Passing the GIAC Certification Practical:

1

• Passing the GIAC Certification Practical
• A Panel Discussion with Selected GIAC Graders
• SANS 2002 Orlando, FL
• Presented by Jeff Holland

2
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Panel Members
• Jim Murray, GSEC Grader
• Brent Deterding, GCFW Authorized Grader
• Jeff Holland, GCIA Authorized Grader
• David Parks, GCIH Authorized Grader
• Greg Owen, GCWN Authorized Grader
• Jeff Campione, GCUX Authorized Grader
• Bob Grill, GSNA Authorized Grader
• Jennifer Kolde, SANS GIAC Director
• Lara Moncrief, SANS GIAC Certification
  Facilitator
• Note Authorized graders Carla Wendt (GSEC) and
  Fred Kerby (GSIO-B) also provided comments
• and tips on their respective
  certifications, but were unable to attend.

3
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• What is the purpose of this talk, and why should
  I care?
• The purpose of this talk is to help GIAC students
  understand some of the most important aspects in
  successfully completing their GIAC practical.
• The practical is a unique requirement and many
  candidates underestimate the effort required, or
  do not follow or understand the instructions.

4
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Some of the most important issues related to
  passing the
• GIAC practical include
• Properly citing references and avoiding
  plagiarism.
• Planning your time effectively (procrastination
  is the enemy).
• Reading, understanding and following the
  practical instructions and Administrivia.
• Researching a practical instruction requirement
  and/or asking questions on the SANS GIAC forums.
• Using the GIAC Assignment Planning (aka Study)
  Guides http//www.giac.org/study_guides.php

5
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Citations and Plagiarism
• SANS requires that students properly cite their
  references and do not present the work of others
  as their own (either intentionally or
  unintentionally).
• See the Administrivia at http//www.giac.org/admi
  n_21.php for specific information on citation and
  plagiarism. Note that the Administrivia contains
  requirements for your practical. It is not
  optional reading.

6
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Planning Your Time Effectively and Reading the
  Instructions
• The practicals often may take longer than you
  think, and you will be planning around work,
  family and other commitments. Plan accordingly so
  you finish on time or ahead of schedule.
• In the case of emergencies, extensions may be
  purchased.
• Sadly, students can and do fail for not following
  the instructions and Administrivia. These are
  very specific and give as much guidance as
  possible. If you do not understand a requirement,
  ask. SANS, the advisory boards and the graders
  are here to help you!

7
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• GIAC Assignment Planning (aka Study) Guides
• Except for the newer GISO-Basic certification,
  for which a guide is currently being developed,
  there are planning/study guides for each track.
  As soon as the guide for GISO is ready, it will
  be posted along with others guides at
  http//www.giac.org/study_guides.php
• The guides often have useful information about
  specific parts of the assignment, and were
  written by students who successfully passed their
  practical. We highly suggest that you read them.

8
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Target student of the GIAC Practicals
• GSEC Any individual with technical security
  responsibilities, including system/network
  administrators and security officers/administrator
  s.
• GCFW Individuals responsible for designing,
  implementing, configuring, and monitoring a
  secure perimeter for any organization including
  routers, firewalls, VPNs/remote access, and
  overall network design.
• GCIA Individuals responsible for network and
  host monitoring, traffic analysis, and intrusion
  detection.
• GCIH Individuals responsible for incident
  handling/incident response individuals who
  require an understanding of the current threats
  to systems and networks, along with effective
  countermeasures.

9
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• GIAC Practical Descriptions, continued
• GCWN Individuals responsible for installing,
  configuring, and monitoring Windows XP, 2000, and
  NT systems, services, and networks.
• GCUX Individuals responsible for installing,
  configuring, and monitoring UNIX and/or Linux
  systems.
• GISO-B Individuals with Security Officer
  responsibilities who must oversee the security of
  information and information resources.
• GSNA Technical staff responsible for securing
  and auditing information systems auditors who
  wish to demonstrate technical knowledge of the
  systems they are responsible for auditing.

10
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GSEC Practical Tips
• Take some time to read selected GSEC practicals
  in the SANS reading room (http//rr.sans.org).
  This will allow you to not only avoid writing a
  paper on a specific topic that has already been
  addressed, but could give you some ideas on a new
  topic.
• Avoid topics that have been covered in depth by
  past students, such as malware and exploit code.
• Although not required, if you would like
  pre-approval on a topic, send a title and outline
  to giactc_at_sans.org.
• Review the directions on writing an abstract.
• Be sure to meet the minimum page requirement (8
  pages).
• Be sure to read the GSEC study/planning guide at
  http//www.giac.org/gsec_study_guide.pdf

11
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GCFW Practical Tips
• Plan your Work and Work your Plan. The GCFW
  practical is a challenging and time consuming
  endeavor.
• Use the support resources available to you (the
  study/planning guides and prior postings to the
  SANS forum). The GCFW study guide is located
  here http//www.giac.org/gcfw_study_guide.pdf
• A data-flow diagram is very helpful. While not a
  practical requirement, it does help students
  better construct their architecture design.
• Be sure to read and understand the practical
  requirements. The graders will judge your work
  against them.

