Well I finally did it, I passed both of my GIAC Certified Incident Handler (GCIH) exams with 89% on each!

This was the first time I had a chance to use the SANS OnDemand training method and I have some mixed feelings about it:
Pros

• Very Portable – while out of the office, I was able to access the material when I needed it. This was very handy while waiting for my Red-eye flights back from California to the East Coast.
• MP3’s For Download – SANS makes the MP3’s available for download which makes flights go by quickly and allows me to learn while in cramped quarters (In case you don’t know I’m 6″4 and don’t travel well on Airplanes designed for 1950’s sized passengers).
• End of Section Tests – each section ends with a test to ensure that you know the content prior to moving on. This really prevents you from blowing through topics that you THINK you know.

Cons

• No Dead Trees – I am the kind of person who like to be able to have the material printed out and in hand. I tend to absorb it better when reading old fashioned printed books. I wish that they’d include them in the cost of the On Demand course.
• Presentation – I know for a fact that these On Demand sessions are SANS’ first crack at self-paced training. They are quite rough around the edges and do require some added bells and whistles to keep my interest. Perhaps they should invest in a different Web Based Training package that doesn’t look like it’s optimized for Netscape 4
• Accuracy – not of the content but the way it is presented to the user. There was one section that was not covered and I would not have been able to pass the test at the end of the section had I not ordered the books (and used them as reference). I emailed in, as per their process, and it was fixed several days later. Had I not had the books I would not have been able to progress to the next section and 7 days would have felt like an eternity.

Anyone else have similar experiences with this method from SANS?

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

New in this release:

• Added support for Windows firewall logs
• Improved pix rules
• More named rules
• Fixed description with typos
• Fixed command line options for list_agent
• Changed logcollector behavior for checking file rotation
• Changed logcollector behavior for checking if the file has more data. We are now forcing an fgetc and looking for EOF (old method using stats was broken on some Windows versions)
• Fixed problem with Endianess on some platforms (specially Linux sparc)
• Fixed rotation issue for log files with a variable name
• Windows agent should not exit if syscheck is disabled
• Fixed alert level on e-mail messages
• Added more modsecurity rules
• Added support for HP-UX
• Added support for Microsoft FTP logs
• Added support for Microsoft Exchange logs (IIS SMTP)
• More rules for sendmail (rejected due to pre-greeting)

To download the new version:
http://www.ossec.net/en/downloads.html

More information at:
http://www.ossec.net