Advanced IT Audit School: HANDS-ON

Network Audit & Security (ITG301a)

How to Perform Technical Audits of Todays Complex Network Infrastructures

3 Days Hands-On + 22 CPE Credits

Monday through Wednesday, October 22-24, 2012
Limit to First 22 Registration
Early Registration Discount (by Oct. 1, 2012) - SAVE $200.00
To be successful, IT auditors must be able to independently
identify and assist in mitigating the myriad of risks that exist in
todays highly technical business environment. The security of
the IT infrastructure critically affects ALL applications, but is
often only lightly audited. In this comprehensive hands-on,
three-day seminar you will learn how to use economical yet
powerful software tools to identify and test key control points in
your organizations network infrastructure. You will take a plain-
English, risk-based look at network application services and
protocols and relate them to practical real-world safeguards and
audit techniques, including files servers, directory services,
network connection devices, perimeter security, and
workstations. You will practice deploying configuration file
testing, TCP/IP service discovery and analysis, and
fundamental vulnerability testing.

Working through a series of structured hands-on exercises, you will learn how to select appropriate tools and techniques for your audits
and how to execute required audit data gathering and analysis procedures. Special emphasis will be placed on conserving precious
audit budget resources by leveraging bundled utility software, open source, and inexpensive commercial audit tools. In addition, you will
work through a wide sampling of representative exercises that will prepare you to easily and efficiently test controls associated with the
most widely used infrastructure environments (Microsoft, Unix, Cisco, Check Point). You will participate in exercises that range from
intercepting live network data with packet sniffers to automatically enumerating network control points and locating serious vulnerabilities
using both internal and external compliance and vulnerability testing procedures.

This intensive seminar will also help you to identify and evaluate security safeguards and automated technical auditing tools, including
proven Windows and Unix-based tools that you can use to ensure that your organizations IT environment is compliant and well
protected. When you leave this workshop you will be better prepared to locate and assess the core controls and security safeguards that
are critical to the protection of all valuable business application assets in your organization. This course also provides a solid foundation
for more advanced training in operating system, network, and application audit and security. (Note: This seminar covers topics found in
Chapters 4-5 of the CISA Review Manual.)

Course Material/Equipment:
The Chapter and SCE will be providing 3 MIS workbooks in one binder for the registered students at the class. Please note that these
materials are proprietary and copyrighted and may not be reproduced other than for the participants attending the program. A laptop will
be provided for training. If you want to bring your own laptop, email cto@isacala.org for instructions. A DVD will be provided for each
student with relevant tools and softcopy of material.

Prerequiste:
Familiarity with logical access control concepts, basic Windows and DOS (Command prompt) desktop program execution, text
editing, and file management is assumed.

Advance Preparation: None Learning Level: Advanced Delivery Method: Group-Live Field: Auditing
To Register Online or More Information, visit http://www.isacala.org/seminars.html
Registration: Location: Breakfast/Lunch: Hours:
Payment for seminar can be via PayPal or by check. Payment by Southern California Edison Continental Day 1: 9-5
check made out to ISACA Los Angeles Chapter. Address to mail Monrovia EH&S Building Breakfast and Will take a poll the
check is available on registration page. Do not mail check to seminar 1218 South 5th Avenue Lunch are included. first day to see if
location. Monrovia, CA 91016 8 am or 8:30 on
Day 2 and 3.
Early registration fees have been discounted by $200.00
CANCELLATION POLICY:
No refunds will be offered for cancellations received after October 1, 2012.
Fees on or before Oct. 1, 2012 Fees after Oct 1, 2012 However, your fee can be rolled over to another individual. To cancel, you must
Members (ISACA/ISSA/ISC2): Members (ISACA/ISSA/ISC2): notify ISACA Los Angeles Chapter in writing in advance (email
$999.00 $1199.00 seminar@isacala.org). Any cancellation before or on October 1, 2012, is entitled to
Non-Members: $1199.00 Non-Members: $1399.00 a full refund and will not incur any fee or penalty.
Seminar Instructor

Stan Fromhold, Stan Fromhold is a Pursuit Lead for HPs Enterprise Security Services. In his role he provides security
solutions to some of HPs largest multinational clients. Prior to HP, Mr. Fromhold was a Security Solutions
CISSP, CISA Architect for British Telecoms security practice, where he was responsible for the design and bid of major
customer security and governance programs. These programs include commercial pricing of customer
engagements, technology selection for solution architectures, negotiations with suppliers, and risk analysis
Hewitt Packard and risk management planning for proposal and project activities.
Enterprise Security Services
Mr. Fromhold has worked in information security for more than 25 years, specializing in enterprise security
architecture solutions for converged networks, vulnerability assessments, security education, and security
compliance audits. He has significant experience in helping organizations define and implement security
architectures and policies for vulnerability and threat management, enterprise security event monitoring,
and intrusion detection and prevention architectures. In addition, Mr. Fromhold is a much in-demand
speaker at major security conferences.

