Course Description
Data network infrastructures provide the highways of accessibility to modern business applications; however, these high speed data highways, if improperly safeguarded, can also open avenues of external and internal attack and abuse. Over the years, for a variety of reasons, the topic of auditing networks has often been misunderstood and viewed as a technical mystery. In this down-to-earth, no nonsense workshop, we will clearly identify and demonstrate practical methods to discover, document and audit the critical control points, risks, and safeguards in numerous forms of common network technologies, both internal and external, Internet facing infrastructures used in most modern organizations.
In addition to control issues common to both internal and external network infrastructure security controls and audit procedures, such as network device security and change control, we identify the main IT audit focal points for public/Internet connections including: firewalls and proxy servers, virtual private networks
Learning Objectives
- Understand how networks work and where important CyberSecurity control points are located in different network scenarios
- Utilize the OSI and TCP/IP protocol stack models to position different types of CyberSecurity controls and IT audit objectives
- Understood key risks and security controls for TCP/IP applications and network appliances
- Identify tools and techniques for performing useful CyberSecurity risk assessment of network applications on internal and external networks
Course Outline
Developing a Framework for Network CyberSecurity Audits
- Network terminology
- Locating key network CyberSecurity control points
- Major risks to network CyberSecurity
- Overview of network communications standards and protocols
- Open Systems Interconnection (OSI) reference model
- Transmission Control Protocol/Internet Protocol (TCP/IP)
- Network addressing fundamentals
- Leveraging packet analyzers, and command-line utilities and web site services as CyberAudit tools
Managing Network Application Services Security Risks
- TCP/IP applications (ports) and associated CyberSecurity risks
- NMAP, Netstat, and other tools for locating and assessing active network services and associated risks
- Developing a TCP/IP application risk analysis and management methodology
Network Devices: Functionality, Management, CyberSecurity, and CyberAudit
- Network device audit targets
- Network segmentation for performance and security: virtual LANs (VLANs), access control lists (ACLs), port security
- Network device maintenance/management port access security
- Network user authentication: multi-factor authentication, RADIUS, TACACS+, Extensible Authentication Protocol (EAP)
- Internet of Things (IOT) risks and countermeasures
- Examining sample network device configuration files for risk and compliance
DMZ Security and Audit
- Identifying key DMZ CyberSecurity control points and their security roles
- Reviewing and assessing firewall and proxy server configurations
- Evaluating VPN security configurations
- Cloud Access Security Brokers (CASBs) and other web connection devices and services
Planning and Scoping Out CyberSecurity Network Audits – Internal and External
- Developing a CyberSecurity Audit plan for your intranet
- Developing a CyberSecurity Audit plan for your DMZ and other public facing network connections
- Sources of additional information and tools
Additional Information
Who Should Attend
IT Auditors
Information Security Managers, Analysts, and Architects
IT Management
System Administrators
Compliance Officers
Consultants
Learning Level
Intermediate
Delivery
Group Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
How to Perform an IT General Controls Review (AA03) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.
Session Duration
On Site: 4 days
CPE Credits: 24