Auditing & Monitoring Networks, Perimeters & Systems GIAC Systems and Network Auditor (GSNA)

Description

Price: 6.00 USD | Size: 4.71 GB | Duration : 5.17 Hours | 20 LAB Lessons | ??????????? 4.9? BRAND : Expert TRAINING | ENGLISH | INSTANT DOWNLOAD

Auditing & Monitoring Networks, Perimeters & Systems GIAC Systems and Network Auditor (GSNA) What You Will Learn Performing IT security audits at the enterprise level can be a daunting task. How should you determine which systems to audit first? How do you assess the risk to the organization related to information systems and business processes? What settings should you check on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do you turn this into a continuous monitoring process? The material covered in this course will answer all of these questions and more. AUD507 teaches students how to apply risk-based decision making to the task of auditing enterprise security. This track is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical “how-to” for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff. A Sampling of Course Topics Audit planning and techniques Effective risk assessment for control specification Time-based assessment and auditing Delivering effective reports to management Auditing virtualization hosts Understanding and auditing cloud services and containers Effective network population auditing Performing useful vulnerability assessments Detailed router, switch and firewall auditing OWASP Top Ten Proactive Controls for web applications Auditing traditional web applications Auditing web APIs, AJAX, and single-page applications Windows PowerShell Windows system auditing & scaling to the enterprise Auditing Active Directory Building an audit toolkit Linux/UNIX auditing HANDS-ON TRAINING: AUD507 uses hands-on labs to reinforce the material discussed in class and develop the “muscle memory” needed to perform the required technical tasks during audits. An abbreviated sampling of the many lab topics includes: Calculate Samples and Errors Network Scanning and Continuous Monitoring with Nmap Network Discovery Scanning with Nessus Auditing Hypervisors Auditing Docker Security Wireshark, Switch Configuration Symptoms and Device Configuration Auditing Auditing Public Services HTML, HTTP and Burp Analyzing TLS and Robots.txt Fuzzing and Brute Forcing with Burp Intruder Finding Injection Flaws Scripting with PowerShell Exploring WMI with PowerShell and WMIC Discovering Operating System and Patch Levels Querying Active Directory Permissions, Rights and Logging Unix Scripting System Information, Permissions and File Integrity Services and Passwords Unix Logging, Monitoring and Auditing YOU WILL BE ABLE TO: Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities Establish a well-secured baseline for computers and networks as a standard to conduct audit against Perform a network and perimeter audit using a repeatable process Audit virtualization hosts and container environments to ensure properly deployment and configuration Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources Audit a web application’s configuration, authentication, and session management to identify vulnerabilities attackers can exploit Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain Utilize scripting to build a system which will baseline and automatically audit Linux systems GIAC Systems and Network Auditor The GIAC Systems and Network Auditor (GSNA) certification validates a practitioner’s ability to apply basic risk analysis techniques and to conduct technical audits of essential information systems. GSNA certification holders have demonstrated knowledge of network, perimeter, and application auditing as well as risk assessment and reporting. Auditing, risk assessments, and reporting Network and perimeter auditing and monitoring, web application auditing Auditing and monitoring in windows and Unix environments More Certification Details Prerequisites AUD507 assumes that the student is capable of: Navigating the filesystem in Microsoft Windows Launching the command prompt and PowerShell in Windows Running commands from the command line in Windows Navigating the command line and running simple commands in Linux Deeper Linux experience will be helpful but is not required. The courseware and instruction provide the student with the information necessary to use the Linux systems and tools utilized in class.