SANS – SEC401 Security Essentials Day – 1

Security 401.1 – Networking Concepts

IMG_20141021_170453_editFirst day of class was all about the fundamentals of networking. Arguably it is one of the more technically challenging days of the six day course – for those who don’t have a background in networking that is. My instructor was Bryce Galbraith – one of the principle instructors at SANS. I like his teaching style which often comprises of live demos in which he performs exploits on his lab machine to help illustrate key concepts. He also mixes in humour and shares a bit of his professional experiences surrounding the topics that are being discussed.

“Once you see how security is circumvented your perception is forever changed”

Course Materials

For those who haven’t gotten their lab image setup yet, there will be a chance to set that up during the day as they will be handing out a DVD that contains Back Track and a bunch of software that will be used during the lab. There’s also a few TAs around that will assist you with the installation.

A TCP/IP and tcpdump reference sheet will also be handed out. Make sure to grab a copy as you can bring that to your open book exam. In fact you can bring whatever printed out material including the courseware to the exam as long as it’s not digital.

The courseware contains the slides the instructor uses through out the course. Each page is appended with material that discusses and expands on the points outlined in the slides.

You have to create your own index

The courseware is purposefully designed to contain no index. This encourages the student to read through the material to create their own index which can be used for the exam.


Here are the topics that are covered in the networking concepts:

  • Types of networks & Topologies
  • Logical topologies – Ethernet/Token Ring/FDDI
  • Physical topologies – ATM
  • WAN Technologies
  • Network Devices – Hubs/Switches
  • Network Design & Segmentation
  • Network Protocols
  • IPv4
  • Network Addressing
  • DNS
  • IPv6
  • Layer 3-4 TCP/UDP/ICMP
  • Protocol Analysis – Sniffing/Tcpdump/Packet Decoding IP&TCP
  • Virtualization
  • Safety & Physical Security
  • Lab

    At the end of each day there’s a lab that follows. The student can stay behind class to complete the lab. The instructor and TAs are around to help those that need a bit of assistance. However, you can choose to complete this at your own time if you don’t require the help. The lab material is also independent of the course content covered the next day.

    This lab was mainly designed to get the student to familiarize with their Linux install (Backtrack or Kali) as well as some basic Windows networking. Towards the end there’s some important practice material on TCPDUMP that was introduced in class for protocol analysis.

    Related Posts with Thumbnails

    About the Author

    Alfred Tong
    Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT. Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV