Showing posts from November, 2013

SANS 503 and GCIA Thoughts

I attended the SANS SEC 503 ‘Intrusion Detection In-Depth’ course at SANS Network Security two months ago and just took the GCIA certification exam yesterday so I thought I’d post a few thoughts on the class and the exam. It’s not a full review but if you have questions feel free to ask and I’ll do my best to answer them. In the past people I respect greatly have told me that I should be able to look at raw tcpdump output and decipher what was going on. I thought this class would help me out quite a bit in this area and I was 100% correct. In fact late on the exam yesterday I caught myself smiling as I worked through a somewhat complicated problem which presented me with a bunch of hex and asked me what was going on. I assure you that I would not have been smiling if I had to answer that question two months ago. I may have very well been the only student in class who had never held a networking job so in addition to learning low level packet skills I picked up a lot of knowledge about