Previously, Mr. Fromhold was Global Director of Security for Dun & Bradstreet, where he was responsible
for all facets of global network security, including firewall architecture; security policy; and compliance for
Windows, UNIX, routers, firewalls, security event monitoring, and Web security. In addition, he was
responsible for the administration of SecurID, RACF, and for performing network vulnerability assessments.
Prior to joining D&B, Mr. Fromhold was Director of Security for Munich Re/Americas Internet Services,
where he was responsible for their network security architecture, including the design, implementation, and
administration of firewalls, Web servers, proxy servers, SecurID servers, and other network security
components. Prior to that, he was a Manager for Coopers & Lybrands (now PricewaterhouseCoopers) IT
Audit Risk and Assurance practice.

What You Will Learn

1. Defining the Scope of Network
Infrastructure Audit Programs
Locating and categorizing key control points
in a distributed computing network
Network security risk analysis: major
threats, vulnerabilities, and risks associated
with distributed computing environments
Identifying sources of vital information
and cost-effective automated tools for
advanced IT audits
2. Understanding Network Protocols
Using a simplified three-layer model to
better understand more complex network
protocol stacks and associated risks and
safeguards
Open Systems Interconnection (OSI)
Reference Model
Transmission Control Protocol/Internet
Protocol (TCP/IP): IPv4, IPv6
Evaluating risks and safeguards associated
with prominent TCP/IP applications
Exercise: Identifying active TCP/IP
application services on workstations and
servers using local and remote testing
procedures
Simple Network Management Protocol
(SNMP): foundation of network
management
Exercises: using SNMP and other network
discovery tools to locate and test network
device security
Evaluating packet headers and their
relevance to network security and audit
Packet sniffers: friend or foe?
Exercise: using packet sniffers to intercept
and analyze network traffic
Developing a methodology for TCP/IP
network services security risk analysis and
policy technical development
3. Servers and Workstation Operating
SystemSecurity
Tools and techniques for auditing controls
for infrastructure and application servers
Locating and testing NetBIOS, Windows
registry, and file shares
Locating and testing Unix NFS shares
Exercise: using bundled utility software and
add-on tools to locally and remotely test for
file server configuration, security, and other
controls audits for Unix and Windows
systems
Exercise: locate and exploit unprotected
Windows registry and user account
information
Server audit checklist
Exercise: locating unprotected Windows
and Unix network file shares and other
backdoors
PcAnywhere, VNC, and other remote control
programs
Exercise: locating network backdoors
Server and workstation security audit
checklist
4. Network Address Management Directory
Services and Enterprise Authentication
Systems
Categorizing address management and
directory services systems and their
associated risks and safeguards
Dynamic Host Configuration Protocol
(DHCP)
Lightweight Directory Access Protocol
(LDAP)
Domain Name System (DNS) directories
Exercises: locating DHCP, LDAP, and DNS
servers
Exercises: auditing DHCP, DNS, LDAP
security configurations
Enterprise authentication systems: RADIUS,
TACACS+, Diameter
Network address management and directory
services audit checklist
5. Network Interconnection Devices
Positioning network interconnection
devices in the OSI Reference Model
Network device security risks and
safeguards
Fundamentals of Cisco
IOS configuration, control, and
security
Network device
maintenance/management port
access controls for Cisco network
devices
Exercise: auditing a Cisco network
router configuration
Network interconnection device audit
checklist
6. Internet Connections and Network
Perimeter Security
Network security strategies: identifying
key security safeguards
Warning banners
Firewall policies, architectures, and
positioning
Exercise: assessing network
enterprise firewall policies
Virtual private networks (VPN) and
secure sessions
Exercise: auditing a VPN host
configuration
Network perimeter security audit
checklists: firewalls, VPNs
7. Wrap-Up
Criteria for prioritizing corrective action
plans
Review of essential contents of the IT
auditor's toolkit