[wplug] GIAC certification

Wed Dec 19 16:51:40 EST 2001

>How was the SANS course.   Did it cover new or unfamiliar ground, or was it
>mostly a reemphasis of current published standards?  Do you feel as though
>it was worth the time/effort?  Thanks.

I'd recommend that those planning on attending college get their financial 
loans and put it towards SANS seminars instead. I mean, I liked it a lot :)

While the course didn't cover anything I couldn't find in a book, or maybe 
even think of on my own, it put it all together. Hey, I'm busy. I don't have 
the time (or the money) to buy 20 books and read them to figure out how 
firewalls and perimeter protection (the track I attended) would best be 
deployed. But I can spend 5 days with 100 other people learning about it, 
hearing the stories of what happens when it goes bad, and talk with other 
people about it. I just can't rave about it enough.

Oh, and the certification is world's apart from any cert I've seen. You have 8 
weeks to put together a paper, determined by your track. For firewalls, I have 
to design a network including VPN's, firewalls, routers, internal firewalls, a 
protected service network, and some other gizmos; then part 2 is to give the 
rulesets on the primary firewall, the primary router, and the VPN device; part 
three is to plan and then execute an audit of the primary firewall; part 4 is 
to take another exam, grab their section 1, find and poke three holes in it. 
Minimum 20 pages. Then I have two weeks to study for and take two 75 question 
tests, 90 minutes each. If I get this (if!) then I will certainly feel I 
accomplished something, and my boss will too! And, if I get above a 90 on 
either section, I get a nomination to be on the Firewalls advisory board, to 
plan future courses and exams. Pretty dang cool.

Aside from the classes, there were some really awesome evening sessions. One I 
went to was about the cert, which I explained above, and another was "Fighting 
Back, A Response to CyberCrime", by Alan Palmer. FYI, he was one of the 
experts in the mafiaboy trial and has helped form incidents.org and 
packetstorm. His talk was excellent, and put a light at the end of the 
very-very-dark internet security tunnel. I didn't get to go to any Bird's of a 
Feather session (the one I wanted to go to, someone scheduled for 5pm, when a 
vendor presentation was going on!) but some of the guys I met there said they 
were pretty cool. Free beer at anything after-hours helped a lot, I'm sure.

To sum it up, I heartily recommend it to anyone who even thinks the word 
security between 9-5. It's a completely vendor-agnostic seminar with some 
really cool teachers, and SANS organization just keeps you coming back for 
more. I'm already planning a push for a March SANS even where Mr. "Honeynet" 
Spitzner will have a two-day talk on how to set up a honeynet!

Rob Nelson
ronelson at vt.edu