Can you recommend some books for GSEC

Amco

Any books or study guides you found useful for the GSEC.

Find more posts tagged with

Comments

Bl8ckr0uter

Amco wrote: »

Any books or study guides you found useful for the GSEC.

For starters Network Security Bible (written by the same guy who helped write the test). I plan on going for the test next year. I have a list around here somewhere. I'll post it when I find it. I think I am going to use one of the Security resource kits for windows 2003/2008 to help with the windows security aspect. I know I also wanted Hardening linux (no jokes, low hanging fruit). I know I am also going to use my ISCW book for some of the network security aspects of the exam. I think a book like counterhackreloaded would help with some of the other objectives. There are a few folks here who have taken the exam so I also wanted to pick their brains at the end of the year. For some of the more advanced InfoSec people on here, apparently this test was pretty easy but to me the objectives look a bit broad. I plan to self study and challenge the test.

As I am looking at the objectives again, the Network Security Bible covers a lot of them. I just cannot say whether or not it is enough for the exam.

docrice

SANS updates their course content often, but that book by Eric Cole is pretty recent and from glancing at the table of contents it looks pretty similar to the official GSEC course materials I have (although arranged in a slightly different order). I'd probably expect this though since Dr. Cole authored the GSEC.

Bl8ckr0uter

docrice wrote: »

SANS updates their course content often, but that book by Eric Cole is pretty recent and from glancing at the table of contents it looks pretty similar to the official GSEC course materials I have (although arranged in a slightly different order). I'd probably expect this though since Dr. Cole authored the GSEC.

Do you think that the Network Security Bible will be enough (along with a few other things)? Basically do you think that this test can be self studied?

docrice

I've only seen that book's table of contents so I don't know how "GSEC-thorough" it is and all I can do is speculate without having it in-hand. That said, yes the GSEC can be self-studied for, but since the certification covers such a wide range of topics, it probably won't be easy unless you have existing experience in common security topics like basic crypto, authentication controls, basic forensics, policies, examining packet traces, wireless, etc., as well as general Windows / Linux security.

I'd bet that book would be invaluable though.

Bl8ckr0uter

docrice wrote: »

I've only seen that book's table of contents so I don't know how "GSEC-thorough" it is and all I can do is speculate without having it in-hand. That said, yes the GSEC can be self-studied for, but since the certification covers such a wide range of topics, it probably won't be easy unless you have existing experience in common security topics like basic crypto, authentication controls, basic forensics, policies, examining packet traces, wireless, etc., as well as general Windows / Linux security.

I'd bet that book would be invaluable though.

I have it. It is a good read, a bit dry at times though. I don't have that much experience but I think with a few months (4 or so) I should be able to self study for it.

rwmidl

Are you just taking the test or are you going to take the class from SANS first?

Amco

I really don't have the money for a class, so it's going to be self-study.

Bl8ckr0uter

Amco wrote: »

I really don't have the money for a class, so it's going to be self-study.

Neither do I. Do you have a time frame in mind?

Amco

Nothing within the next 3 months, I have to knock out cwna, cwsp and ccna.

Chris:/*

Bl8ckr0uter

I see. Pretty big list. Sounds like the GSEC is a lot more inclusive than I thought.

Chris:/*

Dr Eric Cole was my instructor for the GSEC and as he put it, the GSEC is the Security+ on steroids and how to enact many things the CISSP talks about (Not a direct quote but the gist is there). When you take the course it lasts 6 days and up to 12 hours a day with 6 books.

rwmidl

Chris:/* wrote: »

Dr Eric Cole was my instructor for the GSEC and as he put it, the GSEC is the Security+ on steroids and how to enact many things the CISSP talks about (Not a direct quote but the gist is there). When you take the course it lasts 6 days and up to 12 hours a day with 6 books.

Agree with the above. My feeling is the GSEC is/was Sec+ on steroids. If you have some experience and take the class, the books they provide are enough to pass the exam (with a good index).

