SANS Certification

Vask3n

I do not quite understand how SANS Certifications work. Are they simply the same format as CompTIA, as in multiple-choice? I would like to obtain a few extra Security certifications, would SANS be a good pit-stop before Microsoft and Cisco? I currently have A+ and Sec+.

What would be the first certificate to obtain from SANS?

Hope someone can shed some light for me. Thank you.

sprkymrk

Check out http://www.giac.org/overview/ for exact info. As far as pit stops before MS/Cisco, I would probably reverse it. SANS GIAC certifications are supposed to be very tough, but I am only telling you what I have heard. I have taken the some MS/Cisco stuff, and for the most part they are just a notch above the CompTIA stuff in diffuculty IMHO. Anyway, here is a couple of paragraphs from their website:

SANS training and GIAC certifications address a range of skill sets including entry level Information Security Officer and broad based Security Essentials, as well as advanced subject areas like Audit, Intrusion Detection, Incident Handling, Firewalls and Perimeter Protection, Forensics, Hacker Techniques, Windows and Unix Operating System Security. GIAC is unique in measuring specific skill knowledge areas instead of general purpose security knowledge.

GIAC certifications expire in a period of 4 years. Students must review the information and retake the exams in order to remain certified. Although there are other entry level certifications avaiable, GIAC is the only information security certification including advanced technical subject areas.

Good luck!

Munck

The questions are mostly multiple choice. IMO you don't need any vendorspecific certs before doing a SANS cert. If I were you, I would go to one of the conferences, joining a track that suits your interest. After that you have 4 months to complete the exams (normally 2 per cert).

As far as the first cert to obtain goes, that depends on your situation and current level of knowledge. Their "baseline" cert is GSEC, which is app. 70-80% of he material tested on the CISSP. I jumped right in and took the GCFW, as the material suited me better.

All in all I highly recommend SANS certs to anyone into security. Yes, they are expensive, but hey! - get your employer to pay for it I hope I get the chance to obtain the GCIA and/or GCIH in the future.

sprkymrk

Munck wrote:

The questions are mostly multiple choice. IMO you don't need any vendorspecific certs before doing a SANS cert. If I were you, I would go to one of the conferences, joining a track that suits your interest. After that you have 4 months to complete the exams (normally 2 per cert).

As far as the first cert to obtain goes, that depends on your situation and current level of knowledge. Their "baseline" cert is GSEC, which is app. 70-80% of he material tested on the CISSP. I jumped right in and took the GCFW, as the material suited me better.

All in all I highly recommend SANS certs to anyone into security. Yes, they are expensive, but hey! - get your employer to pay for it I hope I get the chance to obtain the GCIA and/or GCIH in the future.

Thanks for the info. I have been to several gov't sponsored training schools that mirror the SANS training. I would also like the GCFW as I have an affinity for firewalls, though I have only managed 3 different big-name firewalls, unfortunately not to include PIX or Check Point, 2 of the biggest.
You said each cert is 2 exams? How does that work? And did you have to write a practical (what they now call "Gold Cert") or did you just take the exam itself ("silver") - just curious how rigorous the process is for judging the written practical is. Thanks!

JDMurray

SANS Network Security 2006 is October 1st-9th in Las Vegas at Caesar's Palace. Anyone going?

http://sans.org/ns2006/

sprkymrk

I would dearly love to, but as I am attending Black Hat/DefCon at the end of July/beginning of August I don't think I'll be able to.

JDMurray

BlackHat is too expensive for me, but Defcon 14's admission is only $100 cash at the door.
What is there to see at Defcon? I'm only a few hours from LV and might go if it's interesting enough.

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html

http://www.defcon.org/

sprkymrk

jdmurray wrote:

BlackHat is too expensive for me, but Defcon 14's admission is only $100 cash at the door.
What is there to see at Defcon? I'm only a few hours from LV and might go if it's interesting enough.

http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html

http://www.defcon.org/

I wasn't too impressed last year when I went (or was it the year before last?), but it was okay.
The good stuff:

Cheap admission. Interesting and sometimes enlightening topics by smart people. Cheap admission.

The bad stuff:

It was WAY overcrowded when I went. The speakers were limited to about 45 minutes max. Kind of chaotic atmosphere. Due to space and time constraints it was impossible to sit 2 presentations in a row. You basically had to skip every other one.

However, the overcrowding issue should be corrected this year as they have moved from the cramped confines of Alexis Park. If they increase the presentations to about an 1 hour and 15 minutes it would be a lot better.

Also, I am a stick-in-the-mud homebody family guy and the party atmosphere with a lot of 17-22 year olds in leather, black, and ripped denims with multiple piercings, spiked and colored hair, etc. is just not my crowd. No offence, as they were all friendly and that's just their style, but as a late 30's year old clean cut guy that wore clean blue jeans and a polo shirt I got made as a Fed in the "spot the fed" contest more than once.

