I just completed my GIAC Certified Intrusion Analyst re-certification. This is a very hands-on and technical training course/certification covering network security tools like Wireshark, tcpdump, Snort, Bro, and SiLK.
When I first took this course, I barely passed it – I failed my first two practice tests and had to buy a third. It’s considered one of the harder GIAC exams because of level of technical details it gets into (reading packet headers in hex, anyone?). Of those tools, Wireshark was the only one I occasionally used at work. Bro and SiLK are newer tools and weren’t even on the first exam.
Thanks to what I feel was a pretty solid study plan this time around, I aced the certification with a 93% – my highest GIAC test score to date. Despite the score, I still feel there is a lot more to Bro and SiLK I have to learn. I’m going to try and get them setup in my home lab for more hands-on experience.
What’s next? Although I love the technical nature and hands-on labs of SANS training, getting my CISSP Certification is probably next. It’s highly regarded and several of my co-workers already have it.
Client Industry: Legal
Client Size: 4 Offices, 100+ users
Issue: Inefficient network design.
Client’s document management system was deployed in Azure Cloud. All 4 offices connected via VPN to Azure, but access was slow and had no automatic redundancy. Each office had 2 internet connections, but someone had to manually switch the config if one of the circuits went down.
- Replace office firewalls with Meraki Firewalls.
- Replace office switches with managed Meraki switches.
- Deploy Cisco Cloud Services Router in Azure Cloud to act as VPN gateway, with full automatic redundancy.
- Meraki Portal
- Cisco iOS
- Azure Portal
- Azure Cloud Shell
- Azure Powershell
I was hired this summer to help a small MSP with a migration for one of their larger clients. With unmanaged switches, no VLANS or QOS for VOIP traffic, and all their traffic going through Azure Cloud, things were a little slow. The MSP was huge fans of Meraki gear so the first order of business was to get that installed. With the firewall, switches, and wireless access points all managed through the Meraki portal, it’s a really compelling solution for small/medium businesses.
Next we began to look at their Azure environment. Their solution was a couple years old and therefore using Azure “classic” resources. As we would discover there are a few limitations with these resources, especially when it came to integrating them with the newer “resource manager” resources like our Cisco Cloud Router. Through a combination of the Azure Portal, Azure Powershell and Azure Cloud Shell commands, I got everything configured correctly. The Cisco config was a breeze compared to Azure Cloud.
Once we had everything configured it was time for the ultimate test, we had someone physically pull the primary internet connection at each office. The VPN connections failed over almost immediately, losing only 2-3 packets. When the primary connections were reestablished, they switched back to their original config as well.
For the client, an internet outage which would usually waste a minimum of 15-30 minutes was now barely even noticeable.
At one point, thanks to Mellon Ventures I had 4 GIAC Certifications. They have to be renewed every 4 years and they are a little pricey (especially when you switch jobs and your employer isn’t paying anymore). So unfortunately, I had let them expire. However earlier in the year, they ran a promotion for expired certs and the timing could not have been any better as I was back on the job market and looking to improve my resume. I was able to choose the 2 most useful to me and renew them for a reasonable price.
The first course I chose to renew was SEC401: Security Essentials, and having been updated multiple times since I first took it, it was just as interesting the second time. SEC401 serves as an “intro” course, with a wide overview of everything IT security related and several hands-on technical labs.
The cert comes in 2 parts – SANS provides the training, and then GIAC administers the certification exam. In a renewal situation, SANS provides 30+ hours of lectures via MP3, 6 coursebooks, 1 lab workbook, and 2 practice exams. It took me 3-4 weeks of listening during my commute to go through all of the MP3’s, but it was very informative and enjoyable to listen to Dr. Eric Cole’s lectures. The certification exams are open book, so I reviewed the coursebooks and created an index to bring with me to the exam. I ran through the first practice exam with an 85% and felt I was ready for the real exam.
I got a 92% on the certification exam and so I am GIAC Security Essentials (GSEC) certified once again. I’m excited to take on my next renewal, the SEC503: Intrusion Detection In-Depth class and the GIAC Certified Intrusion Analyst (GCIA) exam. The whole experience really reminded me about how awesome and informative SANS training is. When I am done with my renewals, I’m going to have to explore training options with my employer or apply for the SANS Work/Study program.
Some of my favorite IT reference books and security guides are below. Also be sure to check out Packt Publishing who offers a different IT eBook FREE everyday. Their content favors developers/programmers a little bit, but I have put together a good collection of Powershell, security, and Python books thanks to them.
I keep my eBooks organized and synced with the Amazon Kindle app. I usually use my iPad to read them, but having them synced in the cloud means I can pull something down on my Android phone in a pinch. With my eBooks in the Kindle app and a bunch of cheatsheets and PDF’s in Evernote, I’m able to use my iPad to carry around what used to be a whole shelf of books in my office.
I love cheatsheets and quick reference guides! Yeah you can just Google everything today, but there’s something about having a well organized reference available as a hard copy at your fingertips. Then you don’t even need an internet connection and you don’t have to juggle multiple windows. Apparently I’m not the only one, as there are hundreds if not thousands of great cheatsheets on the internet.
I made a binder of my favorites and put them each inside sheet protectors. I have an even larger collection saved digitally in Evernote, tagged by topic so it’s easy to search and find them. Here are some of my favorite networking and security cheatsheets and quick reference guides:
First stop has to be Packetlife.net with over 20+ available. From super simple (but super useful) stuff like Common Ports and Physical Connections, to deep networking stuff like BGP. My 3 favorites are tcpdump, Wireshark, and IPv4 Subnetting.
My other favorite resource for cheatsheets is SANS.org who has PenTesting cheatsheets, Digital Forensics cheatsheets and large wall posters available too. Two of my favorites are the TCP/IP and tcpdump cheatsheet, and the Command Line Kung-Fu poster.
One other good one is from UltimateWindowsSecurity.com, their Windows Security Log quick reference lists all the critical Windows Event ID’s for logon, user accounts, and Kerberos events.