Sans gcfw

Is it me, or is this course way too easy? I have gone through 2 of the (6) books in about 2 days, hoping to finish the 3rd one between today and tomorrow.

Book 1 was pretty much a review of the TCP/IP material that is covered by GCIA, so no surprises there. Book 2 has some decent labs, but nothing really special. I am truly hoping book 3 through 6 are far more interesting than the first 2, otherwise I would honestly consider the money spent on this course a waste due to the fact that most of the material is covered by GCIA.

For some odd reason, I cannot download the mp3s for this course as I get an error message stating that the files do not exist. Overall, I am not too pleased with the course so far, but we shall see what happens. I'm hoping to take the exam sometime in May, but it all depends on school workload, upcoming projects at work, and so forth.

Next up is GCFA, and I am reallyyyyyyyyyyyyyyyyyyyy looking forward to this one. I am fully motivated at the moment and hope to also have my CISSP by the end of the year, if time allows. Next year is going to be all about gold papers and my GSE attempt. Who knows, I might be able to squeeze CEH in, but only time will tell.

It's been a hell of a ride so far as I have taken (3) SANS courses in about (6) months. With a bit of luck, I will have my GSEC, GCFW, GCIA, GCIH and GCFA within a year. The funny part is I will have to get another bookshelf as I ran out of space on the one I have.

My goal is to have the GSE credential and a M.S degree in Information Assurance and Security from Capella university by 2013. So far so good as I am right on track to achieving both.

Find more posts tagged with

Comments

docrice

I found 502 definitely easier than 503. There's a fair amount of overlap, but the rest of the course should be a bit different. The labs aren't that exciting though. However, I did 502 with a lot more experience in that subject matter than I did with 503, so I'm biased. 502 also doesn't get too deep at the nitty-gritty "bit level" like 503 does, although you'll need to interpret different log outputs and decipher their meaning (not too difficult if you've gotten your GCIA). Both 502 and 503 go hand-in-hand though as they're pretty much inter-related. I found the progression from 502 to 504 pretty natural.

You and I are on a parallel course. I presume you did 401, then 504, 503, and now 502. I did 401 last year, then 502, 503, and 504 this year. Looks like we're going different paths from here on out though as I'm thinking of 617 next, although getting the GCFA interests me as well. An interesting note on the forensics track is that SANS recommends you go through their 408 course first, but I rarely see anyone mention it nor are there as many GCFEs as there are GCFAs. I took the CHFI course a few years back so I'm hoping that's enough for me to go straight to 508.

http://www.sans.org/security-training/advanced-computer-forensic-analysis-incident-response-98-mid

"Each student must attend FOR408: Computer Forensic Investigations - Windows In-Depth prior to taking this course OR pass the FOR408 Assessment Test."

When I took 502, the MP3s for half of Day 5 were simply not available, which is a bummer. SANS confirmed that when I asked. If you're unable to download the rest of them, I'd give SANS a ring.

Also, if you've been taking all your classes via OnDemand, be sure to register your invoices with the OnDemand Rewards department. If you take four full-length OnDemand classes within a year's time, that should give you almost enough points to get a free full-length course. Just purchase a short 2-day OnDemand course and that should get you enough points. That's what I'm thinking about to get the 617. I was planning to challenge the GAWN, but given that the course author (Joshua Wright) apparently updates the course often, I'd rather take the class and learn new stuff.

ipchain

docrice wrote: »

I found 502 definitely easier than 503. There's a fair amount of overlap, but the rest of the course should be a bit different.

I agree with your assessment of this course. I also found it easier than 503, and there is also a great amount of overlap.

docrice wrote: »

502 also doesn't get too deep at the nitty-gritty "bit level" like 503 does, although you'll need to interpret different log outputs and decipher their meaning (not too difficult if you've gotten your GCIA)

Thanks for the heads up, I was kind of expecting lots of log analysis on 502 as well. My friend took GPEN recently and he mentioned there is a great deal of log analysis on it as well, mainly tcpdump hex outputs.

docrice wrote: »

You and I are on a parallel course. I presume you did 401, then 504, 503, and now 502.

