Two Day Tutorials


Immerse yourself in two-day pre-Conference tutorials led by some of the most respected authorities in the industry from the SANS Institute:
    • Top 20 Critical Security Controls: Planning, Implementing and Auditing
    • Windows Forensics
    • Virtualization Security Fundamentals

TUT-S21

Top 20 Critical Security Controls: Planning, Implementing and Auditing

Date & Time: Sunday February 28th, 9:00am-6:00pm and
                         Monday March 1st, 9:00am-6:00pm

      Speaker:
      James Tarala, Principal Consultant, Enclave Security, Senior Instructor,
      SANS Institute

Abstract:
This course helps you master specific, proven techniques and tools needed to implement and audit the Top Twenty Most Critical Security Controls. These Top 20 Security Controls, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented. It closely reflects the Top 20 Critical Security Controls found at http://www.sans.org/cag/.

The Top 20 are listed in the link below. You will find the full document describing the Top 20 Most Critical Security Controls posted at the Center for Strategic and International Studies at http://csis.org/publication/twenty-important-controls-effective-cyber-defense-and-fisma-compliance.

One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security person.

As a student of the 20 Critical Security Controls two-day course, you'll learn important skills that you can take back to your workplace and use your first day back on the job in implementing and auditing each of the controls.

Laptop Required

 

TUT-S24

Windows Forensics

Date & Time: Sunday February 28th, 9:00am-5:00pm and
                         Monday March 1st, 9:00am-5:00pm

      Speaker:
      Rob Lee, Director, Curriculum Lead for Digital Forensic Training,
      MANDIANT, SANS Institute

Investigations involving Windows-based operating systems occur every day. As a result, it is essential for an investigator to know how to properly examine the critical files and structures of the Windows operating system. This two-day course will provide an in-depth study and examination of the forensic evidence left on the VISTA, Windows XP, and Windows server based operating systems. This hands-on forensic course will arm you with methods and techniques to investigate critical areas of the Windows operating system for any case.

Beginning with the registry, the new investigator will learn how to discover critical user and system information from the Windows Registry that is pertinent to any investigation. Second, the investigator will learn how to find and examine logs from a Windows machine in order to find relevant data to any case. In the final part of the day, the investigator will learn how to examine and search email for key evidence. Throughout the day, the investigator will utilize their skills in real hands-on cases exploring evidence and artifacts discussed throughout the day.

  • Topics
    • Registry Forensics
      • Registry Basics
      • Core System Information
    • User Forensic Data
      • User searches
      • Typed URLS
      • Recently Modified Documents
    • Event Log Forensics
      • Event Logging Basics
      • Locations
      • Viewers
      • Event Types
    • Email Forensics
      • How Email Works
      • Locations
      • Examination
      • Types of Email Formats
      • Email Analysis
      • Email Searching and Examination

Laptop Required

 

TUT-S26

Virtualization Security Fundamentals

Date & Time: Sunday February 28th, 9:00am-6:00pm and
                         Monday March 1st, 9:00am-6:00pm

      Speaker:
      Paul Henry, SANS Instructor, SANS Institute,
      Security and Forensic Analyst, Lumension

Abstract:
In this course you will learn about virtualization security fundamentals with an in-depth treatment of today's most pressing virtualization security concerns: known attacks and threats, theoretical attack methods, and numerous real-world examples.

We'll then explore today's most popular enterprise server virtualization product, VMware Infrastructure 3. You will learn every aspect of locking down ESX Server and VirtualCenter management server, as well as best practices for securing the virtual machine guests that reside on ESX platforms. We'll also cover virtualization networking techniques in detail, laying out proven strategies for proper segmentation, virtual switching and routing considerations, network access controls and layer 2 policies, as well as how to build virtual DMZs and integrate with existing network infrastructure.

Laptop Required

Back to Top