Course Description
Today’s Internet connections are typically shielded by a Demilitarized Zone (DMZ), a critical CyberSecurity buffer between your organization’s internal network and the outside world. Firewalls, intrusion detection/prevention systems, proxy servers, load balancers, filtering routers, VLANs, and VPNs all play a major role in regulating and restricting traffic flowing to and from Internet CyberSpace. Failure to properly configure, maintain, and monitor a secure and efficient DMZ increases the risk of your organization being attacked by CyberCriminals and other external intruders. This intensive seminar is designed to equip you to better protect and audit your network’s perimeter CyberSecurity through a blend of practical, up-to-the minute knowledge transfer and audit case studies.
Note: This course does not cover the details of audits of web application security and audit, which is covered in CyberSecurity Audits of Modern Web Applications (CY02).
Learning Objectives
- Identify key control points and building blocks in CyberSpace DMZs and CybserSpace connections
Evaluate CyberSecurity risks and safeguards associated with Internet and other external network connections - Identify and assess the role of each network device control point, firewalls and beyond, in the overall CyberSecurity policy of the DMZ
- Locate sources of industry benchmarks for best CyberSecurity practices and compliance requirements for DMZ and external network connections
- Use tools and techniques for CyberAudits of network device configurations and overall network security for the DMZ and associated external network connections
Course Outline
Planning for Network Perimeter Security Audits
- Risks to your Internet and other public facing network connections
- DMZ security control points
- Developing a TCP/IP application risk management methodology
- Roles of devices in the DMZ
- Sources of audit tools and resources
- Developing an audit work program for DMZ audits
Router and Other Network Device Configurtion, CyberSecurity, and Audit
- Classes of devices and protocols
- Network device maintenance port access controls
- Scoping network device audits
- RADIUS and TACACS+ and other authentication services
- Border Gateway Protocol (BGP) security requirements
- Router access control lists (ACLs)
- Cisco IOS router configuration essentials for security and auditing
- Auditing and testing router, switch, and other device configurations
Network Firewall Policies, Security, Configuration, and Audit
- Identifying key DMZ security control points and their roles
- Firewall architectures and state management
- Typical firewall policy rule syntax
- Network address translation (NAT)
- Unified threat management (UTM), Web application firewalls, URL filters, mail guards, and other proxy servers
- Cloud Access Security Brokers (CASBs) and other cloud computing connection
- Firewall log management, intrusion detection/prevention systems (IDS/IPS)
- Auditing and testing firewall configurations
Auditing VPN and Remote Access CyberSecurity
- Evaluating VPN protocol alternatives
- VPN CyberSecurity features and related policy requirements
- Relative positioning of firewalls and VPN end-points
- Auditing VPN configurations
Remote Discovery and Vulnerability Testing of Your Network Perimeter
- Special considerations for external network CyberSecurity discovery and vulnerability testing
- Stealth scans and other forms of advanced DMZ testing
Additional Information
Who Should Attend
IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
System Administrators
Network Engineers
Consultants
Learning Level
Advanced
Delivery
Group-Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
Simplifying Audits of Network Security (CY10) or equivalent training. Familiarity with TCP/IP concepts and terminology is assumed.
Session Duration
On Site: 4 days
CPE Credits: 32