Penetration Testing and Ethical Hacking

 

PAGE 60

         

SEC546

IPv6 Essentials

             

P

18

     

SEC550

Information Reconnaissance: Competitive Intelligence and Online Privacy

             

P

18

     

SEC556

Comprehensive Packet Analysis

             

P

18

     

SEC560

Network Penetration Testing and Ethical Hacking

 

PAGE 62

         

SEC564

Hacker Detection for System Administrators

             

P

19

   

SEC565

Data Leakage Prevention - In Depth

 

PAGE 17

             

SEC566

Implementing & Auditing the 20 Critical Security Controls - In-Depth

 

PAGE 20

           

SEC567

Power Packet Crafting with Scapy

             

P

18

     

SEC577

Virtualization Security Fundamentals

             

P

19

   

SEC580

Metasploit Kung Fu for Enterprise Pen Testing

             

P

19

   

SEC617

Wireless Ethical Hacking, Penetration Testing, and Defenses

 

PAGE 64

         

SEC709

Developing Exploits for Penetration Testers & Security Researchers

 

PAGE 66

         

HOSTED

(ISC) 2 ® Certified Secure Software Lifecycle Professional (CSSLPCM) CBK® Education Program

 

PAGE 68

           

SANS WhatWorks in Legal Issues & PCI in Information Security Summit 2010

               

P 12

 

LEG523

Legal Issues in Information Technology and Information Security

     

PAGE 13

         

AUD521 Meeting the Minimum: PCI/DSS 1.2: Becoming & Staying Compliant

               

P 12

Please check the Web site for an up-to-date course list at www.sans.org/network-security-2010

Training and Your Career

2-5

SANS Cyber Guardian

.14

Earn Your GIAC Certi

6

Future SANS Training Events

.69

DoD Directive 8570 Information

7

Hotel and Travel

.70

Special / Vendor Events

8-9

Reasons to Come to Baltimore

.71

SANS Technology Institute

.10-11

Registration Information

.72

Legal Issues & PCI Compliance in Information Security Summit 12-13

Registration Fees

.73

w

w

w

s

a

n

s

o

r

g

S

A

N

S

T

R

A

I

N

I

N

G

A

N

D

Y

Just Starting a Career in Security and Need a Good Foundation? SEC401: SANS Security Essentials
Just Starting a Career in Security and Need a Good Foundation?
SEC401: SANS Security
Essentials Bootcamp Style
(GSEC) Page 44
SEC501: Advanced Security
Essentials – Enterprise Defender
(GCED) Page 46
SEC301: Intro to Information
Security (GISF) Page 21
SANS is the MIT of information security,
and this introductory certi cation course is
the fastest possible way to get up to speed.
Understand the threats and risks to infor-
mation resources, and identify generally
accepted best practices.
Maximize your training time and turbo-
charge your career in security by learning
the full SANS Security Essentials curriculum
needed to qualify for the GSEC certi cation.
In this course you will learn the language
and underlying theory of computer security.
At the same time you will learn the essen-
tial, up-to-the-minute knowledge and skills
required for e ective performance if you are
given the responsibility for securing systems
and/or organizations.
Cyber security continues to be a critical
area for organizations and will continue to
increase in importance as attacks become
stealthier, have a greater nancial impact
on an organization, and cause reputational
damage. Security 501 is a follow-on to
Security 401 (with no overlap) and continues
to focus on more technical areas that are
needed to protect an organization.
“This fundamental course sets
the groundwork for a
successful future in IT security.”
“Security 401 is a wonderfully compre-
hensive course for all IT professionals.
There is something for everyone, and
it is a great springboard for all of the
other courses at SANS.” -ANDREA TODD
“The course content is extensive
and covers all the areas that are
relevant for a security professional
in today’s IT world. The instructor
was great – very experienced
and knowledgeable.”
-BRIAN FRICKE, US NAVY/MSC
-KAYODE OLOKE, TORYS LLP

Want to Specialize in System Administration?

