.

GCIA

<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Thu Jan 13, 2011 9:53 pm

GCIA

Has anyone here taken and/or challenged the GCIA certification? There doesn't seem to be much talk about it here on these boards and I am curious to see if anyone here has done it.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Jan 13, 2011 10:54 pm

Re: GCIA

I would take a look over at techexams.net, I know there was a recent topic from someone who took it.

So can someone explian the differences between the GCIA, GCIH, and GPEN?
sectestanalysis.blogspot.com/‎
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Jan 13, 2011 11:04 pm

Re: GCIA

I took it via SANS OnDemand and did the cert in spring of 2010. It's a fantastic course/cert. What do you want to know?

In a nutshell (I've taken all 3 but did not sit for the GCIH exam):

GCIA - deep dive into packet analysis, hex math, intrusion analysis, yum. This is a blue team course. You will walk away seeing packet dumps in your head and tcpdump switches embedded on the inside of your eyelids.

GPEN - network pentester skills - this is a red team course. It does cover pentest methodology but differs slightly from GCIH in that things like maintaining access and covering tracks are not covered (typically not part of a pentest). Awesome course, take it with Ed Skoudis if you can.

GCIH - responding to attacks, understanding black hat mindset, and some nifty tricks for incident detection and response. Incident handling methodology is covered as well. this is a blue team course.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Jan 14, 2011 8:55 am

Re: GCIA

@tturner: What do you mean by "blue team" and "read team"? Is "red" focused on attack and "blue" team on defense?
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jan 14, 2011 9:06 am

Re: GCIA

Exactly. SANS has a cyber guardian program that lays out their roadmap for blue team and red team members, obviously using SANS courses since that's their business.  :)

http://www.sans.org/cyber-guardian/

I haven't done this program yet as I still require 2 of the baseline skills certs and 1 of the courses but I tend to focus more on red team activities. (took Sec504 but didn't sit for GCIH, and never took the SEC508 or GCFA exam) The bonus here is that  completion of this program also qualifies you for the GSE exam. I'm determined to get there one day, but if you focus only on red team types of skills I think passing the practical for GSE may be a bit difficult. We have a few GSE's on the boards who could probably talk more about that if you are interested. I know I am.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Fri Jan 14, 2011 9:40 am

Re: GCIA

tturner wrote:I took it via SANS OnDemand and did the cert in spring of 2010. It's a fantastic course/cert. What do you want to know?


I just wanted to know someones thoughts on the difficulty on the cert, ie could you have passed it without specific SANS courses. I plan on challenging 1 SANS exam by the end of the year and I think I want to do GCIA (since I do like networking/TCPIP and security). I will have about 4-5 months to study and compile notes for the exam. I have talked to a few people who have said that GCIA is one of the harder SANS exams. I just want to see if you echo that remark.

I eventually want to do GPEN GWAPT (possibly) and GCFW as well with GPEN being the next on my list. That'll probably be 2012 though.
Last edited by knwminus on Fri Jan 14, 2011 9:47 am, edited 1 time in total.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Jan 14, 2011 10:02 am

Re: GCIA

I can't talk for GCIA, but I did GSEC and GPEN without taking SANS courses.

However, I took Pentesting With Backtrack (PWB) from Offensive-Security before trying GPEN. It doesn't cover everything, but it covers a great deal of what you need for GPEN.

But that being said, if I had the money, I would have taken a SANS course anytime...

Last thing, the two practice exams helped me a lot get ready for both exams. When I "thought" I was ready, the practice exams help me focus my study and prepare my notes on areas I was a bit weak.

So it is feasable, but harder...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Fri Jan 14, 2011 10:12 am

Re: GCIA

Yea I read about you experience with GPEN (congrats for that by the way).
The thing about pen testing certs is that there is a lot more of them and (IMO) it is "sexier" than IDS/IPS (blue team) stuff. There is not nearly as much information about IDS/IPS packet level analysis as there is about pen testing. I have been told the wireshark is a good start of the exam (I own the book) so I will read it and go from there.

