Price: 6.00 USD | Size: 4.71 GB | Duration : 5.17  Hours | 20 LAB Lessons | 
BRAND : Expert TRAINING | ENGLISH | INSTANT DOWNLOAD
 
Auditing & Monitoring Networks, Perimeters & Systems GIAC Systems and Network Auditor (GSNA)
 
 
What You Will Learn
Performing IT security audits at the enterprise level can be a daunting task. How should you determine which systems to audit first? How do you assess the risk to the organization related to information systems and business processes? What settings should you check on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do you turn this into a continuous monitoring process? The material covered in this course will answer all of these questions and more.
AUD507 teaches students how to apply risk-based decision making to the task of auditing enterprise security.
This track is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.
 
 
A Sampling of Course Topics
 
Audit planning and techniques
Effective risk assessment for control specification
Time-based assessment and auditing
Delivering effective reports to management
Auditing virtualization hosts
Understanding and auditing cloud services and containers
Effective network population auditing
Performing useful vulnerability assessments
Detailed router, switch and firewall auditing
OWASP Top Ten Proactive Controls for web applications
Auditing traditional web applications
Auditing web APIs, AJAX, and single-page applications
Windows PowerShell
Windows system auditing & scaling to the enterprise
Auditing Active Directory
Building an audit toolkit
Linux/UNIX auditing
 
HANDS-ON TRAINING:
AUD507 uses hands-on labs to reinforce the material discussed in class and develop the "muscle memory" needed to perform the required technical tasks during audits. An abbreviated sampling of the many lab topics includes:
 
Calculate Samples and Errors
Network Scanning and Continuous Monitoring with Nmap
Network Discovery Scanning with Nessus
Auditing Hypervisors
Auditing Docker Security
Wireshark, Switch Configuration Symptoms and Device Configuration Auditing
Auditing Public Services
HTML, HTTP and Burp
Analyzing TLS and Robots.txt
Fuzzing and Brute Forcing with Burp Intruder
Finding Injection Flaws
Scripting with PowerShell
Exploring WMI with PowerShell and WMIC
Discovering Operating System and Patch Levels
Querying Active Directory
Permissions, Rights and Logging
Unix Scripting
System Information, Permissions and File Integrity
Services and Passwords
Unix Logging, Monitoring and Auditing
 
YOU WILL BE ABLE TO:
 
Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
Establish a well-secured baseline for computers and networks as a standard to conduct audit against
Perform a network and perimeter audit using a repeatable process
Audit virtualization hosts and container environments to ensure properly deployment and configuration
Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain
Utilize scripting to build a system which will baseline and automatically audit Linux systems
 
GIAC Systems and Network Auditor
The GIAC Systems and Network Auditor (GSNA) certification validates a practitioner's ability to apply basic risk analysis techniques and to conduct technical audits of essential information systems. GSNA certification holders have demonstrated knowledge of network, perimeter, and application auditing as well as risk assessment and reporting.
 
Auditing, risk assessments, and reporting
Network and perimeter auditing and monitoring, web application auditing
Auditing and monitoring in windows and Unix environments
More Certification Details
Prerequisites
AUD507 assumes that the student is capable of:
 
Navigating the filesystem in Microsoft Windows
Launching the command prompt and PowerShell in Windows
Running commands from the command line in Windows
Navigating the command line and running simple commands in Linux
Deeper Linux experience will be helpful but is not required. The courseware and instruction provide the student with the information necessary to use the Linux systems and tools utilized in class.