Munck

sprkymrk,

Not having expperience with PIX or FW-1 is not a problem. SANS won't teach you how a use a specific firewall brand. They teach you why and when to use a specific type of firewall. (amongst many other things - think defense-in-debth)

For the GCFW, the first exam is TCP/IP. The second is - well, the rest of the curriculum You take them by logging into your SANS account online. The questions are "open book", meaning you have everything (including google) at your disposal. I quess I don't have to say that time management is a major issue here...

Actually, I'm starting my practical in August When completing the "Silver" certification, you have up to two years to finish the "Gold" cert. Right now I'm trying to decide on a particular subject. I plan on spending 2-3 months on the assignment.

If you have further questions, fell free to shoot

sprkymrk

Most excellent Munck, thank you. It would be great if you started a thread on your practical experience when you are close to finishing. I would be curious to hear about the ins and outs and what all you went through. Oh, and of course post us a link to the finished product on SANS Reading Room!

JDMurray

sprkymrk wrote:

but as a late 30's year old clean cut guy that wore clean blue jeans and a polo shirt I got made as a Fed in the "spot the fed" contest more than once.

This sounds just like me, but I'd be wearing a Hawaiian shirt. If I go, I'd better find my old earrings, shave my head, and wear all-black or military clothing. It'd be high school fashion all over again.

sprkymrk

jdmurray wrote:

sprkymrk wrote:

but as a late 30's year old clean cut guy that wore clean blue jeans and a polo shirt I got made as a Fed in the "spot the fed" contest more than once.

This sounds just like me, but I'd be wearing a Hawaiian shirt. If I go, I'd better find my old earrings, shave my head, and wear all-black or military clothing. It'd be high school fashion all over again.

Hey, I think I saw you there last year!

cbigbrick

I was able to attend the SANS conference in Washington, DC in early July. It was excellant!! They are now offering a Masters Degree based on their certification tests. Not a bad deal IMHO.

I will also be taking 3 SANS certification exams by November 4th.

Stay tuned!!!

Munck

3 exams?!?
- How is that possible?

cbigbrick

Very simple. When I was at the conference, I attended 2 courses. The first one was 401, which requires 2 exams to be ceritfied and the 405, which requires 1 exams to be certified. There is also a time limit of 4 months after completing the courses to take the these exams. They do this because material changes.

The do have self study programs, I think. Please refer to SANS.org website for more infomation.

p0et

Actually, I'm starting my practical in August When completing the "Silver" certification, you have up to two years to finish the "Gold" cert. Right now I'm trying to decide on a particular subject. I plan on spending 2-3 months on the assignment.

I received an email from a lady at SANS who assured me that the practicals are no longer required. She said that if you do decide to write a practical you will have a Gold cert and if you just do the exams, you will still be certified.. just silver, not Gold.[/quote]

Munck

p0et, she's right. As I wrote you have two years after earning silver to finish gold - if you choose to. It's volentary. As you see on the GIAC website most people stop at silver.

p0et

After going through my SANS folder in gmail, weeding through 300 newsletters, etc.. i ran into 2 asking where I was. turns out i'm accepted to be a Volunteer at SANS Vancouver! I immediately filled out the forms and tried to fax them off but everytime i get "no answer". Still have yet to receive an email reply from them. That's one thing I don't like about SANS... it takes forever for them to respond to any emails. Another thing is that they don't have any books or anything like that you can study from.. it's all just slides.

Munck

Stephen Northcutt (from SANS) have published a couple of books relating to the GCFW and GCIA certifications.

For the GCFW, Inside Network Security, 2nd edition is a good read:
http://www.amazon.com/Inside-Network-Perimeter-Security-2nd/dp/0672327376/sr=8-1/qid=1160120403/ref=pd_bbs_1/104-9811880-5531122?ie=UTF8&s=books

For the GCIA, Network Intrusion Detection, 3rd edition is a good read:
http://www.amazon.com/Network-Intrusion-Detection-Stephen-Northcutt/dp/0735712654/sr=8-2/qid=1160120403/ref=pd_bbs_2/104-9811880-5531122?ie=UTF8&s=books

blacksun

Hey guys,

The SANS cert's are all about the minute and clear Basic's of IT-Security,
which covers in-depth and the Basics of how TCP/IP protocols work,

Incident Handling process,
Protecting against the worms,trojans,Backdoor/Malicious code.. rather.
and the Laws & Ethics too.

So If anyone wants to know & learn more of the Security from Scratch,
I would say you should go in for atleast GCIH.

Thanks.