+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 42
  1. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #1

    Default Post your SANS/GIAC study material recommendations here

    I was going to include a section in this forum's FAQ sticky about SANS/GIAC certification study materials recommended by TE's members. But it occurred to me that such a list could grow to be quite large, and that topic really should have its own sticky. Because it will take me some time to sift through all 1000+ posts in this forum to locate and consolidate all of the recommendations, I thought that I would appeal to the members of this forum to post your study material recommendations here. For saving me the time, you will have my undying gratitude.


    GSEC - GIAC Security Essentials
    GCIH
    - GIAC Certified Incident Handler

    GCIA
    - GIAC Certified Intrusion Analyst
    GPEN
    - GIAC Penetration Tester
    GCFW - GIAC Certified Firewall Analyst

    Other Resources SANS Security Training Courses SANS: Network, Information and Computer Security Training Courses SANS Information Security Reading Room SANS: Information Security Reading Room - Computer Security White Papers SANS Institute YouTube channel sansinstitute's Channel - YouTube
    Last edited by JDMurray; 01-15-2012 at 06:31 PM.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Jul 2011
    Posts
    23
    #2
    Let's get this started!
    I've heard Counter Hack Reloaded by Ed Skoudis is highly recommended for GCIH.
    Reply With Quote Quote  

  4. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #3
    For the GCIA, I would recommend becoming familiar with TCP/IP headers and protocol behavior as a start. Note - I haven't read all the material below and I'm just listing them as potential good references:

    Wireshark Network Analysis
    http://www.amazon.com/Wireshark-Netw...2869003&sr=8-1

    TCP/IP Illustrated, Volume 1
    http://www.amazon.com/TCP-Illustrate...2869043&sr=1-6

    Network Intrusion Detection
    http://www.amazon.com/Network-Intrus...2869808&sr=8-1

    Nmap Network Scanning
    http://www.amazon.com/Nmap-Network-S...2869082&sr=8-1

    IP / TCP / UDP / ICMP headers
    http://nmap.org/book/tcpip-ref.html

    RFC 791 (IP)
    http://www.faqs.org/rfcs/rfc791.html

    RFC 792 (ICMP)
    http://www.faqs.org/rfcs/rfc792.html

    RFC 793 (TCP)
    http://www.faqs.org/rfcs/rfc793.html

    RFC 768 (UDP)
    http://www.faqs.org/rfcs/rfc768.html

    RFC 1034 (DNS)
    http://www.faqs.org/rfcs/rfc1034.html

    Snort User's Manual
    http://www.snort.org/assets/166/snort_manual.pdf

    Any material on Tcpdump
    http://www.tcpdump.org/tcpdump_man.html

    Binary / hex / decimal systems (this is a random page that I chose as an example)
    http://www.blaenkdenum.com/2006/09/b...d-hexadecimal/

    Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
    http://insecure.org/stf/secnet_ids/secnet_ids.html

    Mitnick vs. Shimomura
    http://wiki.cas.mcmaster.ca/index.ph...Mitnick_attack

    Honeynet Project Challenges
    http://www.honeynet.org/challenges
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    For the GCFW, here's a partial list of things to check out (I haven't read all of these, but they seem promising):

    Inside Network Perimeter Security
    http://www.amazon.com/Inside-Network.../dp/0672327376

    iptables
    http://wiki.centos.org/HowTos/Network/IPTables

    Cisco access-lists
    http://www.cisco.com/en/US/products/...800a5b9a.shtml

    Wireshark Network Analysis
    http://www.amazon.com/Wireshark-Netw...2869003&sr=8-1

    TCP/IP Illustrated, Volume 1
    http://www.amazon.com/TCP-Illustrate...2869043&sr=1-6

    Nmap Network Scanning
    http://www.amazon.com/Nmap-Network-S...2869082&sr=8-1

    IP / TCP / UDP / ICMP headers
    http://nmap.org/book/tcpip-ref.html

    RFC 791 (IP)
    http://www.faqs.org/rfcs/rfc791.html

    RFC 792 (ICMP)
    http://www.faqs.org/rfcs/rfc792.html

    RFC 793 (TCP)
    http://www.faqs.org/rfcs/rfc793.html

    RFC 768 (UDP)
    http://www.faqs.org/rfcs/rfc768.html

    RFC 1034 (DNS)
    http://www.faqs.org/rfcs/rfc1034.html

    Any material on Tcpdump
    http://www.tcpdump.org/tcpdump_man.html

    Binary / hex / decimal systems (this is a random page that I chose as an example)
    http://www.blaenkdenum.com/2006/09/b...d-hexadecimal/

    Mitnick vs. Shimomura
    http://wiki.cas.mcmaster.ca/index.ph...Mitnick_attack
    Reply With Quote Quote  

  6. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #5
    For the G2700 I used the following study material all of which I found viable for the exam.

