GSNA Certified
Jan 10th, 2007 by John Gerber
I passed my GIAC Systems Network Auditor (GSNA) certification. The certification consist of two exams, each exam take up to two hours. It is open book, open note. You take the exams over the Internet and you can take the two exams at separate times. SANS makes available the lectures in MP3 format and two practice exams for each exam. The practice exams help alot. I know some folks who used the practice exams to guide them into what to study. I took a longer path, because I really wanted to understand everything in the course. Since I don’t frequently work with the Windows OS, it look me awhile to study that section. I’ll quote SANS description of the course:
This course is the end product of over one hundred skilled system, network and security administrators working with one common goal: to improve the state of information security.
Audit 507, like all SANS courses, is based on known and validated threats and vulnerabilities. These threats and vulnerabilities are explained based on validated information from real world situations that can be used to raise awareness within an organization and build an understanding of why auditing is important. From these threats and vulnerabilities, we build the countermeasures and defenses including instrumentation, metrics and auditing. The course begins with a high-level introduction on methods and audit programs. It then takes you through all the particulars of how to actually audit devices and IT systems that range from firewalls and routers all the way down to the underlying operating systems.
You’ll be able to use what you learn the day you get home. Five of the six days in the course will include hands-on exercises with the tools discussed during the lecture sections. Each student is invited to bring their own Windows 2000 or higher laptop for use during class. The hands-on exercises will allow you to experiment with the audit tools discussed in class and to actually perform audit functions against SANS-provided servers in class. A great audit is more than marks on a checklist; it is the understanding of the best practices, system analysis and forensics.
After passing, I sent an email out to the developer of the course, David Hoelzer asking about the SANS auditing standard. David has been helping develop the standard. I might go for gold certification using a combination of SANS’s standard to COBIT 4. I really would like to compare and contrast the two standards and then go through an audit. There is nothing like actually doing something to make pieces fall in place.
It was David’s lectures that were on the MP3s made available by SANS. I fell into the classic trap of letting other things come before the certification exam. By the time I started to study, I did not remember the course at all. I put over two thousand miles on my car during the holidays driving from Knoxville, TN to Lancaster, PA to Hampton, VA. It was a perfect time to listen to the lectures. Fortunately, David was an entertaining speaking, or I might have driven off the road. Sadly, did have to take additional leave without pay to finish up studying. After being a SANS room monitor, there was no way I was not going to do well on the exam. I felt it would reflect poorly on SANS.
Hello, my request is some strange.
I want to pass GSNA, my company want it too, BUT
they dont want to pay for self-study.
I ll search everythere, read aboute 50-60 GSNA Gold Practict documents (and still reading), prepeare to read some book (TBS, Windows Domain Polocy, …)
Of course i have some admin/audit expirience in OS (win/nix), hardware (cisco, juniper, …), software …
but i comprehend that this knowledge is “some $-(” smaller than need.
Can you help me by advice or in fantastic situation by study matirial
Thanks,
Sorry if I wound you religious, technical, or other sense
Mic (jamper_m@mail.ru)
Mic,
If you know the subject mater very well, you can take the exam without taking the course. It is called a GIAC Challenge. Information is available at:
http://www.giac.org/reginfo/challenge.php
SANS exams are open book. The problem is that the the exam questions will be based on the material in the course. At the conferences, you can often purchase copies of any of the courses help at the conference. That would be helpful in passing the exam. Usually, I would recommend people make a good outline of the course material. That outline will helps a person find the material they do not remember from the course. There will likely be some specific questions on some of the more obscure material.
Being in Russia, it is probably not easy getting to a SANS conference. I don’t see any course being offered in Russia. The GIAC Challenge does include two practice exams. Those are very valuable. They will help you know the pace of the exam and point out areas where you may need to study further. You can purchase exams separately. Take a look at:
http://www.giac.org/exams/practice.php
Good luck,
John