I actually did GCIH first, then GSEC, GCIA and I should be taking GCFW next Saturday. Why did I do GCIH first? Well, I ran into a friend of mine during my daily commute to work (I used to take the train), and he mentioned he had won some sort of scholarship and was able to take the course for FREE. To make the story short, he actually talked me into taking GCIH first, and I did. Loved the course, as I am sure you will.

docrice wrote: »

Looks like we're going different paths from here on out though as I'm thinking of 617 next, although getting the GCFA interests me as well. An interesting note on the forensics track is that SANS recommends you go through their 408 course first, but I rarely see anyone mention it nor are there as many GCFEs as there are GCFAs. I took the CHFI course a few years back so I'm hoping that's enough for me to go straight to 508.

Yup, it appears we are headed down different paths from here on out. I had read about having to take 408 first, but I am hoping that I can pass the assessment test and move on to take the GCFA. We will see, if I can't get through the assessment test then I will have to go for GPEN.

docrice wrote: »

When I took 502, the MP3s for half of Day 5 were simply not available, which is a bummer. SANS confirmed that when I asked. If you're unable to download the rest of them, I'd give SANS a ring.

Looks like they are working on creating new MP3s, but I was granted access to the old files after emailing their self-study email address. I ran into the same problem you did with the old files - some MP3 files are not available.

docrice wrote: »

Also, if you've been taking all your classes via OnDemand, be sure to register your invoices with the OnDemand Rewards department. If you take four full-length OnDemand classes within a year's time, that should give you almost enough points to get a free full-length course. Just purchase a short 2-day OnDemand course and that should get you enough points. That's what I'm thinking about to get the 617. I was planning to challenge the GAWN, but given that the course author (Joshua Wright) apparently updates the course often, I'd rather take the class and learn new stuff.

Thanks for the tip, I had been looking into that option as well. I will most like do the same thing, but we shall see what happens.

ipchain

So, I passed GCFW with 94 today. In all fairness, I believe the exam questions were evenly distributed across all domains, and I really enjoyed the test. This has been the easiest exam I have taken from SANS by far, but I look my time and finished in about 2 and 1/2 hours. I was looking for a perfect score on this one, but I will gladly take the 94

Overall, the course was unique and very interesting. As I stated in my previous post, I felt there was quite a bit of overlap between GCFW and GCIA, but Chris Brenton did a good job in keeping you engaged and fully alert. Things got a bit more interesting in books 3 through 6, so it was a decent course.

I wish SANS would have touched on SIEM more in-depth, especially since I am working with it nowdays, but it is what it is. I particularly enjoyed the book on firewall technologies and VPN/Encryption.

All of my SANS training has come in the form of self-study through On-Demand, and I am very pleased with the system. I ran into some technical difficulties with the MP3 files for GCFW, but other than that I have no complaints. If I could do it again, I would have probably taken another course as this one did not meet some of my expectations.

docrice

A score of 94 is solid. Congratulations. I'll agree that 502 felt a bit thin in some areas, SIEMs being one as you mentioned. Going into the course I had also expected deeper coverage on iptables and pf, maybe even some open source VPN. Still, the six days contains no filler and as a stand-alone course (for those not considering SEC503 at all), I thought it was a good experience.

The thing about SANS courses is that although some topics gets into specific tools and their usage, a main take-away is the mindset and awareness of key areas to be on the lookout for. As soon as I finished 502, it had enough influence on me that I started making some new changes in my work routine.

Paul Boz

Good job. I also found the IA to be tougher but was still pleased with the FW.

ipchain

Thanks guys. I am giving away a practice exam for GCFW with an expiration date of October 5th, 2011.

If you're looking to challenge this exam in the near future and would like to have a shot at the practice exam, feel free to pm me.

I might end up giving up one of my GPEN practice exams as well, so stay tuned.