Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Since its inception in the early 1990’s, Linux has made increasing inroads into the production IT server environments in many organizations, often taking the place of legacy Unix and mainframe systems, as well as, proving to be a cost-effective solution to Windows server. The open source foundation of Linux offers many cost savings and flexibility benefits… but also “The Penguins” bring along some significant risks to the party. Linux, especially Ubuntu variants, have emerged as often the preferred vulnerability testing and forensics testing workstation platform of choice – making it an attractive option for cost conscious Information Security and IT Audit professionals. In this pragmatic seminar, we will identify the important Unix/Linux security controls, best practice for secure configuration, and tools and techniques on how to audit Linux and other Unix variants. Additionally, we will demonstrate methods to build inexpensive Linux based IT audit workstations and self-booting Linux media.

Learning Objectives

  • Understanding the architecture of Linux file systems
  • Identifying and auditing Linux logical access control points
  • Leveraging open source Linux software for IT audits

Course Outline

Introducing the Linux Software Architecture

  • Overview of Linux variants and their positioning for server and workstation applications
  • Understanding the architecture of Linux file systems

Identifying Linux Security Controls and How to Audit Them

  • Identifying and auditing Linux logical access control points:
    • User accounts and groups
    • Password policies
    • Data access authorization and file security
    • TCP/IP applications
    • System integrity: root account controls, SETUID/SETIG program controls, file integrity monitoring, SELinux
    • Security event (audit) logs
  • Evaluating Linux change control and patch management
  • Learning simple Linux/Unix commands and associating scripting procedures to collect audit evidence from Linux systems

Building Linux-based IT Audit Workstations

  • Leveraging Kali and other open source Linux software for IT audits
  • Installing Linux system software and audit tools on different types of desktop and portable devices
  • Creating self-booting Linux media

Sources of Additional Unix/Linux Information and Tools

Additional Information

Who Should Attend
  • IT Auditors
  • IT Control Professionals
  • Information Security Professionals
  • Operational Auditors

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Recommended Prerequisites

Planning and Conducting IT General Control Reviews (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8