As far as practice exams, you can purchase more for like 99 dollars so I will probably pick up 1-2 in addition to the 2 you get when you register for the challenge. 
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Jan 14, 2011 11:30 am

Re: GCIA

I really like http://www.packetstan.com/ for packetfu. The authors Mike poor and Judy Novak are also course authors for the GCIA course.

You could probably self study the GCIA if you used the right materials. I'd probably start with TCP/IP illustrated vol 1 and the Wireshark Network Analysis book by Laura Chappell. Richard Beitlich's Tao of Network Security Monitoring would be good as well. You will want to get familiar with Snort and also download the TCP/IP cheatsheet at http://www.sans.org/security-resources/tcpip.pdf

Many many questions will require that cheatsheet so get it for sure.

The certification objectives are at

http://www.giac.org/certbulletin/gcia.php

I also used the following cheatsheets:

http://packetlife.net/media/library/8/IPv6.pdf

http://packetlife.net/media/library/12/tcpdump.pdf

http://packetlife.net/media/library/13/ ... ilters.pdf

http://packetlife.net/media/library/23/common_ports.pdf

as well as printouts of the manpages for p0f, tcpdump, tshark, tcpreplay, snort, and other related tools

I also used the http://www.sans.org/security-resources/ ... dports.php list of well-known trojan ports and you may find other good resources at the SANS intrusion detection FAQ http://www.sans.org/security-resources/idfaq/

There's also tons of good IDS papers in the SANS reading room and I found some good resources at http://www.whitehats.ca/main/members/Seeker/ which is Guy Bruneau's page there. he wrote parts of the GCIA course as well. he also wrote this post at SANS on installing SGUIL http://www.sans.org/security-resources/ ... ckware.php

I could probably keep posting various links on barnyard, acid and other topics but this should get you started. Like mentioned before, the poractice exams are a very good indicator. I would personally recommend taking the course though. it's really good and if you go the volunteer route at SANS you can attend a conference, get 4 months of ondemand and the cert for only 800.00.
Last edited by tturner on Fri Jan 14, 2011 11:33 am, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

vadnaisk

Newbie
Newbie

Posts: 2

Joined: Tue Jan 04, 2011 1:24 pm

Post Fri Jan 14, 2011 1:54 pm

Re: GCIA

Terrific links thanks so much for posting.
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Fri Jan 14, 2011 4:06 pm

Re: GCIA

Excellent links.

I am even more determined to go for it now!

Now if someone could just give me $900 dollars.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

nothingelse

Newbie
Newbie

Posts: 7

Joined: Tue Jan 18, 2011 6:11 pm

Post Thu Jan 20, 2011 6:25 pm

Re: GCIA

I completed the GCIA about 3 years ago (up for renewal soon) and I can say compared to the GWAPT that I recently took it was a bit harder.  It is a great cert to get you up to speed on "Packet Analysis" and identifying traffic patterns.  With that said SANS certs are open notes/books so in my opinion in kind of makes it easier than it should be.  You generally have 3 hours to complete 150 questions so you definitely can't look up the answer to every question, but you may be able to get by on some of the more difficult questions by looking through the book. 
GCIA Gold, GWAPT
<<

rdm

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Sep 15, 2010 5:44 pm

Post Thu Jan 20, 2011 8:07 pm

Re: GCIA

I took the SANS OnDemand Intrusion Detection In-Depth.  I liked the class, learned alot and passed the test earlier this week.
GCIH, GCIA, GSNA, CEH, Security+
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Thu Jan 20, 2011 8:42 pm

Re: GCIA

nothingelse and rdm

Do you mind telling what type of roles you guys are working in? Are you working in IDS/IPS analyst roles?
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

rdm

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Sep 15, 2010 5:44 pm

Post Thu Jan 20, 2011 9:15 pm

Re: GCIA

knwminus wrote:nothingelse and rdm

Do you mind telling what type of roles you guys are working in? Are you working in IDS/IPS analyst roles?


Right now I am the only sec guy so I do a large amount of different things.  I spend about a quarter of my time doing IDS and log analysis. 
GCIH, GCIA, GSNA, CEH, Security+
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software