Chris:/*

That is key,

The indexation of your material so you can quickly find data to analytically answer questions is probably the most important thing. Just because you have the reference does not mean you know how to apply the information.

Bl8ckr0uter

Interesting input guys. So would you consider this a basic infosec cert ie something an entry level infosec person should look to obtain or more of an advanced one.

Chris:/*

Definitely not, it is an intermediate to professional level certification. I would recommend A+, Net+, Sec+, Linux+ and even some Windows certifications at least first. Remember the material you are studying in the official books comes to around 3000 pages. Now there are a lot of diagrams and pictures but it is all good information.

Bl8ckr0uter

Chris:/* wrote: »

Definitely not, it is an intermediate to professional level certification. I would recommend A+, Net+, Sec+, Linux+ and even some Windows certifications at least first. Remember the material you are studying in the official books comes to around 3000 pages. Now there are a lot of diagrams and pictures but it is all good information.

By the EOY (and around the time I will start studying for this) I should have S+ and LPIC-1 in addition to the certs I have listed. I probably won't have any MS certs but I do have all of the lab manuals and student guides for MCSE along with the Windows PKI guide. I think adding a few more things (especially the stenography, cryptography, packet capture and wireless) it should be enough. The one thing I don't know is versions. 2003 or 2008? XP or 7? Debian or Red Hat? What I am thinking is that it is more of a general exam in that regard.

Chris:/*

For the most part it is vendor neutral, so do not worry about that. Also pick up the Javvin guides and you should be good to go. Best of luck.

Amco

Good looking out

Bl8ckr0uter

Chris:/* wrote: »

For the most part it is vendor neutral, so do not worry about that. Also pick up the Javvin guides and you should be good to go. Best of luck.

Vendor neutral or version neutral?

docrice

For the most part, it's vendor neutral, although there are some technologies that it will make certain brand examples out of (like on virtualization they'll refer to VMware a lot).

Here's my two cents on the GSEC vs. the Security+... I spent about a week prepping for the Sec+ and I passed with a 890 / 900. I took the GSEC course after that and even with the open-book exam format, I still had to spend a solid month prepping for the exam and I didn't get anywhere near a perfect score. Indexing your material helps, but the GSEC exam doesn't give you enough time to look up answers for every question. You either know it or don't. And you probably don't want to have to spend the time to look up more than a couple dozen answers in the books because the exam will start getting long and you'll get tired.

If the Sec+ was an inch deep, the GSEC is easily three inches deeper with the same broad coverage of topics (if not more).

Chris:/*

Like docrice explained it basically version neutral unless it is explaining certain technologies like VMware and Windows. It does not go into Cisco vs Juniper or Red Hat vs Suse.

Bl8ckr0uter

Chris:/* wrote: »

Like docrice explained it basically version neutral unless it is explaining certain technologies like VMware and Windows. It does not go into Cisco vs Juniper or Red Hat vs Suse.

I don't know if this breaks NDA (I will call SANS if it does) but does it talk about server 2003 or 2008? That's what I meant by version neutral.

Chris:/*

What I can say is it is not a configuration exam it is an applied security exam. Sorry I cannot be more helpful than that with that question.

docrice

I think it's appropriate to say that SANS revises the course / exam focus depending on what's relevant today. That means the material could in theory relate to both Server 2003 and 2008. Maybe it might reference XP or 2000 depending on what they're trying to teach you. In other words, I don't think the GSEC looks at the latest-and-greatest versions of technologies for the sake of only looking at the newest stuff on the market. If a lot of today's security issues revolve around Server 2003 because it's still used by many, many businesses, then I'm sure it'll get a mention.

Bl8ckr0uter

Chris:/* wrote: »

What I can say is it is not a configuration exam it is an applied security exam. Sorry I cannot be more helpful than that with that question.

That's good. I think I get what you are saying.