GIAC Intermediate-Level Certifications
The GIAC intermediate certifications are where the program provides opportunities for individuals to specialize—and where program coverage also becomes more interesting. The intermediate level is where in-depth, hands-on encounters with tools and technologies occur. The following modules comprise the intermediate-level GIAC certifications:
- GIAC Certified Firewall Analyst (GCFW). This certification recognizes individuals who are responsible for the main security task in any organization: securing and protecting the perimeter and ways through that perimeter. Here's a short list of topics covered in this course and exam: TCP/IP concepts related to perimeter operation; configuring, managing, and maintaining perimeter safeguards; firewall principles and analysis of common types of and uses for firewalls, including detailed case studies; and designing, deploying and operating VPNs, with coverage of VPN types and uses.
- GIAC Certified Incident Handler (GCIH). This certification recognizes individuals with in-depth knowledge of advanced incident hacking and exploits. This associated course prepares students to become incident handlers and to deal with genuine intrusions or penetration attempts. SANS teaches its field-tested six-step incident-handling process; how to prepare for incidents in advance; ethical and legal incident handling and computer crime investigation; and current hacking and penetration practices, tools, and techniques, with a "Hacker Tools Workshop" so that students can interact with the subject matter.
- GIAC Certified Intrusion Analyst (GCIA). This certification recognizes individuals with in-depth knowledge of intrusion detection. The associated course involves intense coverage of intrusion detection, including analysis of case studies, real captured traces, and real-world scenarios. The course is under constant revision, so it always presents current, ongoing attacks and threats. The course also covers TCP/IP network traffic analysis and intrusion detection; vulnerabilities associated with active content of all kinds; tcpdump, a freeware network analyzer; trace file interpretation and analysis; snort, a freeware intrusion-detection system for Windows and Linux; and intrusion-detection configuration and signatures.
- GIAC Systems and Network Auditor (GSNA). This certification recognizes individuals who have in-depth knowledge of systems and network security, including auditing and risk analysis. The associated course blends theory with hands-on exercises to prepare a network or systems administrator to effectively deal with security issues at multiple levels. Topics covered in the course include the Top Twenty vulnerabilities, forensic techniques and toolkits, back-door detection, perimeter auditing, network mapping, incident prevention, corporate policy and audit objectives, security committees, and analyzing audit results.
- GIAC Certified Unix Security Administrator (GCUX). This certification recognizes individuals who are responsible for securing Unix environments. The associated course explains methods to harden Unix and Linux, including recommended configurations for systems, services, and applications. It also explores and demonstrates important security tools through demonstrations and labs in which students can practice their use and understand how applications, scripts, and active code cause vulnerabilities that permit attacks and security breaches to occur (such as buffer overflows or denial-of-service attacks).
- GIAC Certified Windows Security Administrator (GCWN). This certification recognizes individuals who are responsible for securing Windows environments. The associated course exposes typical Windows attacks and vulnerabilities in detail, with step-by-step coverage where applicable. It explains how to close security holes, offset vulnerabilities, and create effective safeguards. Topics covered include Windows 2000 security principles, practices, and tools, including Active Directory, Group Policies, secure protocols and services, as well as IIS 5.0, with similar (but not as detailed) coverage of Windows NT.