The Control, Security and Audit of Networks
This intensive course, now in its ninth revision, has been recently extended to reflect current changes taking place in business, technology and audit. It provides an excellent broad-ranging body of knowledge for the information systems network auditor.
Suitability and duration
Suitability: Intermediate
Duration: 3 days
Who should attend
Auditors wanting to perform network reviews that need to understand the security, audit and control features of networked environments. Delegates need some experience of auditing and technology but little direct experience of networks to benefit from this course. To promote practical skills examples will be drawn from commonly encountered network systems, hosts and processes. Where possible a projected live software system display will also be used to clarify issues and key points.
Benefits
Skills
After completion of this course, you will be able to:
- Describe and define the network audit role
- Understand common terminology used by network support staff
- Understand the differences between long and short haul network operations
- Evaluate the risks that stem from network based operations
- Evaluate the operation and control of common network devices
- Evaluate the controls applied to networked applications
- Understand how cryptography protects network security
- Perform a range of network control and security reviews
- Appreciate how to use software tools to check network security
Support Materials
This course is accompanied by a detailed manual that contains briefing notes, explanations of network protocols and mechanisms and an integrated work programme to use on return to work.
Programme
The network auditor
- The network audit (or) role
- Auditing strategies: hindsight reviews; contributing to new developments; validating infrastructure
- Integrating network auditing with risk based approaches to audit
- Networks and risks - the five most common problems
Network outlines
- The three stage journey: assembly, despatch, retrieval
- How data is formatted for network transport: short-haul transmission, long-haul transmission
- Media for transmission: wired circuits, fibre optics, wireless
- Standards controlling networking: ISO, IEEE, IETF
- Network mapping – understanding network diagrams: contextual, logical, physical
- Network adaptors, modems and network interface cards
- Network operating systems
- Network management
- An introductory audit
Networked applications
- Client server applications - common client server risks - client server countermeasures
- Software considerations: software environments, scripts and components, cookies, registration and personalisation
- Retrieval of web-based materials / data submission / query data retrieval
- Authentication issues for web based services
- Electronic procurement
- Innovations: e-cash and Smart Cards
- Application robustness and application data risks
Local area networks
- Servers / workstations
- Host management
- Ethernet / Token Ring
- Wi-Fi Networks
- Infra-red and Bluetooth technology
Wide area networks
- Load balancing device
- Proxy – reverse proxy
- Routers / firewalls
- Third party security services / SLAs
- Personal data and data monitoring
- Advanced host security – routers
- Firewalls and network address translation
- Intrusion detection / incident management
- Virtual private networks
- VoIP telephony
The compromised network
- Network threats and attacks
Secure networking
- Same key cryptography
- Public key cryptography
- Hashing
- MD5 and digital signatures
- Digital certificates
- Certificate authorities and registration authorities
- Public certificates and commercial certificates
- Certificate revocation
- Certificates and assurance
- IPSec network security
More complex auditing
- Software tools to assist network vulnerability audits and penetration testing
- An intermediate level review
- Penetration testing – to do or not to do?
