Certification

Certification

GIAC Certified Windows Security Administrator (GCWN)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCWN Exam Certification Objectives
Defensible Networking The candidate will be able to understand and harden essential Windows protocols and services which are vulnerable to attack, such as PowerShell Remoting (WSMAN), Remote Desktop Protocol (RDP), DNSSEC, Kerberos, NTLMv2, Windows Management Instrumentation (WMI), IPv6 tunneling, SSL/TLS cipher suites, and Server Message Block (SMB) protocol.
Endpoint Protection The candidate will be able to understand and configure the Windows Firewall, use IPsec to control access to UDP/TCP ports based on Active Directory group memberships, deploy IPsec and firewall rules through Group Policy and PowerShell, deploy AppLocker application whitelisting, restrict access to removable devices, and configure PowerShell Constrained Language Mode.
Operating System and Applications Hardening The candidate will be able to plan and implement a comprehensive hardening strategy for the Windows operating system and other popular applications which are vulnerable to attack, using techniques such as application whitelisting, applying security templates through Group Policy, and server hardening through PowerShell automation.
PKI Management The candidate will be able to plan and implement a full Public Key Infrastructure (PKI) using Windows Server and Active Directory for the sake of secure authentication, smart cards, smart tokens, data encryption, digital signatures, private key escrow, Group Policy Auto-Enrollment, and private key credential roaming.
Restricting Administrative Compromise The candidate will be able to plan and implement a strategy to reduce how often hackers or malware can compromise administrative accounts and to reduce the harm which follows from an administrative compromise, using techniques such as constrained delegation of authority, role-based access control, limiting unnecessary privileges, PowerShell JEA, secure authentication, and proper management of service accounts and scheduled tasks.
Securing PowerShell The candidate will be able to plan and implement a strategy to secure the use of PowerShell, including transcription logging, AMSI anti-virus scanning, Just Enough Admin (JEA) endpoints, code signing, application whitelisting, and User Account Control (UAC) restrictions.