Certification

Certification

GIAC Certified Windows Security Administrator (GCWN)

Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.

GCWN Exam Certification Objectives
Operating System and Applications Hardening The candidate will be able to plan and implement a comprehensive hardening strategy for the Windows operating system and other popular applications which are vulnerable to client-side exploits, using techniques such as application whitelisting, applying security templates through Group Policy, and server configuration through PowerShell.
Restricting Administrative Compromise The candidate will be able to plan and implement a strategy to reduce how often hackers or malware can compromise administrative accounts and to reduce the harm which follows from an administrative compromise, using techniques such as constrained delegation of authority, role-based access control, limiting unnecessary privileges, secure authentication, and proper management of service accounts and scheduled tasks.
PKI Management The candidate will be able to plan and implement a Public Key Infrastructure (PKI) using Windows Server for the sake of secure authentication, smart cards, data encryption, and digital signatures.
Securing PowerShell The candidate will be able to plan and implement a strategy to secure the use of PowerShell, including execution policy, code signing, and User Account Control restrictions.
Endpoint Protection The candidate will be to understand and configure the Windows Firewall, use IPSec to control access to ports based on role, deploy IPSec and firewall rules through Group Policy and PowerShell, deploy AppLocker application whitelisting, deploy Microsoft EMET for anti-exploitation, enable Windows audit policies for SIEM consumption, and capture system snapshots to help the Hunt Team.
Defensible Networking The candidate will be able to use PowerShell to access WMI on remote machines, secure DNS with DNSSEC, Kerberos and sinkholes, disable IPv6 tunneling features,disable SSL and optimize TLS cipher suites, disable LM and allow only NTLMv2 or Kerberos, harden RDP against man-in-the-middle attacks, and encrypt and sign SMB traffic.