SEC505: Securing Windows (GCWN) Page 54

This program brings the confusing complexity of Windows security into clear focus by starting with foundational security services and advancing in a logi- cal progression to particular products or features which rely on these foundations, such as IIS and IPSec. Securing Windows is fully updated for Windows Server 2008- R2 and Windows 7. Most of the content applies to Windows Server 2003 and XP too, but the focus is on 2008/Vista/7. Learn to implement the 20 Critical Controls relevant to Windows systems.

“The course introduced a wide range of technologies and issues I was completely unaware of – great exposure to new ideas. Jason’s depth of knowledge and examples are of great value.”

-DAVID THORNBURG, SRC

2 SANS Network Security 2010 September 19 - 29, 2010

Want to Advance Your Technical Skills? SEC503: Intrusion Detection In-Depth (GCIA) Page 50 The emphasis
Want to Advance Your
Technical Skills?
SEC503: Intrusion Detection
In-Depth (GCIA) Page 50
The emphasis of this course is on increasing
students’ understanding of the workings of TCP/IP,
methods of network tra c analysis, and one spe-
ci c network intrusion detection system – Snort.
This course is not a comparison or demonstration
of multiple NIDS. Instead, the knowledge/infor-
mation provided here allows students to better
understand the qualities that go into a sound NIDS and the whys behind them, and thus
be better equipped to make a wise selection for their site’s particular needs.
“There’s nothing that compares to the detail and
real-world content in this course.”
-JOHN DASKAL, LOCKHEED MARTIN
SEC504: Hacker Techniques, Exploits, and Incident Handling
(GCIH) Page 52
Learn to detect malicious code and respond on the y. You’ll learn how your networks ap-
pear to hackers, how they gain access with special emphasis on the newer attack vectors,
and what they do when they get in – especially in manipulating the system to hide their
work. Master the proven six-step process of incident handling so you are prepared to be
the technical leader of the incident handling team.
“The information presented is scary good.
Really makes you examine your current knowledge from new angles.”
-KURT BENNETT, GENERAL DYNAMICS

O

U

R

C

A

R

E

E

R

R

O

A

D

M

A

P

Need to Implement an Application Security Program? NEW! DEV522: Defending Web Application Security Essentials Page
Need to Implement an Application Security Program?
NEW! DEV522: Defending Web Application
Security Essentials Page 22
Defending Web applications is critical! Traditional network defenses,
such as rewalls, fail to secure Web applications which have to be
available to large user communities. The amount and importance of
data entrusted to Web applications is growing, and defenders need
to learn how to secure it. DEV522 covers the
OWASP Top 10 and will help you to better
understand Web application vulnerabilities,
thus enabling you to properly defend your
organization’s Web assets.
DEV541: Secure Coding in Java/JEE: Developing
Defensible Applications (GSSP-JAVA) Page 15
During this four-day course is a comprehensive course covering
a huge set of skills and knowledge; it’s not a high-level theory
course. It’s about real programming. In this course you will
examine actual code, work with real tools, build applications,
and gain con dence in the re-
sources you need for the journey
to improving security of Java
applications.
“While I understand the basic
thoughts behind Web application
security, this class gave me a greater
breadth and depth of knowledge.”
“This class has made me
think about data validation
in ways that I had not
thought of before.”
-RICK STONE, UMPQUA BANK
-MISS KOOS, MICHIGAN STATE UNIVERSITY
www.sans-ssi.org
 

Want to Specialize in Pen Testing?

 

SEC542: Web App Penetration Testing and Ethical Hacking (GWAPT) Page 60

SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses (GAWN) Page 64

Web applications are a major point of vulnerability in organiza- tions today. Web app holes have resulted in the theft of millions of credit cards, major nancial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited Web sites altered by attack- ers. In this class you’ll learn the art of exploiting Web applica- tions so you can nd aws in your enterprise’s Web apps before the bad guys do.

Few elds are as complex as wireless security. This course breaks down the issues and relevant standards that a ect wireless network admin- istrators, auditors, and information security professionals. With hands- on labs and instruction from industry wireless security experts, you will gain an intimate understanding of the risks threatening wireless networks. After identifying risks and attacks, we’ll present eld-proven techniques for mitigating these risks, leveraging powerful open-source and commercial tools for Linux and Windows systems.

“Never will you learn so much and have such a great time doing it. Kevin Johnson is an incredible teacher.”

