<Comments below>>
At 05:36 PM 7/10/00 -0400, Chris Brenton wrote:
>[EMAIL PROTECTED] wrote:
> >
> > As SANS/GIAC slowly revamps their course material especially Firewalls 101
> > :) it will be well worth attending.
>
>Spoken like someone who is helping to generate the new material. ;)
Yes, Yes, I am slowly assembling the new material.. It is has been a long
time since the original was completed. It needs a lot of updating ..
> > It really depends on what you are
> > looking for.. If you are looking for a real hands-on course, enroll in a
> > vendor course first to get a taste of the product,
>
>Here I would have to agree. The SANS course is heavy on theory, design &
>troubleshooting. While specific products are presented, its more from a
>"this is the good stuff and this is the bad" perspective. I also try to
>keep it generic enough that it can be applied to other products. I agree
>with Mark that the best way to learn a vendor's product inside and out
>is to attend vendor training.
Vendor training only go so far to show you the fluff and how the product
works when installed correctly.. But how when does that really occur in
real life. Understanding the logic of how things works should be the first
lesson. :)
>Actually, the course material is in the process of a rewrite with most
>of the vendor specific stuff being moved to the evening. That way people
>can pick and choose the products they want to hone in on.
>
> > then attend a SANS/GIAC course to understand at 30,000 level.
>
>Actually, I would probably recommend the other way around. The GIAC
>training gives you the foundation you need to:
>A) Pick the right product
>B) Ask the right questions
>C) Tell the difference between geek speak & market hype
I would tend to agree with Chris's point here. I was mistaken, attend the
SANS/GIAC course first to get the foundations then go knock on the vendor's
door to get the nitty gritty stuff..
> > Some of the material in Firewalls
> > 101 is very applicable to every day use, some of it is conceptual.
>
>Since we've gone this far... ;)
>
>A brief outline of the new material:
>TCP/IP in depth (frags, bits, etc.)
>Firewall technology (static, stateful, proxy, SI)
>Preparing for an implementation
>Design considerations
>Overview of different products
>Reading logs
>Troubleshooting
>Designing rule bases
>split DNS
>Cisco ACL's (static & reflexive)
>Defense in depth (running layered firewalls)
>Host based IDS
>Logging options
>More than you ever wanted to know about VPN's
TCP/IP and the tricks one can play is more like it :) Some tips on how to
disassemble and re-assemble a packet in order to pass through a firewall or
IDS .. :)
Preparing for an implementation - Yes, the tools and the necessary
information needed prior to ripping the shrink wrap off the box..
Design considerations - From Keep it Simple to O' My God, :)
Reading Logs - yes and how to store them properly.
Split DNS - Yes, and a good thorough explanation of why DNSd on Raptor is
not a good idea.
VPN's - Yes, Very Pretty Networks.. Oops old material joke.. :)
>The above is broken up over four days. Day 1 was generated by Stephen
>Northcutt & is complete. Day 3 was done by Lance Spitzner and has just
>finished final tweaking. The VPN class (day 4) had input from a bunch of
>people and Mark T. is helping me tweak day 2.
Thanks for the kudos Chris.. Day 2 once completed will be chock full of
stuff, tricks, tidbits, and things one should always have available.. :)
> > Marcus Ranum used to teach an awesome (and I do mean AWESOME) Introduction
> > to Firewalls and Practice No Theory course a couple of years back.
>
>Agreed. Marcus kicks butt. :)
>
> > Chris Brenton also teaches the SANS/GIAC Firewalls 101 course, and is
> > working on improving the material so that attendees can utilize the
> > material at their workplace.
>
>Don't get me wrong, the current material is very good. I'm just trying
>to take feedback from previous students in order to make it better. The
>new material should be done in time for Monterey.
I am trying my best to get the material done before Monterey.. :)
> > The whole idea of attending a conference like SANS/GIAC is to pick the
> > tutorial sessions that can be applied to your normal day at work and show
> > that the amount of money spent will definitely have an instant ROI..
>
>Its also to get a vendor neutral spin on the whole thing. As I'm fond of
>telling my students "I'm equal opportunity. I'll flame as well as sing
>the praises of product on the market". ;)
Not sure if I could sing as well as Chris.. It will be definitely a course
to attend.. I hope.. :)
/mark
>Cheers,
>Chris
>--
>**************************************
>[EMAIL PROTECTED]
>
>* Mastering Cisco Routers
>http://www.amazon.com/exec/obidos/ASIN/078212643X/
>* Mastering Network Security
>http://www.amazon.com/exec/obidos/ASIN/0782123430/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