    Study Material:

    IT Governance A Manager's Guide to Data Security and ISO 27001 / ISO 27002
    Amazon.com: IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002 (9780749452711): Alan Calder, Steve Watkins: Books

    How to Achieve 27001 Certification: An Example of Applied Compliance Management
    Amazon.com: How to Achieve 27001 Certification: An Example of Applied Compliance Management (9780849336485): Sigurjon Thor Arnason, Keith D. Willett: Books

    CISSP All-in-One Exam Guide
    Amazon.com: CISSP All-in-One Exam Guide, Fifth Edition (9780071602174): Shon Harris: Books

    Information Security Management Handbook
    Buy Information Security Management Handbook by Harold F. Tipton, Micki Krause Used from Barnes & Noble

    Information Security Management Handbook Volume 2
    Amazon.com: Information Security Management Handbook, Sixth Edition, Volume 2 (978142006708: Harold F. Tipton, Micki Krause: Books

    CERT VTE CISSP Videos

    ISO/IEC 27000

    ISO/IEC 27002:2005
    Reply With Quote Quote  

  7. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #6
    Any recommendations for the GSEC?
    Reply With Quote Quote  

  8. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #7
    I wish I could recommend a small set of books and other resources specifically for the GSEC, but since the coverage is so vast (even at a basic level) it's hard to pin it down to a few. Since it's often compared to the CISSP, one might assume that one of the CISSP books would be a good start, but I wouldn't necessarily say so (although it certainly doesn't hurt and provides good foundations).

    Another way to approach it would be to start with the topics that Security+ covers and take each section to the next level. Make a list of the differences between what the coverage from that and the GSEC is and go from there. Then add on some Windows and Unix-specific books (such as the Hacking Exposed series for Windows and Linux).
    Reply With Quote Quote  

  9. Command Line Ninja Chris:/*'s Avatar
    Join Date
    Apr 2010
    Location
    In the void
    Posts
    657

    Certifications
    NSTISSI (4012 & 4011), eCPPT, CEH, CHFI, EDRP, CWSP, CWNA, RHCSA, VCP 3, G2700, GSEC, CIW:SP:WFA, Security+, Network+, A+
    #8
    Quote Originally Posted by SephStorm View Post
    Any recommendations for the GSEC?
    I am writing this list up to cover anyone who wants to take the certification so if you have already read through any of this material you should be good to go.

    I would recommend Linux+ study material such as the new All-in-one:
    http://www.amazon.com/LPIC-1-CompTIA...8723418&sr=8-1

    For the Windows knowledge requirements I would look at:
    Amazon.com: MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing and Maintaining a Microsoft® Windows Server(TM) 2003 Environment, Second Edition (9780735622890): Dan Holme, Orin Thomas: Books

    For the security requirements:
    http://www.amazon.com/CompTIA-Securi...8723593&sr=8-1

    To get an overview of some of the tools out there:
    http://www.amazon.com/CEH-Prep-Guide...8723622&sr=8-5

    For the basics of networking before diving to deep you should read ICND1:
    http://www.amazon.com/CCENT-ICND1-Of...8724497&sr=1-1

    The only books I know of that shows how networking works concisely from the engineering perspective was TCP/IP Illustrated. A new version of the books material is supposed to be covered in one book called The Illustrated Network (which I have not yet read). As I understand it is more entry level compared to the older books. That book should better fit the objectives of the GSEC as the TCP/IP Illustrated set would be overkill.
    TCP/IP Illustrated all 3 volumes:
    Amazon.com: TCP/IP Illustrated (3 Volume Set) (0785342776317): W. Richard Stevens, Gary R. Wright: Books

    The Illustrated Network:
    http://www.amazon.com/Illustrated-Ne...=2BPLS3TKW2NU9
    Last edited by Chris:/*; 10-30-2011 at 02:29 AM.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Nov 2009
    Location
    Memphis, TN
    Posts
    1
    #9
    Any advice on study material other then SANS for GPEN or GWAPT?

    Morgan Todd ~ Memphis, Tn
    Reply With Quote Quote  

  11. Senior Member dover's Avatar
    Join Date
    Jul 2011
    Location
    dom0
    Posts
    182

    Certifications
    B.Sc. Information System Security, CISA, CISM, CISSP, CCNP:Security, GISP, GCIA, VCP v4, CCNA R/S, MCITP:EA, MCSE NT,2K,2k3
    #10
    I didn't see it mentioned elsewhere but for GSEC you may want to check out the latest version of the Network Security Bible by Eric Cole. From my understanding Cole helped build and teach the SANS GSEC course. I haven't taken the GSEC myself, but from what I've heard this book could be very useful - especially when combined with some of the other suggestions from Chris:/*

    http://www.amazon.com/Network-Security-Bible-Eric-Cole/dp/0470502495
    Reply With Quote Quote  

  12. Member
    Join Date
    Jul 2011
    Location
    RAM
    Posts
    48

    Certifications
    Network+, CCNA, Security+
    #11
    How current are these sources? I mean Tao is from 2004, NSB is from 2009. Is it still worth it to buy them?
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  14. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #13
    While not necessarily study material for the GIAC exams, the Gold papers submitted by SANS students / GIAC certification holders might be a good resource for general infosec topics.

    http://www.giac.org/certified-profes.../latest-papers
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Jan 2012
    Posts
    2
    #14

    Question Require help

    Hi am planning to take GCFW cert, I read about the links that were mentioned below will that suffice or anything else is required to get through the exam.

