|
unsupported
|
 |
« on: February 12, 2009, 11:45:31 AM » |
|
I am burning my way through CEH self study and I am going to test in a few weeks. I wanted to know if it would be worth my while to also go back for GCIH. GCIH was my first pick for my next certification, but due to department budget issues not being resolved, I went with my second choice. Is there a lot of overlap in CEH and GCIH? I've been told that GCIH focuses more on defense and incident response, where CEH is more of attack (which is what I am finding).
Your opinions are appreciated!
|
|
|
|
|
Logged
|
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
|
|
|
|
charlottebandit
|
|
« Reply #1 on: February 12, 2009, 11:14:05 PM » |
|
GCIH is primarily focused on Incident Handling which is a solid subject to focus on, although you may be better off focusing on GPEN (Network pentesting) and GWAPT (Web Application Pentesting) which is more of what you're looking for.
Now of course most of these tracks assume little to no security to pull these off so I would also suggest strong familiarity with security infrastructure that supercedes a simply firewall and IPS. As part of PCI compliance now (since 7/08), it requires a web app firewall to address top 10 owasp vulnerabilities which can also focus on web services security. Plus there's endpoint security, network admission control for posture assessment, email & web content filtering, network security management (event correlation & mitigation), and more. Many networks are bound to have at least one of these, if not more.
|
|
|
|
|
Logged
|
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
|
|
|
|
Jhaddix
|
|
« Reply #2 on: February 12, 2009, 11:19:39 PM » |
|
Hi again Unsupported! I would def go with GCIH. In my opinion, as well as my bosses, GCIH is more marketable to employers. Incident Handling is a valuable skill to have, especially in these times. As a plus you also get the hacker exploits and techniques part which preps you for offensive security and pentesting if that's what you are looking to do. There are about three reviews below your topic in the forums reviewing GCIH and I also recommended reading here: http://blog.networkfoo.org/?tag=sans-504Also i tend to tell students to look into getting the Certified Network Defense Architect if they will be consulting gov or state agencies. Same test as the CEH, different name. State/gov offices don't like the word "hacker" in anyone's title, the exam code for that CNDA is 312-99 and you have to email EC to get to take it. Good luck! |
|
|
|
|
Logged
|
|
|
|
|
vijay2
|
|
« Reply #3 on: February 13, 2009, 06:33:56 AM » |
|
I would just say that there is no comparison between the 2 courses. The focus of both certs is totally opposite. CeH focuses mostly on the offensive security mostly on attack tools while GCIH focuses on Defesnive and Incident Respones.
Though there might be some overlap of what is coverd in both, the focus is totally opposite.
It all depends on what your job requirement is to choose one over the other.
Thats my 0.001 cent
VJ
|
|
|
|
|
Logged
|
GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+
|
|
|
|
BillV
|
|
« Reply #4 on: February 13, 2009, 07:42:21 AM » |
|
Also i tend to tell students to look into getting the Certified Network Defense Architect if they will be consulting gov or state agencies. Same test as the CEH, different name. State/gov offices don't like the word "hacker" in anyone's title, the exam code for that CNDA is 312-99 and you have to email EC to get to take it.
Alternatively, once you have earned CEH you can pay a $50 (last I checked) fee to receive CNDA (and I'm sure there's some sort of application/paperwork that goes along with it). BillV |
|
|
|
|
Logged
|
|
|
|
|
Equix3n-
|
|
« Reply #5 on: February 13, 2009, 07:48:39 AM » |
|
Alternatively, once you have earned CEH you can pay a $50 (last I checked) fee to receive CNDA I just checked EC-COUNCIL's website. It states that The CNDA certification is awarded only to employees who work for United States Government and Military Agencies From where did you get this info.? |
|
|
|
|
Logged
|
|
|
|
|
Jhaddix
|
|
« Reply #6 on: February 13, 2009, 08:36:30 AM » |
|
Alternatively, once you have earned CEH you can pay a $50 (last I checked) fee to receive CNDA I just checked EC-COUNCIL's website. It states that The CNDA certification is awarded only to employees who work for United States Government and Military Agencies From where did you get this info.? I believe its in the faq section... maybe... They tell you when you email them. And as stringent as the requirement sounds it not hard to convince them to let you switch the title. On a side not i one saw a guy touting BOTH certs... i didnt want to say anything, but i thought it was funny. Using 1 test for two titles.. cmon!  |
|
|
|
|
Logged
|
|
|
|
|
BillV
|
|
« Reply #7 on: February 13, 2009, 09:48:11 AM » |
|
From where did you get this info.?
I don't remember. I'm involved with lots of EC-Council stuff... maybe a webinar where that was announced? The application form is available here: CNDA Application. BillV |
|
|
|
|
Logged
|
|
|
|
|
unsupported
|
|
« Reply #8 on: February 20, 2009, 08:47:32 AM » |
|
Thank you all for the information regarding GCIH. My team is moving towards a security operations center (CIRT level 1) role and I think once I self study I can get my manager to pop for the cheapest SANS training option.
Thanks for the link to the CNDA application. I may be able to swing it, as long as their interpretation of US Govt. Agency is loose. I work for a big company who is good friends with the government and I have enough ties to an agency/program to be able to keep "secrets".
Does anyone have experience with converting a CEH to CNDA?
|
|
|
|
|
Logged
|
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
|
|
|
|
BillV
|
|
« Reply #9 on: February 21, 2009, 08:25:32 AM » |
|
Does anyone have experience with converting a CEH to CNDA?
I don't have any personal experience with it. You could try shooting an email to info@eccouncil.org with your questions. If you don't get a reply in a suitable amount of time (or don't get a good answer), let me know and I'll see what I can find out for you. BillV |
|
|
|
|
Logged
|
|
|
|
|
timmedin
|
|
« Reply #10 on: February 22, 2009, 09:16:05 PM » |
|
If GCIH is your first choice then it sounds you are looking to go down the incident handler path. If that is the case then the CEH won't really help you achieve your goal, however, it is isn't a bad supplement. If you know more about the potential ways an intruder will be getting it to your network then that always helps in incident response. It won't help with the detection and eradication portions of IH, but it never hurts to keep learning.
If you are looking to go down the offensive path then I would recommend the GPEN from SANS. The SANS class does a good job explaining attacks and also includes valuable sections for reporting your findings to the client which is not included in the CEH. If you can effectively communicate, classify, and prioritize your findings to the client then the it doesn't matter how good the attack was. At the end of the day there has to be value for the client.
|
|
|
|
|
Logged
|
|
|
|
|
unsupported
|
|
« Reply #11 on: February 24, 2009, 08:29:51 AM » |
|
GCIH was my first choice, but I took CEH because my departmental budget was not finalized. I am really enjoying the CEH material and look forward to GCIH. I missed out on the Orlando SANS, but maybe my manager will shell out the cash for the at home training. Especially since I would be using my own time, but the companies money. When sending someone to training they weight the costs of the actual course and how much the employee makes that week.
Once I am done with CEH, I'll take a low approach with Counter Hack Reloaded.
|
|
|
|
|
Logged
|
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
|
|
|
|
