HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 45 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow General Certificationarrow SEC503: Intrusion Detection In-Depth-- A like
EH-Net
May 21, 2013, 02:24:48 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: SEC503: Intrusion Detection In-Depth-- A like  (Read 4288 times)
0 Members and 1 Guest are viewing this topic.
prats84
Newbie
*
Offline Offline

Posts: 41


View Profile
« on: November 23, 2012, 01:31:06 AM »
Hey

I am looking for a review for this course and if any other courses are offered by some other institutes.

SANS:
SEC503: Intrusion Detection In-Depth


Pratik
Logged
Dark_Knight
Sr. Member
****
Offline Offline

Posts: 292


View Profile WWW
« Reply #1 on: November 23, 2012, 06:57:28 AM »
What do you want to know?
Logged
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #2 on: November 23, 2012, 12:14:37 PM »
What's your goal?
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
docrice
Newbie
*
Offline Offline

Posts: 27



View Profile
« Reply #3 on: November 23, 2012, 10:56:54 PM »
I posted a review on another forum regarding 503 a while back.  Google up "GCIA passed" and you should see it.  I felt it was a great course, but what you'll get out of it depends on what you already know about TCP/IP fundamentals as well.

TCP/IP Weapons School by Richard Bejtlich is also a good supplemental course.  I've posted a review for it on the same site.

SANS 558 also seems pretty cool, although I've haven't taken it.
Logged
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, OSWP, WCNA, CCNA, CCNA Security, [...and other resume filler]

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
prats84
Newbie
*
Offline Offline

Posts: 41


View Profile
« Reply #4 on: November 25, 2012, 02:38:37 AM »
I was looking for the review of 503 as well as some similar courses.
I have been working with Firewalls, VPN and IDS/IPS, SIEM for quite a time but always feel I need a bit more knowledge in Intrusion analysis, log analysis.

So wanted to know what exactly 503 offers and if any other similar courses.

My goal is to be able to identify Intrusion or malicious activity.

@docrice
 I saw the review and seems nice. Do they offer IPv6 analysis as well?
 I am good with TCP/IP so might go straight for 558 i think or if something similar I can find.


Thanks all.
Logged
alucian
Full Member
***
Offline Offline

Posts: 225



View Profile
« Reply #5 on: November 26, 2012, 07:50:21 AM »
I would say that it is better to start with 503. It will give you a good foundation in network intrusion analysis. Then, when you'll master this level you can go to the next one.
Logged
CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP
prats84
Newbie
*
Offline Offline

Posts: 41


View Profile
« Reply #6 on: November 27, 2012, 07:10:02 PM »


 My knowledge with TCP/IP is very good and Traffic analysis is 'not bad' I have worked Snort, SourceFire and Cisco IPS. Tuning and configuring is one  part and identifying intrusions is another part.


Looking at the course contents it  start on explaining tcp/ip and has two  days for traffic analysis using Tcpdump and then dwells into Snort.

Havent taken a SANS course before and the courses are pricey. Even though the course might be company sponsored but still wanted to know if any other similar courses were out there.

Thanks guys for your information. 
Logged
docrice
Newbie
*
Offline Offline

Posts: 27



View Profile
« Reply #7 on: November 28, 2012, 01:54:37 AM »
It's hard to say whether you'd benefit from 503 enough to justify the cost or not.  The first couple of days does get into the "bits and pieces" if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc..  It certainly instills a strong mindset and approach, but I think in today's world the bulk of the attacks require a broader analysis of traffic payloads and associated traffic streams in their entirety (the NSM approach).

For a dedicated IDS class, I think there's nothing more hardcore than 503.  Even Sourcefire's product courses as well as their Snort class doesn't go as much in-depth in a vendor-neutral way (and I've taken their 3D System and Snort Rules Writing courses).  That said, 503 doesn't teach you everything.  Being good at it comes with practice, lots of analysis time, and the wisdom gained through experience.

When I took 503 a while back, there was very little IPv6 coverage.  That might have changed by now.  I'd email the course authors (Mike Poor, Judy Novak) and see what they have to say given your experience level.  503 is personally one of my favorite SANS courses that I've gone through.  Lots of war stories, and if Mike Poor is teaching, pretty entertaining.
Logged
GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, OSWP, WCNA, CCNA, CCNA Security, [...and other resume filler]

Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
prats84
Newbie
*
Offline Offline

Posts: 41


View Profile
« Reply #8 on: November 28, 2012, 02:14:48 AM »
Docrice,



Quote from: docrice on November 28, 2012, 01:54:37 AM
It's hard to say whether you'd benefit from 503 enough to justify the cost or not.  The first couple of days does get into the "bits and pieces" if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc..  It certainly instills a strong mindset and approach, but I think in today's world the bulk of the attacks require a broader analysis of traffic payloads and associated traffic streams in their entirety (the NSM approach).

 I had similar doubts but 503 would get me started and push in the right direction.

Quote
For a dedicated IDS class, I think there's nothing more hardcore than 503.  Even Sourcefire's product courses as well as their Snort class doesn't go as much in-depth in a vendor-neutral way (and I've taken their 3D System and Snort Rules Writing courses).  That said, 503 doesn't teach you everything.  Being good at it comes with practice, lots of analysis time, and the wisdom gained through experience.


Ofcouse to benefit from any course we would need to do our own post-study as well. So I understand what you mean by doesnt teach everything

I did the Sorcefire Admin certificationIt was quite good but it was more focused on the appliance and touched a bit on intrusion event analysis.
Really liked how the course was delivered.



Quote
When I took 503 a while back, there was very little IPv6 coverage.  That might have changed by now.  I'd email the course authors (Mike Poor, Judy Novak) and see what they have to say given your experience level.  503 is personally one of my favorite SANS courses that I've gone through.  Lots of war stories, and if Mike Poor is teaching, pretty entertaining.

Will mail them. Thanks for the information.
Logged
prats84
Newbie
*
Offline Offline

Posts: 41


View Profile
« Reply #9 on: November 28, 2012, 10:11:03 PM »
Found these "Intro to Network Traffic Analysis
Hack3rcon 3" videos as well on irongeek's site:


Intro to Network Traffic Analysis - Part 1


http://www.irongeek.com/i.php?page=videos/hack3rcon3/03-intro-to-network-traffic-analysis-part-1-jon-schipp


Intro to Network Traffic Analysis - Part 2


http://www.irongeek.com/i.php?page=videos/hack3rcon3/04-intro-to-network-traffic-analysis-part-2-jon-schipp
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.