GIAC announces new network forensics certification
The story of Markus Hess and Clifford Stoll sounds like a made-for-TV crime thriller, but it's actually true. In 1986, Stoll was employed as a systems administrator at Lawrence Berkley National Laboratory. While trying to track down an accounting error in the system, Stoll realized that not only had the network been compromised, but that the hacker had obtained root access. Stoll installed a honeypot — software designed to be attacked — in hopes of catching the hacker. Sure enough, the intruder took the bait.
The hacker turned out to be Markus Hess, a German citizen employed by the KGB to steal U.S. military secrets. Hess had been "piggybacking" on the LBNL's network to hack military targets. He was arrested by German authorities and sentenced to prison. The case's publicity made Stoll into something of a national hero, and brought the fledgling discipline of digital forensics into the limelight for the first time.
The idea of capturing a criminal with computers must have seemed like sci-fi to most people in 1986 and probably still does now, judging by most popular TV procedurals. During the '80s and '90s, however, digital forensics grew in scope and sophistication, and in the 2000s began to be standardized. Today, digital forensics experts are an in-demand commodity not only in law enforcement but as private security professionals as well. A security expert with forensics proficiency would not only be able to block the majority of system attacks, but will also to implicate the few aggressors who make it in.
The branch of digital forensics known as "network forensics" can be especially useful there. As cybercriminals grow better at cleaning up after themselves it becomes harder to identify who got in and how. Network forensics deals with collecting data from network traffic and analyzing that data for threats or intrusions. Because networking data is typically volatile and dynamic, network forensics is a highly proactive discipline, usually having as much to do with how a system is built as after-the-fact investigation. A NF specialist, then, must know how to build that system and what to look for in the resulting data.
Luckily, there's now a certification for that. Earlier this month Global Information Assurance Certification (GIAC), a leading provider of security certifications, announced a new certification: the GIAC Network Forensics Analyst, or GNFA, scheduled for release Nov. 3. According to GIAC press materials, holders of the GNFA will be "qualified to perform examinations employing network forensic artifact analysis and demonstrate an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system logs, wireless communication and encryption protocols."
This certification has no requirements beyond passing the proctored exam, but will need to be renewed every four years. Applicants can prepare for the exam by taking the SANS Advanced Network Forensics and Analysis course. This certification is highly recommended for any IT professional looking to specialize in network security or law enforcement.