12
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GCIA Practical Tips
• Complete each requirement of the practical.
  Requirements that are not completed are given
  scores of 0. This could make the difference
  between your passing and failing the practical!
• Review other GCIA practicals to see how others
  have completed the link graph (and the other
  practical sections as well).
• In almost every case, defensive recommendations
  can be made for the detects in assignment 2.
• Do not underestimate the time it will take you to
  complete the practical. It is very challenging
  and time consuming (But it is possible. Close to
  500 GCIAs have been certified so far!).
• Read the GCIA study guide for advice and tips
  http//www.giac.org/gcia_study_guide.pdf
• Sanitize all log traces (both ASCII and hex).

13
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GCIH Practical Tips
• Be sure to complete all of the requirements
  listed, and use the format described in the
  practical assignment in your write-up.
• Be sure to obtain permission from your employer
  before running exploit code on any systems. Do
  not run exploit code on production networks, if
  at all possible.
• Make sure your practical meets the minimum length
  requirement.
• Get a friend to proofread your practical for
  grammar and spelling errors. Also run a
  spelling/grammar checker on your practical.
• Read the GCIH study guide for additional
  guidance http//www.giac.org/gcih_study_guide.pdf
  
• Read past GCIH practicals that have passed for
  ideas and examples of what is expected of a GCIH
  practical http//www.giac.org/GCIH.php

14
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GCWN Practical Tips
• Pay special attention to the assignment point
  scale. Do not write 10 pages on a topic that only
  amounts to 10 of the total practical. 
• Add insight through example wherever possible. It
  is easy to fall into the trap of reiterating the
  textbook definition of various GPO settings.
• The purpose of the practical is for the student
  to demonstrate and pass on their understanding
  find ways to make it real.
• You cannot over-cite references for the GCWN
  practical. 
• Be as thorough as if you were addressing a junior
  administrator. "The best way to learn is to
  teach."
• Don't ignore the complexities, instead reduce
  them.

15
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GCUX Practical Tips
• Securing Unix Step-by-Step
• Be specific. Choose the system, and state what
  services are necessary and how they should be
  configured.
• Your hardening functions and your maintenance
  procedures should all be based on what you say in
  the risk analysis.
• Verifying your configuration is critical. Show
  commands and output, and as much as possible
  parallel your hardening steps.
• Consultant's Report
• Balance technical risks with prudence and
  business acceptance.
• Don't forget to ask who owns the data and how
  access is granted.
• Show the commands and output of your auditing
  steps.
• Recommendations should be very specific. Auditors
  should know all the functions of a machine before
  the report is generated.

16
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GSNA Practical Tips
• Grade your own paper using the assignment to help
  flush out topics that were not addressed.
• Use pictures and tables to explain difficult
  topics and organize your work.
• Read the GSNA study/planning guide for tips
  http//www.giac.org/gsna_study_guide.pdf  
• Perform research to determine how security
  control objectives are achieved with the
  technology.
• Develop stimulus / response tests to verify the
  control objectives are achieved. Provide
  instructions so readers could determine how to
  perform the tests.
• Select a scope that will add value to the
  security community and shows your mastery of the
  material.
• Each audit step should be prioritized based on
  risk.

17
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Important GISO-B Practical Tips
• Ensure the diagram and description match.
• Pay particular attention to the broad and general
  risk areas.
• Using an existing policy as a template is
  acceptable, as long as it is referenced. Copying
  the policy without modification is not
  acceptable.
• Be sure you understand the difference between
  Policy (guiding principles) and Procedures (what
  is done to implement the policy).
• Keep the scope and level of the paper in mind. Do
  not make the practical more complicated than it
  needs to be.
• Ensure you have fully addressed each of the
  practical requirements.

18
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Slides available at
• http//www.whitehats.ca/downloads/jeff/giac_practi
  cal.ppt
• Contact Information
• For specific questions on your practical, exam
  and/or GIAC, contact Lara at lara_at_sans.org
• For question on these slides or this
  presentation, contact Jeff at jeff_at_whitehats.ca
• Post questions to the SANS GIAC forums at
  http//forum.sans.org/discus/messages/board-topics
  .html. Jennifer, Lara, the SANS graders, and
  advisory board members all monitor the forums for
  more general questions from students.

19
Passing the GIAC
Certification Practical A
Panel Discussion with Selected GIAC Graders

• Questions? Ask now while you have access to the
  graders and the SANS GIAC representatives,
  Jennifer and Lara!