Advanced Networks for Auditors - Delivery and Control of Electronic Systems

ADVANCED NETWORKS FOR AUDITORS

COURSE OVERVIEW

Some IT Auditors need to operate below the process level within their infrastructure. This unique and intensive course brings together a series of graduated advanced topics to provide a basis for an auditor’s detailed understanding of the nature, structures and controls that apply to networks.

COURSE BENEFITS

Skills:

After completion of this course, you will be able to:

Appreciate the nature and mechanisms that underpin TCP/IP
Demonstrate an understanding of the risks and issues related to network domains, network hosts and network trusts
Evaluate server- and browser-side security settings and interpret server logs
Review the type of operating system hardening that is used to support network hosts and appliances
Appreciate and understand the nature of a PKI and how it is deployed
Describe the different types of firewall and review a firewall’s rules
Describe the operation of routers and review a router’s configuration

Support Materials:

This course is accompanied by a substantial manual that includes full briefing notes.

WHO SHOULD ATTEND

This intensive and challenging course is designed for IT Auditors that need a detailed understanding of networks and network technologies. It is not suitable for the novice IT Auditor.

COURSE Programme

TCP/IP

Internet technical resources: the IETF and RFC
Protocol stacks
Encapsulation
Application packet header structures: IP, TCP, UDP, ICMP
Segments
TCP and UDP
Ports
TCP/IP applets and commands
Demonstration and casework: TCP/IP

TCP/IP – advanced topics

Network addressing
Network routing methods
Application addressing
IPSec and Oakley
Security Issues
Integration TCP/IP with legacy systems
Demonstration and casework: IPsec

Network domain security

Security domains and domain planning
Defining domain perimeters
Domain administration
Application security versus network security
Casework: Security domain planning

Network host security

Host security – routers
Verification of host security and network security – scanners
Scanner evaluation
Demonstration: Scanners in action

Network security trusts

way, and transitive
Security policy (trust) administration
NDS and Active Directory
Complex trust structures
Case example of trust structure

Server-side security

Administrative / root privilege
Active pages – ASP/PHP
Scripting – CGI/CGI Scripts
Virtual directories and virtual file services
Server logs and their interpretation
Demonstration: Web server log analysis and web server security

Browser-side security

Browser variants – Netscape, Internet Explorer, Firefox, Mozilla, Opera
Configuration settings for browsers – content, network, downloads, Java sandbox control
Active signed and unsigned content, including Java, JavaScript, Active X, plug-ins and cookies
Demonstration: Securing browsers

Hardening the host server operating system

Removal of unnecessary services
Patches, fixes, service packs
File access control mechanisms and user rights control
Demonstration: Server hardening

PKI

Digital certificates
Certificate authorities and registration authorities
Public certificates and commercial certificates
Certificate management
Certificate revocation
PKI and the role of commercial and internal certificate authorities
Managing digital certificates
Case example: A PKI Infrastructure
SSL and secure web transactions
Implementation of SSL

Firewalls and proxy servers, public web servers

Types of firewalls and their functionality
Firewall configuration and verification
Demonstration: Firewall configuration
Web proxy servers
Content filtering at the network perimeter

PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd.

TRAINING

In-House Training

Public Course Schedule

Course Library

CONSULTANCY

RESOURCES

CLIENTS

CONTACT US

To discuss bringing this course in-house, please complete our on-line Enquiry Form or call us on 01925 732 757.

Call us on +44 (0)1925 732 757