So I recently attended the SANS Security 504 GCIH seminar, a 6 day "boot-camp" style training session on hacker techniques and incident handling. I'm not sure if it is just me but when is the security sector going to finally wake up and start teaching security professionals how to actually defend systems using real scenarios. I guess I complain about this frequently, however this event opened by pointing out that the "bad guys" share information and techniques so the "good guys" also need to do this to keep up with their pace. Well this class sure did NOT do that. I spent 6 long days reviewing very dated material, tools and techniques without any type of environment to try out these "exploits" until the last days lab where they set up this lame network of 2 systems with every hole imaginable. Not to mention that the 6 texts where basically power point slides shows that the instructor just read aloud and went into some minimal detail about the topic. I could have read it myself and received the same training. The real point here is that this course cost $3,100.00 and in my opinion it was not even close. I really expected to get a lot out of this and was sorely disappointed. On the positive side, this is exactly why hacking will be around forever. Courses like this that are "leading edge" for security professionals will do basically nothing in terms of getting a security professional on-par with an attacker. What a joke.
4 comments:
Hey there! I was getting ready to sign up for the GCIH class in Orlando (April 2008) and then found your post. Wow! That is some harsh criticism, but perhaps deserved. I have not taken the course, so I don't know. Which session did you attend and who was the instructor? I would like to avoid that trainer, if possible. Also, I've heard some good things from others about this class and was wondering if you had more feedback about what you didn't like and how the class didn't live up to your standards. I am just getting started in the computer security realm, so it would probably all be new to me anyway. If you get a chance to send me any words of advice then I would greatly appreciate it. Thanks!
SANS 504 - If you are new to IS, specifically network security, then this class might be very good for you. Maybe I am biased becuse I am so immersed in this filed currently that I hear the same "buzz" words over and over again (this class was simply more of that) but I will list what I did not like about the class:
1. The test LAN (network) was not set-up until Friday evening so there was no way to really try the techniques that were presented aside from using your own machine and it's linux virtual machine. A step by step tutorial shoud have been used to explain the process of host/network discovery, probing for a vulerable system/device and the corresponding techniques to fully comromise the box going as far as executing a payload to DOS a system, enumerate a database or something along those lines. It was far to general and attempted to cover to broad a range of topics without really getting specific on any of them.
2. The version on Linux (Red Hat) provided was terrible. I have distros that are far more advanced and more comprehensive in their design. This was a regular Red Hat with some additional network apps installed, they even left the games on the OS, just lazy.
3. I was familiar with much of the course and therefor it presented a very limited amount of new information, in addition many of the tools are topics are outdated by many years. It should have dealt in far more detail with more updated exploits.
4. This one is questionable however, manyof the people in my group were taking this class simply for the credits toward their CISSP requirements and it was clear that they had no idea what these topics were. I mention this because possibly these classes are more geared toward this type of student rather than one who is really looking for an extremely technical scenario.
5. Overall this was my first SANS training and I guess I expected a great deal more from the leading provider of security training. I am not trying to "slam" SANS, but for the huge amount of money this costs, they really need to provide WAY more bang for the buck. I really expected them to know more than I did about these topics and sadly that was not the case, and I do mean that sincerely. I am not a master hacker by any means and I really thought this class would take me to the next level. It did not. I would say take this class for the cert (they are always valuable) and for a very generalized knowledge of network hacking exploits dating from about 10 years ago to near the present, however not anywhere near cutting edge. I hope this helps you in your decision.
Thanks, Wasp! I appreciate the comments. The SANS classes *are* expensive and certainly some folks sign up just for CPE credits, so I see what you mean. However, as a relative newbie to computer security I was hoping the class would be helpful for me. I am now wondering what other options I have for more cutting edge training besides SANS. I have also heard good things about the CEH (Certified Ethical Hacking) class, but it could be the same deal as the GCIH class. I guess at some point you have to put your chips on the table and gamble! :)
I am already familiar with tools such as nmap, TCPdump, wireshark, etc, but was hoping for a new training opportunity to take me deeper into the subject and provide me more relevant hands-on experience. If you have any links to cutting edge hacker tools or more advice, then I am all ears.
Again, thanks for your response! I am glad I found your weblog and will keep checking back. Keep up the good work! Us white hat folks need all the help we can get.
From your direction and a timing coincidence I am posting a tools list of all the tools I currently use so you can check there for the next week or so as I grow that list as well as the detialed listing I decided to post on SANS 504.
Post a Comment