Are you prepared for a security breach within your system? Can you successfully defend your network against an attack? If security is not one of your strong suits, I recommend that you take a look at Certified Internet Webmaster’s (CIW) Security Analyst Certification. It could help you achieve a basic level of security knowledge and competency.

This certification tests network administrators on implementing security policies, identifying security threats, and understanding network security devices and firewalls. In this article, I will review the topics and objectives you need to master to pass the CIW Security Analyst exam, examine ways you can prepare for it, and discuss the benefits of the certification.

Basic requirement
To obtain this certification, you must have one of the following advanced certifications:

  • Microsoft Certified Systems Engineer (MCSE) 4
  • Microsoft Certified Systems Engineer (MCSE) 2000
  • Certified Novell Engineer (CNE) 4
  • Certified Novell Engineer CNE) 5
  • Cisco Certified Network Professional (CCNP)
  • Cisco Certified Internetwork Expert (CCIE)
  • Linux Professional Institute (LPI) Level 2
  • SAIR Linux Certified Engineer Level 2

If you meet this minimum requirement, you can sign up for the CIW 1D0-470 Security Professional test through a Prometric or VUE testing center. The test currently costs $125. In addition to passing the test, CIW requires you to read and sign its CIW Certification Agreement and fax proof that you have one of the above certifications to (512) 439-3938.

Two days after I passed the test and faxed my scores, I received a friendly e-mail with a link to download my new logo. I was also told that I could expect my welcome package within four weeks. Overall, my contact with CIW was a pleasant experience.

What the test covers
Now, let’s get down to what you really want to know: How do you ace the exam? To pass this test, you must have an overall score of at least 75 percent and achieve a minimum score of 70 percent on each of the three sections:

  • Networking Security and Firewalls
  • Operating Systems Security
  • Security Auditing, Attacks, and Threat Analysis

Let’s take a closer at these three categories.

Networking Security and Firewalls
To receive a passing score on the Networking Security and Firewalls section of the test, you must have a clear understanding of the definition of security and the basic security standards that are in place today. In addition, you need to understand the different types of encryption. Examples include Symmetric, Asymmetric, and Hash encryption.

You must also understand the various types of attacks against your network. These include Dictionary, Brute Force, Denial of Service, Syn, Smurf, and Social Engineering attacks. Expect to get heavily tested on these attack methods.

Furthermore, you will be tested on the following:

  • Protocols—FTP, SMTP, HTTP, Telnet, SNMP, and ICMP
  • OSI model layers—Application, Presentation, Session, Transport, Network, Data Link, and Physical
  • Ports—FTP (21), Telnet (23), NNTP (119), HTTP (80), SSL (443), etc.
  • TCP/IP Communication Process—Active Open, Passive Open, Ack
  • Firewalls—Packet filtering, Application level, Circuit level, etc.
  • Network Address Translation (NAT)
  • Risk assessment
  • Security tools—Whois, Nslookup, Host, Tracert, Ping scanner, Share scanner, etc.
  • UNIX filenames and locations
  • Windows NT/2000 file names and locations

Operating Systems Security
In the Operating Systems Security section, you need to know the latest information about operating systems security and especially how it pertains to Windows 2000 and Linux. You will need to know how to protect systems from attacks and scan computers for vulnerabilities. You will also be tested on the following concepts:

  • Windows 2000 security and architecture
  • Linux security
  • Securing user accounts—password aging
  • File system security
  • Risk assessment (includes reducing risk)

Security Auditing, Attacks, and Threat Analysis
To be successful on the Security Auditing, Attacks, and Threat Analysis section, you need to know how to perform security audits and identify attacks and threats quickly and effectively. You will also be tested on the following concepts:

  • Security auditing procedures
  • Auditing server penetration and attack techniques
  • Intrusion detection
  • Auditing and system logging
  • Reading auditing results

As an experienced admin, you can prepare for this test in one of the following ways:

  • Attend CIW’s official classroom training.
  • Purchase and use CIW’s self-study courseware.
  • Purchase and use third-party training materials.

If you’re the type of person who needs classroom training, you can go to and search for the nearest training facility. Alternatively, you can purchase its self-study courseware and study on your own time. The self-study kit comes with a computer-based training module and three books: Network Security and Firewalls, Security Auditing, Attacks and Threat Analysis, and Operating System Security. You can purchase the self-study courseware at for $395.

The third method is to use third-party training materials. If you select this approach, I would recommend that you download the CIW Security Professional study guide from and then purchase the CIW Security Professional Certification Bible from You can also purchase and download practice tests from

Obtaining this certification offers many benefits. First, it is a vendor-neutral certification that shows that you have the flexibility of working with Linux, UNIX, and Windows. In addition, if you pass this test, you will have acquired the basic knowledge needed to identify attacks on your network, identify ports that may need to be secured, and design a firewall that meets the specific needs of your company.

Another nice feature of the CIW Security Analyst program is that you get credit for your work on other, advanced IT certifications, and thus, you don’t have to retest your knowledge of standard IT and networking concepts when achieving this certification. Consequently, you can obtain this advanced security certification by taking only one exam. And since network security expertise is a hot ticket in IT right now, the CIW Security Analyst certification can help open some additional doors for you.

Bonus certification

If you’ve already passed CompTIA’s i-Net+ exam, you get an added benefit. Fax your i-Net+ transcript to CIW, and you will receive your CIW Associate certification as well, since CIW will give you credit for the CIW Foundations exam. Then, if you pass the CIW Security Professional test, not only will yoube designated a CIW Security Analyst, but you also will be designated a CIW Professional.

Overall impressions
You definitely can pass this exam if you put in the time and effort that it takes to learn the basic material. The questions on the exam are straightforward and not longwinded like similar exams. If you already have an advanced certification but are lacking in security skills, obtaining your CIW Security Analyst certification can help you round out your skill set and raise the bar on your security knowledge.