GIAC Certified Windows Security Administrator (GCWN)
Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.
- 1637 certified analysts as of October 8, 2015
- See the GIAC website for additional details on the GCWN certification.
|Operating System and Applications Hardening||The candidate will be able to plan and implement a comprehensive hardening strategy for the Windows operating system and other popular applications which are vulnerable to client-side exploits, using techniques such as patch management, application whitelisting, applying security templates through Group Policy, UEFI Secure Boot, and whole drive encryption with BitLocker.|
|Restricting Administrative Compromise||The candidate will be able to plan and implement a strategy to reduce how often hackers or malware can compromise administrative accounts and to reduce the harm which follows from an administrative compromise, using techniques such as constrained delegation of authority, role-based access control, limiting unnecessary privileges, secure authentication, and proper management of service accounts and scheduled tasks.|
|Dynamic Access Control||The candidate will be able to plan and implement a Data Loss Prevention (DLP) solution using the built-in Dynamic Access Control features in Windows Server, including the use of file classification tagging and claims-based access control.|
|PKI Management||The candidate will be able to plan and implement a Public Key Infrastructure (PKI) using Windows Server for the sake of secure authentication, smart cards, data encryption, and digital signatures.|
|Securing Network Traffic and Ports||The candidate will be able to plan and implement a strategy to secure vulnerable network protocols and listening ports, using techniques such as IPSec port permissions, IPSec payload encryption without a VPN, host-based firewalling, Group Policy management of firewall and IPSec rules, and certificate-based authentication to wireless access points and Ethernet switches (PEAP-TLS) using RADIUS servers.|
|Securing PowerShell||The candidate will be able to plan and implement a strategy to secure the use of PowerShell, including execution policy, code signing, and User Account Control restrictions.|