Information regarding SANS GIAC exams

youchoniumyouchonium Member Posts: 13 ■□□□□□□□□□
Hey guys,

I recently moved into a position doing IDS Tuning and Analysis and saw that SANS offered a certification for intrusion detection. I'm very interested in this, but am having difficulty finding information. I was hoping if there was anyone on the forum who has taken any SANS exams and would be able to share their experiences. (i.e. If self study is possible, necessary to use SANS courseware...)

Thanks,
Youchan

Comments

  • MunckMunck Member Posts: 150
    Stephen Northcutt (from SANS) have writen several books you can use in your preperations. They are very well writen, and I highly recommend them. I'm starting the GCFW in october (Local Mentor program). About not having to use SANS courseware, I guess it depends on your experience. Good luck
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,668 Admin
    The SANS certs are geared towards attending their face-to-face courses at the conferences, or using their CBT/on-line courses. The price of the CBT/on-line stuff saves you the price of a hotel room, but that's about it. The GIAC and other SANS certs are so expensive that I'm not going to bother with them unless an employer pays for it.

    The next SANS network security conference is in New Orleans, October 24-30, 2005. There are many smaller training session going on all over the world. More info at http://www.sans.org/. The self-study stuff is here: http://www.sans.org/selfstudy/.
  • dissolveddissolved Inactive Imported Users Posts: 228
    i'll be taking one of these soon. Study hex conversion and packet dissection. It's not as hard as it sounds.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,668 Admin
    I just received an email saying that the SANS 11th Annual Network Security conference will now be held October 24-30th in Los Angeles at the Westin Bonaventure Hotel and Suites.

    http://www.sans.org/ns2005/
  • dissolveddissolved Inactive Imported Users Posts: 228
    pm me if anyone is going to a sans event in the future. I'm on the mid-atlantic area and will probably go to one around DC,NJ,MA,CT etc etc.
  • youchoniumyouchonium Member Posts: 13 ■□□□□□□□□□
    Woohoo I convinced my boss that I need SANS training and I'll be attending the SANS Conference in LA. If anyone's going, let me know.
  • Ten9t6Ten9t6 Member Posts: 691
    youchonium wrote:
    Woohoo I convinced my boss that I need SANS training and I'll be attending the SANS Conference in LA. If anyone's going, let me know.

    Good deal....That is the best route to go...Get someone else to pay for it. icon_wink.gif Have fun...

    And I see we have another Texan on the board...you wouldn't happen to be around Dallas would you?

    Kenny
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • youchoniumyouchonium Member Posts: 13 ■□□□□□□□□□
    It's been awhile since I've been on this board. Work has been bussy. I wanted to share about the SANS conference and the GCIA.

    The conference was awesome! Excellent instructors and course materials! If your work will send you, definitely go. There was always something to do during the week. SANS brought in a lot of great guest speakers and vendors (nice to pick up freebies icon_wink.gif ). I learned a great deal, which I can actually apply to my current job.

    I recently passed both tests required for the GCIA certification. Here's some feedback regarding the exams. The two exams were moderately difficult. Luckily, the exams cover the content given at the conference. I did a thorough review of all the course materials, including the workbook exercises and passed both exams on my first attempt. The most time consuming thing I had to do was index all the information. Unfortunately, SANS doesn't think to put an index at the end of their texts.

    Here are a few things covered by the exam.

    TCP/IP fundamentals (Ports, Header Info, reading TCPDump, Hex, Typical/Atypical TCP/IP behavior)
    TCPDump (Recognizing Passive/Active Fingerprinting, SubSeven, Land (Various other attacks)
    Snort (Writing Rules, Configuring Snort, Snort output modes (Barnyard, ACID, etc.)
    Signatures and Patterns (Correlation, reading various logs Cisco, IPChains..., NIDS evasion... too many more my heads in a knot)

    All in all though, SANS was a great experience.

    Youchan

    PS: Kenny, I am in Dallas as a matter of fact.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Congratulations on passing the exams and thanks for teh feedback!

    That's an interesting cert btw, are you planning on adding more SANS certs? Or how about Cisco's Intrusion Prevention Specialist?
  • youchoniumyouchonium Member Posts: 13 ■□□□□□□□□□
    Thanks Johan!

    If I could convince the boss to send me again, I would try for the Forensics or Hacker Tech course. I've heard those are very interesting. I haven't really thought about Cisco because we don't use their IDS products and my lack of experience with Cisco.

    I'm still trying to decide what to gear up for next. Right now, I'm looking toward CWNA->CWSP or the CISSP or maybe both hahahhaha.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,668 Admin
    youchonium wrote:
    Unfortunately, SANS doesn't think to put an index at the end of their texts.
    One upon a time, building a good index was probably the most intensive and expensive part of publishing a book. It's actually a specialty publishing profession. I've known a couple of professional indexers and they were very intense people. Now-a-days indexing is largely accomplished using special publishing software, but there is still some truly mind-numbing work involved.

    And come over to the CWNP forum and ask some questions!
Sign In or Register to comment.