“This course is absolutely critical for any IT professional responsible for overseeing an existing wireless network.”

-TOM COOK, US ARMY

-JOSHUA BROWN, FLEISHMAN HILLARD

SEC560: Network Penetration Testing and Ethical Hacking (GPEN) Page 62

SEC709: Developing Exploits for Penetration Testers and Security Researchers Page 66

Successful penetration testers don’t just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in depth and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in e ective network penetration testing and ethical hacking projects.

“This course continually provides clear exercises that concisely demonstrate each concept without extra u .”

In this course we bridge the gaps and take a step-by-step look at Linux and Windows operating systems and how exploitation truly works under the hood. This ve-day course rapidly progresses through exploitation techniques used to attack stacks, heaps, and other memory segments on Linux and Windows. This is a fast-paced course that provides you with the skills to hit the ground running with vulnerability research.

“As a software developer, it opened my mind to how vulnerable some of my code could be, and how to protect it in the future” -JOHN CUTTER, SPAWAR

-JASON MANSFIELD, ANONYMIZER, INC.

For detailed descriptions of all SANS courses, visit: www.sans.org For GIAC Certification information, visit: www.giac.org For SANS Technology Institute advanced degree information, visit: www.sans.edu

SANS Network Security 2010 September 19 - 29, 2010

3

S

A

N

S

T

R

A

I

N

I

N

G

A

N

D

Y

Want to Specialize in Forensics? FOR408: Computer Forensic Essentials Page 26 This course focuses on
Want to Specialize in Forensics?
FOR408: Computer Forensic Essentials Page 26
This course focuses on the essentials that a forensic investigator
must know to investigate core computer crime incidents successfully.
You will learn how computer forensic analysts focus on collecting
and analyzing data from computer systems to track user-based
activity that could be used internally or in civil/criminal litigation.
http://computer-
forensics.sans.org
“This is an excellent hands-on course and with an awesome
instructor who pays attention to the audience’s skills,
teaching accordingly. I love this class!”
-PHYLLIS HELLMAN, BOEING COMPANY
FOR508: Computer Forensic Investigations and
Incident Response (GCFA) Page 28
FOR563: Mobile Device Forensics Page 32
Network equipment, such as Web proxies, rewalls, IDS, routers,
and even switches, contains evidence that can make or break a
case. You will learn how to recover evidence from network-based
devices and use it to build your case. Each student will be given a
virtual network to analyze and will have the opportunity to conduct
forensic analysis on a variety of devices.
This hands-on course provides the core knowledge and skills that a
digital forensic investigator needs to process cell phones, PDAs, and
other mobile devices. Using state-of-the art tools, you will learn
how to forensically preserve, acquire, and examine data stored on
mobile devices and utilize the results for internal investigations or
in civil/criminal litigation.
“Most in-depth course on digital forensics analysis
available today. Goes beyond the basics and
gets down to the nitty-gritty.”
-ELISE FEETHAM
“The manuals are some of the best I’ve seen. The instructor
is extremely knowledgeable and experienced with
mobile forensics and provides great insight to anyone
in the forensic community. The class conversations and
interactions make even the rst day of this course more
valuable than other courses I have attended. Great
course!” -HEATHER MAHALIK, BASIS TECHNOLOGY
FOR558: Network Forensics Page 30
Network equipment such as Web proxies, rewalls, IDS, routers
and even switches contain evidence that can make or break a
case. You will learn how to recover evidence from network-based
devices and use it to build your case. Each student will be given a
virtual network to analyze and will have the opportunity to conduct
forensic analysis on a variety of devices.
FOR610: Reverse-Engineering Malware: Malware
Analysis Tools and Techniques (GREM) Page 34
“This course is amazing. Not only are we covering an
extensive range of topics, we are doing labwork
for each topic so that we can be comfortable
with the new material. Love the class! Thank you.”
Expand your capacity to ght malicious code by learning how to
analyze bots, worms, and trojans. This recently expanded, four-day
course discusses practical approaches to examining malware using
a variety of system monitoring utilities, a disassembler, a debugger,
and other tools useful for reverse-engineering malicious software.
You don’t have to be a full-time malware searcher to bene t from
this course. As organizations increasingly rely on their sta to act as
rst responders during a security incident, malware analysis skills
are becoming increasingly important.
-DEBORAH GOSHORN, NAVAL POSTGRADUATE SCHOOL
“This course was valuable because it gives so many options
and software tools to help you analyze malware. The
instructor also made the information easy to comprehend
even with my entry-level knowledge.”
-KEITH HARGROVE, US ARMY

