General discussion on certifications not mentioned in sub-boards of the main categories below.
docrice wrote:It's hard to say whether you'd benefit from 503 enough to justify the cost or not. The first couple of days does get into the "bits and pieces" if you will about packet headers, interpreting the hex dumps, normal / abnormal traffic patterns, traditional evasion tactics, etc.. It certainly instills a strong mindset and approach, but I think in today's world the bulk of the attacks require a broader analysis of traffic payloads and associated traffic streams in their entirety (the NSM approach).
For a dedicated IDS class, I think there's nothing more hardcore than 503. Even Sourcefire's product courses as well as their Snort class doesn't go as much in-depth in a vendor-neutral way (and I've taken their 3D System and Snort Rules Writing courses). That said, 503 doesn't teach you everything. Being good at it comes with practice, lots of analysis time, and the wisdom gained through experience.
When I took 503 a while back, there was very little IPv6 coverage. That might have changed by now. I'd email the course authors (Mike Poor, Judy Novak) and see what they have to say given your experience level. 503 is personally one of my favorite SANS courses that I've gone through. Lots of war stories, and if Mike Poor is teaching, pretty entertaining.
Users browsing this forum: No registered users and 1 guest