Audit & Security of Networks Course

The course is intended for those who need to find out what networks are, how they work and what the prime risks are. It covers the range from wires and PC boards to business objectives and risks. Networking technology and its jargon are explained in non-technical terms.

Having acquired a high level understanding of networking technology, you will learn how to assess security by workshop exercises. All aspects are covered, both business and technical. Business-based workshops are introduced as knowledge is acquired. These require you to decide how networks and applications should be deployed and managed. You will hear commentary on certain real disasters that have happened to high profile companies in the past.

Planning for audits and discussion of suitable tests forms a substantial part of the course. Where hands on is possible, delegates will get a chance to run network probes, port scanners and examine network settings.

The course attempts to demystify the technology surrounding networks and is suitable not only for security specialists but also for non-technical business managers who need to control networking projects.

Delegates should have a good general understanding of IT.

Topics covered on the 3 day Audit & Security of Networks course

A review of networking technology

• Network security concepts
• Business issues
• Network development lifecycle, network hardware and software
• Risks and objectives
• Local area networks, TCP/IP, LAN devices, WAN technology
• Virtual private network
• Transmission system vulnerabilities
• General network management
• Firewalls

Risks and controls

• Securing networks
• An overview of generic risks
• Controls

Controls and services

• Baseline controls, selective controls
• Auditing baseline security - identifying the scope
• Control tactics
• Audit categories for network assessment
• Steps the operational auditor must take
• List of network vulnerabilities and controls
• Management services, information model
• System management functions, SNMP
• Management duties regarding network security
• Strategy for distributed system management
• Managing network services
• Performance measurement services
• Services supporting monitoring
• Fault management, handling techniques and management controls
• Security management services
• Unique security features of distributed systems
• Security objectives and mechanisms
• Capacity management through performance analysis
• Acceptance testing
• Detailed tracking of all network activity
• Choosing a network service provider (NSP)
• Security tips for corporate networks
• How to audit a network

Remote access

• Introduction
• Risks, defences
• Internet-related risks

Inter-network security

• Points of weakness
• Standard firewall services
• Firewall specimen specification, Firewall deployment
• Securing user access
• MIME sweeper
• Firewall platforms
• Risk assessment methods
• Risks associated with internet service
• Attack scenarios, types of firewall
• Rule lists and logs, logging and auditing
• Firewall operations
• Additional audit control requirements
• Linking vulnerabilities to threats
• Monitor/control of internet access
• Auditing session walls