GCIA Study Books

TL;DR

This guide lists essential books to help you prepare for the GIAC Certified Intrusion Analyst (GCIA) exam. It covers network fundamentals, packet analysis, intrusion detection, and incident handling.

Essential GCIA Study Books

1. Networking Fundamentals:
• CompTIA Network+ Certification All-in-One Exam Guide, 8th Edition by Mike Meyers. Provides a solid base in networking concepts.
• TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) by W. Richard Stevens. A deep dive into TCP/IP – useful for understanding packet analysis.
2. Packet Analysis:
• Practical Packet Analysis Using Wireshark & Tshark, 3rd Edition by Chris Sanders. The go-to resource for learning Wireshark.

wireshark -i eth0 capture_file.pcap

• Network Forensics: Tracking Hackers Through Big Data by Mandia, Prosise, and Hess. Covers packet analysis in a forensic context.
3. Intrusion Detection & Prevention Systems (IDPS):
• Snort Intrusion Detection and Prevention System: The Complete Guide to Snort by Rafeeq Ur Rehman. Focuses on the popular open-source IDPS, Snort.

snort -c /etc/snort/snort.conf

• Suricata: A Practical Introduction to the Open Source IDS/IPS by Chris Sanders. Covers Suricata, another widely used IDPS.
4. Incident Handling & Response:
• The Practice of System and Network Administration (3rd Edition) by Greg Stevens. While broad, it has excellent sections on incident response planning and execution.
• Blue Team Handbook: Incident Response Edition by Don Murdoch. A practical guide to building a cyber security incident response program.
5. Malware Analysis (Helpful but not essential):
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 2nd Edition by Michael Sikorski and Andrew Honig. Provides a foundation in malware analysis techniques.

Study Tips

1. Hands-on Practice is Key: Don’t just read the books; set up a virtual lab (using VirtualBox or VMware) and practice packet capture, analysis, and IDPS configuration.
2. Focus on Wireshark: Become proficient with Wireshark filters and dissection techniques.
3. Understand TCP/IP: A strong understanding of the TCP/IP model is crucial for interpreting network traffic.
4. Review GCIA Exam Objectives: Regularly refer to the official GIAC GCIA exam objectives to ensure you’re covering all required topics.