4 SANS Network Security 2010 September 19 - 29, 2010

For detailed descriptions of all SANS courses, visit: www.sans.org For GIAC Certification information, visit: www.giac.org For SANS Technology Institute advanced degree information, visit: www.sans.edu

O

U

R

C

A

R

E

E

R

R

O

A

D

M

A

P

Want to Learn Security from a Management Perspective? MGT414: SANS® +S™ Training Program for the
Want to Learn Security from a Management Perspective?
MGT414: SANS® +S™ Training
Program for the CISSP®
Certification Exam (GISP)
Page 38
MGT525: Project Management
and Effective Communications
for Security Professionals and
Managers (GCPM) Page 42
The SANS CISSP® review course will cover
the security concepts needed in order to
pass the CISSP® exam. This accelerated
review course assumes the student has
a basic understanding of networks and
operating systems and focuses solely
on the ten domains of knowledge as
determined by (ISC) 2 . Each domain of
knowledge is dissected into its criti-
cal components. Every component is
discussed showing its relationship to
each other and other areas of network
security. This course also prepares you
for the GISP certi cation. (Note: The
CISSP® exam is NOT provided as part of
the training.)
MGT512: SANS Security
Leadership Essentials for
Managers with Knowledge
Compression™ (GSLC) Page 40
This course is designed to empower senior and
advancing managers who want to get up to
speed fast on information security issues and
terminology. Lecture sections are intense. The
diligent manager will learn vital, up-to-date
knowledge and skills required to supervise
the security component of any information
technology project. Only SANS’ top instructors
are invited to teach this course.
This curriculum is intended to give you the
knowledge and tools you need to become a
top-notch project manager with a focus on
e ective communication, human resourc-
es, and quality management. The course
covers all aspects of project management
from planning and initiating projects to
managing cost, time, and quality while
your project is active and then complet-
ing, closing, and documenting after the
project nishes. A copy of the Project
Management Institute’s Guide to the Project
Management Body of Knowledge (PMBOKR
Guide®) - Fourth Edition is provided to all
participants.
“Very valuable, as it not only
teaches the material, it also teaches
how to take the exam e ectively.”
“This course opens the door to a much
deeper area of information needed to
e ectively manage the security of a
network/application.”
“This course is spot on for security
professionals. It covered project
management skills from a security
point of view.”
-STEVE BRANT, NETT APP
-MICHAEL GOLDAMMER, L-3 COM. GSI
-ANTWAN BANKS, US ARMY
Want to Advance Your Auditing Security Skills? AUD507: Auditing Networks, Perimeters, and Systems (GSNA) Page
Want to Advance Your
Auditing Security Skills?
AUD507: Auditing Networks, Perimeters, and
Systems (GSNA) Page 24
This course is the end product of over one hundred skilled system,
network, and security administrators working with one common
goal – to improve the state of information security. It is based on
known and validated threats and vulnerabilities explained from
real-world situations that can be used to raise awareness of why
auditing is important. From these threats and vulnerabilities we
build countermeasures and defenses, including instrumentation,
metrics, and auditing.
“The instructor keeps the class interesting.
Lots of material, all of it is useful. No Flu !”
-SANDY WARGO, US ARMY
http://it-audit.sans.org
Want to Learn Security from a Legal Perspective? LEG523: Legal Issues in Information Technology and
Want to Learn Security from a
Legal Perspective?
LEG523: Legal Issues in Information Technology
and Information Security (GLEG) Page 13
Day by day, as legislation and lawsuits become more common,
the law is assuming greater in uence on IT security. This course
will help the IT and legal departments better understand each
other and nd workable solutions to problems. Learn how to
word a security policy so as to minimize liability if your enterprise
is sued for losing customer data.
“This course provided tools to help me protect my
company’s assets on the Internet in a noble and justi -
able way I had never thought of before – great insights
and great discussions.” -PAUL JACOBSEN, FLUOR HANFORD
5

6 SANS Network Security 2010 September 19 - 29, 2010

To see other GIAC certifications, go to www.giac.org.

