GCIA Preparation and attempt log

2»

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Much obliged; that looks like a fantastic resource.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I'm back on the road this week so in the wake of making my GCFW proposal and continuing my studying for the GCIA I have started reading Bejtlich's "Extrusion Detection," the follow-up to the Tao book which I mentioned above. I've only gotten through chapter one but for the most part its just been a recap of the Tao book so far. That's to be expected. I'm intrigued by the later content on client-side attacks and using network security monitoring to mitigate them. I originally wanted to do my GCFW gold paper on outbound filtering so this book is pretty interesting to me. I wish I would have had this resource when I did my CUNA webinar on outbound filtering last month icon_sad.gif

    Regarding the GCIA prep, I'm heavily leaning towards doing the exam in January when my employer renews my training budget. I blew all of my budget on the GCIH and GSEC so right now I'd have to float the exam out of pocket. I have to do the CISSP in September and that's out of pocket so I'm tempted to just hit the studying for that now and ramp back up on the GCIA after I've received confirmation of a pass. I have LSD-like visions of my head exploding when I think about the CISSP so you can imagine how much I'm looking forward to that.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    I haven't forgotten about this, I just haven't been updating as diligently as I should be. I configured and installed a home-brew OSSIM sensor a few days ago and got that set up on my external network at home. For those unaware of the OSSIM project, its basically the freeware version of the AlienVault SIM/SIEM software. It has snort, nagios, openVAS, and many other tools built in and correlates events with existing data. For example, if Snort detects an exploit known to target windows systems but knows that the system is running Linux based on Nagios and NMAP data it won't prioritize the attack. However, if it knows that the system is vulnerable to that specific exploit (by analyzing OpenVAS results) it will auto prioritize and make a trouble ticket. It has numerous other features that I won't go into detail, but I recommend it. I'm going to do a blog post on basic setup and hardware selection soon.

    Aside from that I've been spending a good bit of time working on TCPDump and snort CLI. I'll have a decent bonus check coming my way in the next few weeks and I'm thinking about spending some of it on a GCIA attempt. I still have $200 on my training budget here so I don't think I'd mind going out of pocket for the remainder. I feel like with about a week of dedicated studying I could be ready for this test. If the attempts were the cost of Cisco exams I would have done it already. The $900 really is a killer.

    In other news I'm considering challenging the GPEN straight up as well.. That's another post for another day though.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Paul Boz wrote: »
    I haven't forgotten about this, I just haven't been updating as diligently as I should be. I configured and installed a home-brew OSSIM sensor a few days ago and got that set up on my external network at home. For those unaware of the OSSIM project, its basically the freeware version of the AlienVault SIM/SIEM software. It has snort, nagios, openVAS, and many other tools built in and correlates events with existing data. For example, if Snort detects an exploit known to target windows systems but knows that the system is running Linux based on Nagios and NMAP data it won't prioritize the attack. However, if it knows that the system is vulnerable to that specific exploit (by analyzing OpenVAS results) it will auto prioritize and make a trouble ticket. It has numerous other features that I won't go into detail, but I recommend it. I'm going to do a blog post on basic setup and hardware selection soon.

    This sounds awesome man. I am looking to roll out an IDS/IPS solution for my new employers network. Do you think this is scaleable for a decent size network ( about 60 users)? How difficult was it to set up? I've been looking at snort and it seems to be pretty straight forward.


    Also how difficult do you think it would be for someone to challenge GSEC? I want to do that test (and a few other SANS exams) but I cannot afford 4k for the training course and my job probably won't pay for that. I want to be as good as a Security Admin as I can be and looking at the objectives for the GSEC make me think that it would be a worth while cert for me to get at this stage in my career.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    knwminus wrote: »
    Also how difficult do you think it would be for someone to challenge GSEC? I want to do that test (and a few other SANS exams) but I cannot afford 4k for the training course and my job probably won't pay for that. I want to be as good as a Security Admin as I can be and looking at the objectives for the GSEC make me think that it would be a worth while cert for me to get at this stage in my career.

    One of the course authors wrote this, and it covers a lot of the material: Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

    You also get two practice exams when you challenge it, and you can use those to identify any areas you are weak in. The exams are open book, so you can bring notes, etc.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    dynamik wrote: »
    One of the course authors wrote this, and it covers a lot of the material: Amazon.com: Network Security Bible (9780470502495): Eric Cole: Books

    You also get two practice exams when you challenge it, and you can use those to identify any areas you are weak in. The exams are open book, so you can bring notes, etc.

    Score. Have you read the book yourself? It seems to have gotten pretty good reviews.

    I just browsed through this book on amazon. I am going to pick it up, asap. Right when I pick up the QoS book and the wireshark guide.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    knwminus wrote: »
    Score. Have you read the book yourself? It seems to have gotten pretty good reviews.

    I own it and have paged through it. Most of the material was review for me. I just picked it up because it was a good "essentials" book and wanted to refresh a few things that I don't work with on a regular basis. It's definitely worthy of the reviews.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    dynamik wrote: »
    I own it and have paged through it. Most of the material was review for me. I just picked it up because it was a good "essentials" book and wanted to refresh a few things that I don't work with on a regular basis. It's definitely worthy of the reviews.

    I think reason why I am going to buy it is the Unix and Web Security. Some of the "networking" stuff looked like review but I am sure it will be worth it.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Hey paul did you ever get around to doing this test?
Sign In or Register to comment.