Basic Computer Security Training Course Review – SANS Security 301

Basic Computer Security Training Course Review – SANS Security 301
Page content

Security Training

Organizations are often in the practice of employing or promoting persons to perform a security role who have very little training or experience. This can be a disastrous compromise of security, because what may seem like a locked window to an uninformed person may be a wide open door to a hacker. To ensure that your business or organization is not at risk, the relevant personnel need to have some basic computer security training.

Any organization that has mission critical and sensitive data on their network can’t afford not to give some attention to Network security. From the every present risk of a hacking attempt to malware infiltration, there is a wide range of areas from which a network can be compromised.

What’s Covered in Basic Computer Security Training Courses?

A good introductory/entry-level computer security course should cover basic concepts of cryptography, security management, and

computer networks including: Internet protocol, domain name service, routing, and similar networking concepts. Any course worth its salt will also include real world examples and suggests how such issues should be properly handled.

IT security is not only concerned with removing network vulnerabilities and completely shutting out all possibility of a network security breach, but it also seeks to weigh security against information and data availability. Therefore, it can be concluded the security measures have failed if legitimate users can’t access the resource they are entitled to use and so a good IT security policy will ensure that a good balance between security and accessibility is maintained.

SANS Intro to Information Security Training Course

SANS (SysAdmin, Audit, Network, Security) Institute offers an Intro to Information Security (Security 301) course that fits the above stated criteria. It’s a 5-day course that covers all the basic concepts and some practical real world examples as well.

  • Day 1 (A Framework for Information Security) – Looks at asset value and how to balance confidentiality, integrity and data availability.
  • Day 2 (Securing the Infrastructure) – Ensures that students understand how computer networks work by reviewing network infrastructure designs, and the technologies that help make it all happen, including name resolution and node addressing.
  • Day 3 (Cryptography and Security in the Enterprise) – This session explains how cryptography can be used to solve some security issues and also highlights some pitfalls of using poorly implemented and complex encryption methods.
  • Day 4 (Information Security Policy) – This course exposes the criteria to assess risk and looks at how to create, approve and implement a security policy to mitigate those risks.
  • Day 5 (Defense In-Depth: Lessons Learned) – The final day of the course gives tips for dealing with politics in the organization, among other things, and how it impacts the management of risk. The session is also interspersed with real world examples from an experienced security professional.

More Advanced Network Security Courses

By-and-large, SANS’ Security 301 course is ideal for those who are just entering the computer security field or those who want a basic refresher course. For those who have experience in the field, SANS offers a more advanced entry-level course called Security Essentials (SEC 401).

The course usually runs for 10 weeks and covers: risk assessment and auditing, host and network based intrusion detection, security policy, web security, Cisco router filters, anti-viral tools, IIS security, firewalls and perimeter protection and Unix security fundamentals. Other areas that are covered include:

Network Security Training Courses

  • Password Management
  • Security Incident Handling - The Six Steps
  • Information Warfare
  • Network Fundamentals and IP Concepts and Behavior
  • Four Primary Threats for Perimeter Protection
  • PGP, Steganography
  • Windows (2000, XP, NT, 98) Security Administration and Auditing

Summary

Basic computer security training should help individuals to understand the basic concepts of cryptography, computer networking, risk evaluation and information assurance concepts. Basic security training courses are not only designed for IT staff, but anyone who has custody of valuable network assets or the responsibility to ensure its security, integrity, availability or who will develop policies to ensure the same.

While SANS’ Security 301 may not give IT personnel the tools necessary to meet the most challenging incidents, it does provide a good starting point, and helps to improve the organization’s overall security posture.

Image credits:

Network security training courses.” The U.S. Army

Basic Computer Security Training Course.” Nic’s events