Enhance your SANS training! As an added bene t to your training dollar, attend these free talks.

SANS@Night

Check www.sans.org/network-security-2010/night.php for dates and times.

Network Vulnerability Exploitation, Step By Step From Discovery through to Metasploit Module

Speaker: David Hoelzer

This short one hour evening presentation explains the causes of Heap and Stack Over ows and then presents a step-by-step tutorial demonstrating how to write basic shellcode, how to nd an over ow condition, how to determine memory o sets and how to hand-craft an exploit. Attendees need not have deep knowledge of programming or security aws. Those who have some experience should be able to duplicate the demonstrations, giving you the ability to show others how these types of aws are exploited.

The Return of Command Line Kung Fu

Speaker: Hal Pomeranz

Hal Pomeranz serves up another tasty serving of his Linux command line madness. Come learn command line skills (and dirty tricks) to help automate common security and audit-related tasks in Linux and Unix. Bring your thorniest problems and try to “stump the expert”.

Cyberwar or Business as Usual? – The State of US Federal CyberSecurity Initiatives

Speaker: James Tarala

Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make di cult decisions about how best to protect their information systems. How do organizations know when security mechanisms are enough to keep their data safe? In an e ort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous e orts to secure cyberspace. But what are they and will they be enough? In this presentation, James Tarala will describe current e orts and the tools being o ered to help citizens and protect cyberspace.

What’s New for Security in Windows 7 and Server 2008-R2?

Speaker: Jason Fossen

The Vista nightmare is nally over, but what’s new for security in Windows 7 and Server 2008-R2 then? The aim of this talk is to give you a bird’s eye view of the Win7 security enhancements to help you decide whether to upgrade or to grit your teeth and stick with XP for another ten years. Topics include BitLocker To Go for ash drives, AppLocker program whitelisting, IPSec DirectAccess, BranchCache, PowerShell 2.0, booting from VHD les, IE8 SmartScreen Filter, hyper-detailed logging, and the hated User Account Control prompt. Bring your questions and get it straight without the anti-Microsoft FUD or the pro- Microsoft propaganda!

Knock, Knock! How Attackers Use Social Engineering to Bypass Your Defenses

Speaker: Lenny Zeltser

Why bother breaking down the door if you can simply ask the person inside to let you in? Social engineering works, both during penetration testing and as part of real-world attacks. This talk explores how attackers are using social engineering to compromise defenses. It presents speci c and concrete examples of how social engineering techniques succeeded at bypassing corporate security defenses. Attend this engaging talk to improve the relevance of your security awareness training and to adjust your defenses by revisiting your perspective of the threat landscape.

Opportunity for the Best Security Professionals:

De ect Legal Liability Caused by Growing Security Threats

Speaker: Ben Wright

As IT security threats evolve, multiply and come to have greater impact on society, the potential legal liability connected with a security breach is growing. The need for change is urgent. Mr. Wright shares latest ideas on how greater professionalism in among IT security experts can help their employers avoid costly lawsuits and government investigations.

8 SANS Network Security 2010 September 19 - 29, 2010

Vendor Expo

Tuesday, September 21, 2010 12:00pm - 1:30pm and 5:00pm - 7:00pm

All attendees are invited to meet with established and

emerging solution providers as they reveal the latest tools and technologies critical to information security. The SANS Network Security 2010 Vendor Expo showcases product

o erings from key technology providers in the commercial

tools and services market. Vendors arrive prepared to interact with a technically savvy audience. You’ll nd demonstrations and product showcases that feature all the best that the security industry has to o er!

SANS Technology Pavilion

During the expo session, attendees are encouraged to visit the SANS Technology Pavilion, a vendor-sponsored learning forum dedicated to speci c information security solutions that are helping organizations successfully address their unique security challenges. See thought leaders and product specialists give brief demonstrations on their solution. See something that peaks your interest? Visit the sponsor’s booth for a guided walk-through of these industry leading products.

