Docrice,
It's hard to say whether you'd benefit from 503 enough to justify the cost or not. The first couple of days does get into the "bits and pieces" if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc.. It certainly instills a strong mindset and approach, but I think in today's world the bulk of the attacks require a broader analysis of traffic payloads and associated traffic streams in their entirety (the NSM approach).
I had similar doubts but 503 would get me started and push in the right direction.
For a dedicated IDS class, I think there's nothing more hardcore than 503. Even Sourcefire's product courses as well as their Snort class doesn't go as much in-depth in a vendor-neutral way (and I've taken their 3D System and Snort Rules Writing courses). That said, 503 doesn't teach you everything. Being good at it comes with practice, lots of analysis time, and the wisdom gained through experience.
Ofcouse to benefit from any course we would need to do our own post-study as well. So I understand what you mean by doesnt teach everything
I did the Sorcefire Admin certificationIt was quite good but it was more focused on the appliance and touched a bit on intrusion event analysis.
Really liked how the course was delivered.
When I took 503 a while back, there was very little IPv6 coverage. That might have changed by now. I'd email the course authors (Mike Poor, Judy Novak) and see what they have to say given your experience level. 503 is personally one of my favorite SANS courses that I've gone through. Lots of war stories, and if Mike Poor is teaching, pretty entertaining.
Will mail them. Thanks for the information.
Show Posts
Haddix : occhiali da sole oakley No. obwk9670fcn8
