Course Outlines

Introduction to IT Security For Hands On IT Auditors

  • The essentials of IT Security Auditing
  • Promoting the IT Security Audit Function
  • Common Information Security Standards
  • Preparing Your Audit - understanding the organisation
  • Corporate Policies, Procedures Standards and Baselines
  • Getting Help - Useful Online Resources

 

Building Your IT Audit Workstation

  • Building a Windows Audit Workstation
  • Building a Linux Audit Workstation
  • Using Open Source Software
  • Introduction to VB Scripting for IT Security professionals
  • Introduction to Perl Scripting
  • Introduction to UNIX Shell Scripting
  • Using Databases and Spreadsheets to Manage Audit Results

 

Understanding Security Services

  • Fundamentals of Secure Systems
  • Segregation - Networks, Operating Systems and Application Environments
  • Authentication Systems - Directory Servers, LDAP, RADIUS
  • Symmetric and Asymmetric Cryptography
  • Session Layer Security with SSL
  • Network Layer Security with IPSEC 
  • Digital Certificates and Certificate Authorities

 

Auditing Windows Servers and Workstations

  • Introduction to auditing Windows systems
  • The Windows Domain Model - Users, Groups and Objects
  • Windows Security Policies
  • Windows File System and File Share Security
  • Windows Network Security Controls
  • Windows Audit Logs
  • Windows Workstation Security

 

Auditing UNIX Systems

  • Introduction to Auditing UNIX Systems
  • UNIX User Accounts
  • UNIX File System Security
  • UNIX System and Network Services
  • Logging In The UNIX Environment

 

Auditing TCP/IP Networks

  • Introduction to Auditing Networks
  • Understanding the TCP/IP Networking Model
  • MAC Addresses, Switching and VLANs
  • IP Addressing and Routing
  • Name Resolution and DNS
  • ICMP Explained
  • TCP and UDP Explained
  • Common TCP/IP Applications
  • Network Administration and SNMP
  • Network Scanning Tools

 

Auditing Applications

  • Auditing Client Server Architectures
  • Security Controls of Common Applications
  • Email Security
  • Introduction to SQL and Database Security
  • Microsoft SQL Server
  • MySQL
  • Oracle
  • Server-side Technologies for the Web
  • Internet Information Server
  • Apache Web Server
  • Common Web Application Attacks
  • Web Application Audit Tools

 

Auditing Firewalls and Perimeter Security Controls

  • Firewall Architectures
  • Stateless and Stateful Packet Filters
  • Application Level Firewalls
  • Router-based Firewalls
  • Firewall Appliances
  • Intrusion Detection and Prevention Systems 
  • Email Content Filters
  • Web Content Filters
  • Secure Remote Access Technologies
  • IPSEC-based VPNs
  • SSL-based VPNs
  • Wireless Security