Vendor Sponsored Lunch Sessions

Tuesday, September 21, 2010

12:00pm - 1:30pm

Sign-up at SANS Registration to receive a ticket for a free lunch brought to you by sponsoring vendors. Join these sponsoring vendors and others on the expo oor for an introduction to leading solutions and services that showcase the leading options in information security. Take time to browse the show oor and get introduced to providers and their solutions that align with the security challenges being discussed in class.

Vendor Welcome Reception

Tuesday, September 21, 2010

5:00pm - 7:00pm

This informal reception allows you to visit exhibits and participate in some exciting activities. This is a great time to mingle with your peers and experience rsthand the latest in information security tools and solutions with interactive demonstrations. Enjoy appetizers and beverages and compare experiences with other attendees regarding the solutions they are using to address security threats in their organization. Attendees can visit sponsors to receive ra e tickets and enter to win exciting prizes. Prize drawings occur throughout the expo. The more vendors you visit the more chances you have to win!

Vendor-Sponsored Breakfasts, Lunch & Learns, and Cocktail Briefs

Throughout SAN Network Security 2010 vendors will provide sponsored breakfast sessions and lunches where attendees can interact with peers and receive education on vendor solutions. Take a break and get up to date on security technologies! Check the bulletin boards near the SANS Network Security 2010 registration desk for session details and availability. Space is limited; sign up at the registration desk on-site.

The evening cocktail brief events bring good fun and great conversation from hosting vendors. Join the party, have a drink, and take a look at solutions that can help address your organization’s key security issues. The list of Cocktail Briefs will be posted on-site at the registration desk.

SANS Network Security 2010 September 19 - 29, 2010

9

www.sans.edu
www.sans.edu

Earn Your Master’s Degree in Information Security from the SANS Technology Institute!

SANS Technology Institute, an a liate of the SANS Institute and Global Information Assurance Certi cation (GIAC), o ers one of the few master’s programs in the industry with a speci c technical focus on information security. The SANS Technology Institute’s mission is to develop the leaders who will strengthen the security of cyberspace.

If you hold a current GIAC Gold certi cation with scores of 80 or above in a major course related to the master’s curriculum, then you have already satis ed one of the prerequisites for admission into the master’s program. Applicants who are admitted to a degree program may transfer in GIAC certi cations if they are current, related to the curriculum, and have a score of 80 or above.

Prerequisites

• A current GIAC Gold Level certi cation with exam scores averaging 80 or above from a major certi cation in the degree program.

• Bachelor’s degree from an accredited college or university with a GPA of 2.8 or higher – unrelated eld ok. (Limited exceptions are described at www.sans.edu/admissions)

• One-year of experience in information technology/security; three years of signi cant experience expected upon completion of the program

• Strong leadership ability (Must be evident in application essays)

How to Apply

• Complete the downloadable application at www.sans.edu/downloads/application.pdf

• Submit the Employer Recommendation of Candidate Form

• Request undergraduate institution to forward an o cial sealed transcript to the SANS Technology Institute

• Submit a non-refundable Application Fee

• See www.sans.edu/admissions for detailed admission requirements

For admissions questions, please go to www.sans.edu or contact Debbie Svoboda, Dean of Admissions, at info@sans.edu or 720-941-4932.

Tuition assistance is available through limited work-study opportunities.

How to Take Courses

Students have a multitude of course delivery options to meet their degree requirements. Courses may be taken at SANS training events or through the following delivery methods: SANS vLive!, SANS OnDemand, or a limited number of SANS SelfStudy.

Not all delivery methods are available for all courses.

Authorization

The SANS Technology Institute (STI) is authorized to grant Master’s degrees by the Maryland Higher Education Commission.

10 SANS Network Security 2010 September 19 - 29, 2010

The STI Master’s Program can be Completed in TWO Years

See the recommended degree plans below.

In addition to courses and exams, there are six Community Service Projects required with both degree programs. Learn more about CPRs at www.sans.edu/programs/community.php. STI operates on a quarterly or rolling system.

The Master of Science Degree in Information Security Engineering

C U R R I C U L U M

Admission Requirement or First Quarter
Admission
Requirement
or First Quarter
 

SEC401

SANS Security Essentials

&

GIAC GSEC Gold

Second Quarter
Second
Quarter
 

SEC504

Hacker Techniques, Exploits & Incident Handling

&

GIAC GCIH Gold

Third Quarter
Third
Quarter
 

MGT525**

Project Mgt and E ective Communications for Security Professionals and Managers

&

GIAC GCPM Gold

Fourth Quarter
Fourth
Quarter
 

SEC503

Intrusion Detection In-Depth

&

GIAC GCIA Gold

Fifth

Quarter

Sixth Quarter Seventh Quarter Eighth Quarter
Sixth
Quarter
Seventh
Quarter
Eighth
Quarter

MGT404*

Fundamentals of Information Security Policy

MGT421*

SANS Leadership and Management Competencies

MGT438*

How to Establish a Security Awareness Program

Elective Course

Elective Course

Software Security Training

Choice of courses:

see www.sans.edu/programs/msise

ELECTIVES Any SEC/FOR 500/600-Level Courses

(FOR508 recommended),

AUD 507;

& GIAC Certs

For a detailed description of this curriculum, please visit www.sans.edu/programs/msise

The Master of Science Degree in Information Security Management

C U R R I C U L U M

Admission Requirement or First Quarter
Admission
Requirement
or First Quarter
 

MGT512

SANS Security Leadership Essentials For Managers with Knowledge Compression™

&

GIAC GSLC Gold

Second Quarter
Second
Quarter
 

SEC504

Hacker Techniques, Exploits & Incident Handling

&

GIAC GCIH Gold

Third Quarter
Third
Quarter
 

MGT525**

Project Mgt and E ective Communications for Security Professionals and Managers

&

GIAC GCPM Gold

Fourth Quarter
Fourth
Quarter
 

AUD507

Auditing Networks, Perimeters, & Systems

&

GIAC GSNA Gold

Fifth

Quarter

MGT404*

Fundamentals of Information Security Policy

MGT421*

SANS Leadership and Management Competencies

MGT438*

How to Establish a Security Awareness Program

Sixth Quarter
Sixth
Quarter
 

MGT411

SANS 27000 Implementation & Management & GIAC G7799 Gold

Seventh Quarter
Seventh
Quarter
 

LEG523

Legal Issues in Information Technology and Information Security

&

GIAC GLEG Gold

Eighth Quarter
Eighth
Quarter

Software Security Training

Choice of courses:

see www.sans.edu/programs/msism

For a detailed description of this curriculum, please visit www.sans.edu/programs/msism

*Plus a written assignment

**MGT525 is o ered 2-3 times a year

SANS Network Security 2010 September 19 - 29, 2010

11

correct and actually limit your organization’s liability? Two-Day Course • 9:00am - 5:00pm • Tue, Sept

12

Discussion of determining scope for compliance requirements Five-Day Program • Wed, Sept 22 - Sun, Sept
LEGAL 523
LEGAL
523

13

14

a deeper understanding of target applications or who want to pro- vide more detailed vulnerability remediation
MGT305: Technical Communication and Presentation Skills for Security Professionals One-Day Course • 9:00am - 5:00pm
MGT305: Technical Communication and Presentation Skills
for Security Professionals
One-Day Course
9:00am - 5:00pm
Sun, Sept 26, 2010
6 CPE Credits
Laptop Required
Instructor: Hoelzer

Register at www.sans.org/network-security-2010

SANS Network Security 2010 September 19 - 29, 2010

15

M A N A G E M E N T

S K I L L - B A S E D

S H O R T

C O U RSE S

MGT421: SANS Leadership and Management Competencies One-Day Course • 9:00am - 5:00pm • Sat, Sept
MGT421: SANS Leadership and Management Competencies
One-Day Course
9:00am - 5:00pm
Sat, Sept 25, 2010
6 CPE Credits
Laptop Recommended
Instructor: Northcutt
NEW
NEW

16 SANS Network Security 2010 September 19 - 29, 2010

Register at www.sans.org/network-security-2010

F O R E N S I C S

S K I L L - B A S E D

S H O R T

C O U RSES