GIAC Certified Intrusion Analyst (GCIA) Training

Print Friendly, PDF & Email
Introduction

GIAC Certified Intrusion Analyst (GCIA) Training Course with Hands-on Labs (Online, Onsite and Classroom Live)

The GIAC Certified Intrusion Analyst (GCIA) is an intermediate skill level certification that was created to provide assurance that a certified individual has the knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files. GCIAs are individuals who are responsible for network and host monitoring, traffic analysis, and intrusion detection.

Duration: 5 days

Your Registration Includes

  • Five days of the best hands-on incident response training in the industry
  • GCIA Courseware and Study Guide
  • GCIA Sample Exam questions
  • 100% Satisfaction Guarantee

Exam Information

  • Questions: 150
  • Duration: 4 Hours
  • Passing score: 68%
  • Certifications must be renewed every 4 years
Related Courses
Customize It!
  • We can adapt this GIAC Certified Intrusion Analyst (GCIA) Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this GIAC Certified Intrusion Analyst (GCIA) Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the GIAC Certified Intrusion Analyst (GCIA) Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the GIAC Certified Intrusion Analyst (GCIA) Training course in manner understandable to lay audiences.
GIAC Certified Intrusion Analyst (GCIA) Training - Audience / Target Group
  • Intrusion Detection Analysts
  • Incident Handlers
  • Digital Forensic Engineers
  • Security Professionals and Managers
GIAC Certified Intrusion Analyst (GCIA) Training - Class Prerequisites
  • While there are no official prerequisites for this course, you should have a working knowledge of TCP/IP and hexadecimal. As well as this, you should have an understanding of Linux commands such as cd, sudo and pwd.
GIAC Certified Intrusion Analyst (GCIA) Training - Objectives:

After attending our GCIA Workshop, you will have the ability to:

  • Advanced Analysis and Network Forensics
  • Advanced IDS Concepts
  • Application Protocols
  • TCP/IP Concepts
  • DNS
  • IDS Fundamentals and Network Architecture
  • IDS Rules
  • IP headers
  • Network Traffic Analysis
  • Traffic Analysis Tool Such as SiLK
  • UDP and ICMP
  • Fundamentals of Wireshark
  • Packet Engineering
GIAC Certified Intrusion Analyst (GCIA) Training - Course Content:

Advanced IDS Concepts

  • Demonstrate an understanding of IDS tuning methods and correlation issues (e.g., snort, bro)

Application Protocols

  • The candidate will demonstrate knowledge, skill, and ability relating to application layer protocol dissection and analysis including HTTP, SMTP, and various Microsoft protocols

Concepts of TCP/IP and the Link Layer

  • The candidate will understand the TCP/IP communications model and link layer operations

DNS

  • The candidate will demonstrate a thorough understanding of how DNS works for both legitimate and malicious purposes

Fragmentation

  • The candidate will demonstrate comprehension of how fragmentation works through theory and packet capture examples, as well as the concepts behind fragmentation-based attacks

IDS Fundamentals and Initial Deployment (e.g., snort, bro)

  • Understand architecture, benefits/weaknesses, and configuration options of common IDS systems. Demonstrate ability to configure and deploy IDS (e.g., snort, bro)

IDS Rules (e.g., snort, bro)

  • Create effective IDS (e.g., snort, bro) rules to detect varied types of malicious activity

IP Headers

  • The candidate will demonstrate the ability to dissect IP packet headers and analyse them for normal and anomalous values that may point to security issues

IPv6

  • The candidate will demonstrate knowledge, skill and ability relating to the analysis of IPv6 as well as issues involving IP6 over IPv4

Network Architecture and Event Correlation

  • The candidate will demonstrate competence with issues relating to IDS/IPS management, network architecture as it pertains to intrusion detection, and event correlation and management

Network Traffic Analysis and Forensics

  • The candidate will demonstrate the ability to analyse real traffic and associated artifacts: malicious, normal and application traffic; and demonstrate the ability to discern malicious traffic from false positives

Packet Engineering

  • The candidate will demonstrate knowledge, skill, and ability relating to packet engineering and manipulation including packet crafting, OS fingerprinting, and IDS Evasion/Insertion

Silk and Other Traffic Analysis Tools

  • The candidate will demonstrate the ability to use Silk and other tools to perform network traffic and flow analysis

TCP

  • The candidate will understand TCP communications as well as expected responses to given stimuli at this layer

Tcpdump Filters

  • The candidate will demonstrate the skill and ability to craft tcpdump filters that match on given criteria

UDP and ICMP

  • The candidate will demonstrated the ability to analyse both UDP and ICMP packets and recognise common issues

Wireshark Fundamentals

  • The candidate will demonstrate the knowledge, skills, and abilities associated with traffic analysis using wireshark from an intermediate to high degree of proficiency
Request More Information

Time Frame: 0-3 Months4-12 Months

0