Certification

Certification

GIAC Certified Intrusion Analyst (GCIA)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCIA Exam Certification Objectives
DNS The candidate will demonstrate a thorough understanding of how DNS works for both legitimate and malicious purposes.
Tcpdump Filters The candidate will demonstrate the skill and ability to craft tcpdump filters that match on given criteria.
IPv6 The candidate will demonstrate knowledge, skill and ability relating to the analysis of IPv6 as well as issues involving IP6 over IPv4.
Fragmentation The candidate will demonstrate comprehension of how fragmentation works through theory and packet capture examples, as well as the concepts behind fragmentation-based attacks.
Wireshark Fundamentals The candidate will demonstrate the knowledge, skills, and abilities associated with traffic analysis using wireshark from an intermediate to high degree of proficiency.
Network Traffic Analysis and Forensics The candidate will demonstrate the ability to analyze real traffic and associated artifacts: malicious, normal and application traffic; and demonstrate the ability to discern malicious traffic from false positives.
Concepts of TCP/IP and the Link Layer The candidate will understand the the TCP/IP communications model and link layer operations
IP Headers The candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues
TCP The candidate will understand TCP communications as well as expected responses to given stimuli at this layer
UDP and ICMP The candidate will demonstrated the ability to analyze both UDP and ICMP packets and recognize common issues
Application Protocols The candidate will demonstrate knowledge, skill, and ability relating to application layer protocol dissection and analysis including HTTP, SMTP, and various Microsoft protocols
Packet Engineering The candidate will demonstrate knowledge, skill, and ability relating to packet engineering and manipulation including packet crafting, OS fingerprinting, and IDS Evasion/Insertion
Silk and Other Traffic Analysis Tools The candidate will demonstrate the ability to use Silk and other tools to perform network traffic and flow analysis
Network Architecture and Event Correlation The candidate will demonstrate competence with issues relating to IDS/IPS management, network architecture as it pertains to intrusion detection, and event correlation and management
IDS Rules (e.g., snort, bro) Create effective IDS (e.g., snort, bro) rules to detect varied types of malicious activity
Advanced IDS Concepts Demonstrate an understanding of IDS tuning methods and correlation issues (e.g., snort, bro)
IDS Fundamentals and Initial Deployment (e.g., snort, bro) Understand architecture, benefits/weaknesses, and configuration options of common IDS systems. Demonstrate ability to configure and deploy IDS (e.g., snort, bro)