SANS Security Essentials Bootcamp Day 1
I am spending this week traveling to Birmingham, Alabama to attend the SANS Community Event that is teaching SEC401 - Security Essentials Bootcamp. The class is me and 23 others from all over the country. Most are from Alabama, but there are some from my home state of Louisiana (Louisiana Lottery Corp.) a couple from Georgia (including one gent who had to wear his University of Georgia Coachs shirt today, argh!), and then individuals from Arkansas, North and South Carolina, Florida, and Tennessee. The class is being taught by Matt Pierce who is the Security Administrator at AdTran in Huntsville, AL.
When we each arrive at the hotel, we are greeted with a black zippered bag with the SANS logo on it. When I lifted mine up, I thought that I had thrown my back out again. I looked down and saw 6 books that are each at least 2″ thick in them. Upon closer inspection, there was one book for each day, and they are each at least 500 pages. WOW! That is over 3000 pages of documentation for this training course.
All of this will hopefully lead to a SANS GIAC Security Essentials Certifications (GSEC) for me. It would be my first certification, and it is open book and on the internet…of course, you have to navigate 3000 pages of manuals! You have 3 hours to answer 100 questions, and I sure hope that pass it the first time!
Today we began at the beginning:
Security Essentials Bootcamp Style 401.1: Networking Concepts
We started our day looking at the fundamentals of networking by looking at the different types of networks, some of the hardware involved, as well as some best practices in designing a network. Now the book is the basic Powerpoint printout of one slide per page and there most of the pages had some (or a lot) of additional information on it.
Our next couple of topics focused in on IP Concepts like packet makeup network addressing, IPv6 and then in-depth discussions of the User Datagram Protocol (UDP), the Transmission Control Protocol (TCP), and the Internet Control Message Protocol (ICMP). I have never really studied a lot about TCP/IP so some of this was new to me. I know about UDP, and ICMP, but not to the depths of dissecting packets from each of them.
After thorough discussions of the protocols involved, we brought out the bloodhounds and dove head first into packet sniffing using tcpdump. I will have to spend a lot of time in the decoding of TCP Headers section to begin to grasp how to use tcpdump effectively. This section was brand new to me and my head is still swimming when I think about it.
Our next topic dealt with Voice over IP (VoIP) which I did not pay a whole lot of attention to because my site is 5+ years away from considering VoIP as a telecommunications solution. Hopefully by then a lot of the problems that VoIP is experiencing will be gone.
We focused on routing fundamentals for a good part of the afternoon. One of my weakest skills is routing so I was back in focus for this discussion. I would have loved to seen more information in our books, but everything was a high level discussion of routers, MAC addresses and access control lists (ACLs).
Lastly we talked a physical security and safety. The discussions revolved around being aware of your policies and situations and keeping them within your control.
The last couple of hours of each day consist of some hands-on bootcamp from the ‘Cookbook’ at the end of each book. Tonights cookbook served up Windows XP intros (YAWN) and then working a little with the Knoppix Security Tools Distribution live CD using that as a linux introduction. I have worked with Linux enough that most of the info was refresher for me, but the Knoppix STD CD has some really cool tools built into it. I hope that we will be able to play around with a lot of them.
I am trying to recover from the information overload by watching my beloved New Orleans Saints get pommeled by my other team the Tennessee Titans [24-14 as I type in the 4th Quarter].
Tomorrow we tackle Defense-In-Depth. See you then!
Michael
Blogged with Flock
Popularity: 92% [?]
1 Comment