MindGrove - the Audit and Risk SpecialistsMindGrove Training page - header image of people

 Home
 About us
 Training
bullet pointIn-house training
 ... by category
 ... a to z listing
 Public courses 2012
 Download brochure
 eLearning
 Consultancy
 Resources
 Clients
 Contact us
















Probing System Security

IT Auditors would prefer to be able to probe systems to get direct answers to questions concerning security vulnerabilities. Yet few IT Auditors are aware of the extent of low cost reliable software available to assist this process.

This course provides a stimulating introduction to the probing of security relevant data and focuses on ethical non-invasive methods.

 

Suitability and duration

Suitability: Intermediate

Duration: 2 days

 

Who should attend

This intensive hands-on course is open to all-comers, although staff with novice knowledge of IT Auditing are likely to find it too challenging. The heart of the course is in the deployment and use of non-invasive security and discovery tools. The result is a course where participants spend most of their time exploring systems with the training presenter.

 

Benefits

Skills

After completion of this course, you will be able to:

  • Search knowledge bases for security vulnerabilities
  • Describe the importance of planning patching and fixing regimes
  • Deploy tools to probe operating system security
  • Deploy tools and strategies to investigate user accounts, user permissions and user security
  • Appreciate how to analyse operating system and other logs
  • Appreciate and investigate data and database security
  • Deploy tools and strategies to investigate networks and network hosts
  • Build a personal toolbox of useful security utilities

 

Support Materials

This course is accompanied by a manual that includes full briefing notes and a CD ROM of software to use during and after the course.

 

Programme

System security at large

  • Sources of knowledge of system vulnerability
  • Searching the knowledge bases
  • Patching and fixing systems – commercial perspective
  • Patch tracking and identification
  • Patching and fixing systems – issues
  • Hardening of key software

 

Operating system security

  • Inventory scanners
  • Authentication scanners
  • Vulnerability scanners – UNIX and Windows
  • Free tools to help these jobs

 

User security

  • The visible and invisible user accounts: locating and extracting them
  • Atypical accounts
  • The user environment – resource access permissions
  • Logs of user activity
  • Logs – checking they are adequately configured
  • Logs – checking they represent an unbroken record
  • Logs – checking that they are anti-tamper
  • Logs – extracting data about jobs, people, events, administration
  • Filtering the wheat from the chaff
  • Important Event Types

 

Networks and networked hosts

  • Discovery scans – mapping the network
  • Deploying scanning tools – wired network
  • Deploying scanning tools – wireless network
  • Routers – basic and extended router operations
  • Routers – checking for router vulnerabilities
  • Routers – checking the rules
  • Firewalls – basic and extended firewall operations
  • Firewalls – checking the rules
  • Interpreting firewall data (logs)
  • False positives
  • IP addresses – construction and use
  • Tracing ownership of IP addresses
  • Free tools to help these jobs

 

 

  Call us on +44 (0) 1925 730 200Site map | Contact us 
© 2012 MindGrove Ltd. All rights reserved
 Valid XHTML 1.0 TransitionalValid CSS!