Global Certified Intrusion Analyst

Target

Individuals responsible for network and host monitoring, traffic analysis, and intrusion detection

The topic areas for each exam part follow:

1. Advanced Analysis and Network Forensics: The candidate will demonstrate competence in analyzing data from multiple sources (e.g. full packet capture, netflow, log files) as part of a forensic investigation.
2. Advanced IDS Concepts: The candidate will demonstrate an understanding of IDS tuning methods and correlation issues.
3. Application Protocols: The candidate will demonstrate knowledge and skill relating to application layer protocol dissection and analysis.
4. Concepts of TCP/IP and the Link Layer: The candidate will demonstrate understanding of the TCP/IP communications model and link layer operations.
5. DNS: The candidate will demonstrate an understanding of how DNS works for both legitimate and malicious purposes.
6. Fragmentation: The candidate will demonstrate understanding of how fragmentation works, and how to identify fragmentation and fragmentation-based attacks in packet captures.
7. IDS Fundamentals and Network Architecture: The candidate will demonstrate knowledge of fundamental IDS concepts, such as network architecture options and benefits/weaknesses of common IDS systems.
8. IDS Rules: The candidate will create effective IDS rules to detect varied types of malicious activity.
9. IP Headers: The candidate will demonstrate the ability to dissect IP packet headers and analyze them for normal and anomalous values that may point to security issues.
10. IPv6: The candidate will demonstrate knowledge of IPv6 and how it differs from IPv4.
11. Network Traffic Analysis: The candidate will demonstrate the ability to analyze network and application traffic to identify both normal and malicious behaviors.
12. Packet Engineering: The candidate will demonstrate knowledge relating to packet crafting and manipulation.
13. SiLK and Other Traffic Analysis Tools: The candidate will demonstrate an understanding of SiLK and other tools to perform network traffic and flow analysis.
14. TCP: The candidate will demonstrate understanding of the TCP protocol and the ability to discern between typical and anomalous behavior.
15. Tcpdump Filters: The candidate will demonstrate ability to craft tcpdump filters that match on given criteria.
16. UDP and ICMP: The candidate will demonstrate understanding of the UDP and ICMP protocols and the ability to discern between typical and anomalous behavior.
17. Wireshark Fundamentals: The candidate will demonstrate skill associated with traffic analysis using Wireshark with an intermediate degree of proficiency.