    Please help me in this regard.

    Quote Originally Posted by docrice View Post
    Reply With Quote Quote  

  16. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,707

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #15
    With my latest topic going the way it is, I wanted to ask, resources for the non traditional GIACs? GCED, GCWN (the windows, not wireless), GCUX?
    Reply With Quote Quote  

  17. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #16
    Just came across this for those looking at the GCIH:

    http://www.insecurityasylum.com/2012...tudy-plan.html
    Reply With Quote Quote  

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #17
    That gives me great idea! I'm in the SANS 401 course in San Diego in a couple of weeks. I should do a similar blog articles linking to resources people can use as a pre-study plan for SANS 401 and the GIAC GSEC. I might be able to do the same for SANS 501/GIAC GCED too. I'll update this post with links to those articles.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  19. Member flt0nujr's Avatar
    Join Date
    Apr 2012
    Location
    ATL
    Posts
    63

    Certifications
    CCNA, CCNA Security, JNCIA, Security+
    #18
    That would be awesome JD!!!
    Reply With Quote Quote  

  20. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #19
    Here's a blog post from a former member here who successfully challenged the GWAPT exam:

    https://www.infosiege.net/2012/04/gw...llenge-review/
    Reply With Quote Quote  

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #20
    And speaking of challenging GIAC exams, I just confirmed with GIAC that a challenge exam is also "open book, open notes" just like a GIAC exam taken after attending SAN training. No electronics are allowed in either, so it's one bag of only books and hardcopy for all candidates.

    Something else I need to put into the FAQ is that the $999US GIAC challenge exam price is reduced to $799US if you are a SANS alumni (that is, having attended a SANS training class and passed the associated GIAC exam).
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  22. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #21
    Quote Originally Posted by JDMurray View Post
    And speaking of challenging GIAC exams, I just confirmed with GIAC that a challenge exam is also "open book, open notes" just like a GIAC exam taken after attending SAN training. No electronics are allowed in either, so it's one bag of only books and hardcopy for all candidates.
    Thanks for confirming and posting here.

    Quote Originally Posted by JDMurray View Post
    Something else I need to put into the FAQ is that the $999US GIAC challenge exam price is reduced to $799US if you are a SANS alumni (that is, having attended a SANS training class and passed the associated GIAC exam).
    I found the official statement and it looks confusing (highlights are mine):
    GIAC Exam Challenge Info
    GIAC Exam Challenge is for subject matter experts who wish to attempt a certification exam without taking the associated SANS training course.
    ...
    There is a SANS alumni rate for anyone who has previously taken the SANS training course associated with the certification exam they wish to challenge. For example, if you previously took SANS SEC401 (Security Essentials) through any of the SANS training venues, you would be eligible to purchase the GSEC Challenge Exam at the discounted alumni rate of $799.
    How do you understand it?
    Reply With Quote Quote  

  23. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #22
    I understood that a SANS Alumni is anyone who has taken a SANS training course and passed the corresponding GIAC exam. When I saw the term SANS Alumni associated with pricing of GIAC challenge exams, I assumed this was the same thing.

    Per their example, if I have taken SANS 401, why would I need to challenge the GSEC exam? Taking 401 is the prerequisite for taking the GSEC. Maybe there is a time limit on how long after taking a SANS class you have to take the GIAC exam.

    I'll check with GIAC about all this and post back.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  24. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #23
    Quote Originally Posted by JDMurray View Post
    Per their example, if I have taken SANS 401, why would I need to challenge the GSEC exam? Taking 401 is the prerequisite for taking the GSEC. Maybe there is a time limit on how long after taking a SANS class you have to take the GIAC exam.
    Unless things have changed, students have about (4) months to take the corresponding GIAC exam from the moment they are provided with the course material. Should you need additional time, you can always extend the deadline for a fee, which is way cheaper than the Alumni discount.

    Not sure if this will help or not, but I bought one of their courses through one of the traditional training venues and decided not to pay for the certification attempt at the time. This is not typically a smart move as it's cheaper to pay for the certification attempt once you are registering, but I had no intention of pursuing this specific cert. Although I lost the opportunity to save about $200 USD, I can still request the Alumni discount in the future should I change my mind.
    Reply With Quote Quote  

  25. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #24
    OK, the official clarification is:

    1. After completing a SANS training class, the student is given a four month deadline to pass the corresponding GIAC exam.
    2. If the exam is not passed within this time, the student can purchase a 45-day deadline extension before the deadline passes.
    3. If the exam deadline passes and was not extended, the student can challenge the exam at a SANS Alumni discount for having taken the corresponding SANS class. (I didn't ask for how long after the deadline the discount will be honored.)
    4. The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.


    All that just to see how to save $200US.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  26. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #25
    Quote Originally Posted by JDMurray View Post
    4.The SANS Alumni discount only applies to challenging a GIAC exam corresponding to a SANS class previously taken by the alumni and after the deadline has passed with no extension taken.
    No luck, eh.. I started getting hopes that any challenge is $799 after any one SANS course is taken. Nonetheless, thank you for finding out and sharing.

    Getting ready for San Diego?
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks