Certification

Certification

GIAC Certified Intrusion Analyst (GCIA)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCIA Exam Certification Objectives
DNS The candidate will demonstrate a thorough understanding of how DNS works for both legitimate and malicious purposes.
Tcpdump Filters The candidate will demonstrate the skill and ability to craft tcpdump filters that match on given criteria.
IPv6 The candidate will demonstrate knowledge, skill and ability relating to the analysis of IPv6 as well as issues involving IP6 over IPv4.
Fragmentation The candidate will demonstrate comprehension of how fragmentation works through theory and packet capture examples, as well as the concepts behind fragmentation-based attacks.
Wireshark Fundamentals The candidate will demonstrate the knowledge, skills, and abilities associated with traffic analysis using wireshark from an intermediate to high degree of proficiency.
Network Traffic Analysis The candidate will demonstrate the ability to analyze real traffic and associated artifacts: malicious, normal and application traffic; and demonstrate the ability to discern malicious traffic from false positives.
Concepts of TCP/IP and the Link Layer The candidate will understand the the TCP/IP communications model and link layer operations.
IP Headers The candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues.
TCP The candidate will understand TCP communications as well as expected responses to given stimuli at this layer.
UDP and ICMP The candidate will demonstrated the ability to analyze both UDP and ICMP packets and recognize common issues.
Application Protocols The candidate will demonstrate knowledge, skill, and ability relating to application layer protocol dissection and analysis including HTTP, SMTP, and various Microsoft protocols.
Packet Engineering The candidate will demonstrate knowledge, skill, and ability relating to packet engineering and manipulation including packet crafting, and IDS Evasion/Insertion.
Silk and Other Traffic Analysis Tools The candidate will demonstrate the ability to use Silk and other tools to perform network traffic and flow analysis
IDS Rules Create effective IDS (e.g., snort, bro) rules to detect varied types of malicious activity.
Advanced IDS Concepts Demonstrate an understanding of IDS tuning methods and correlation issues (e.g., snort, bro)
IDS Fundamentals and Network Architecture Understand fundamental IDS concepts, such as network architecture options and benefits/weaknesses of common IDS systems.
Advanced Analysis and Network Forensics The candidate will demonstrate competence in analyzing various data points (e.g. full packet capture, netflow, logs) and associated artifacts and demonstrate ability to conclude cause or effect.