Perimeter Protection In-Depth (502) course thoughts

Six solid days of living and breathing security training, SANS style has drawn to a close.

As I’ve already mentioned, I was in the Perimeter Protection In-Depth (502) class with Chris Brenton at the helm.

It was a small class of 12 people, which I was surprised at, but hey, took advantage of more one on one time with Chris.

Chris has a great, easy going, laid back teaching style, but somehow he managed to set a cracking pace through the material.

I felt very comfortable with the material and topics as I’ve been doing this type of work for a while. My previous SANS training, especially the 503 track, complimented the TCP/IP fundamentals and IPS/IDS topics.

The real world exposure Chris has really gave a balanced view on the good, the bad and the ugly of multiple vendors systems. He didn’t hold back on some of the crazy options vendors take, but never slid in to a particular anti-vender rant at any point. Some of his war stores sparked some pretty interest side conversations and really does make you think to take a second look at some preconceptions.

Ms ISA popped up briefly as a hybrid firewall, I was already to jump up and defend my corner as most of the hardware firewall world tends to look down its nose at ISA. He was fair handed and I found it hard to disagree with his two main issues with ISA; Market share is very small, thus hard to conclusively prove it no major vulnerabilities and it’s very Microsoft centric in its protection of applications.

The day 3 material struck me as the most interesting and I wish there had been more self-study labs especial on the log parsing side. I often think this is one of the more challenging aspects of security, as getting relevant and usefully information from various systems can be a long, painful nightmare.

If you work with DMZs or perimeter networks, the course is though provoking. The whole theme, to me, is applying common sense and avoiding making bad, short sighted mistakes by focusing on the components that make a working and manageable defence in depth network.

Nice work Mr B, I look forward to taking the exam and one day may even try to write a paper on ISA to prove it not being as vulnerable as you think :-)

Reply now | Feed

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home