Data network infrastructures provide the highways of accessibility to modern business applications; however, these high speed data highways, if improperly safeguarded, can also open avenues of external and internal attack and abuse. Over the years, the topic of auditing networks has often been misunderstood and viewed as a technical mystery. In this down-to-earth, no nonsense, hands-on seminar, we will clearly identify and demonstrate practical methods to document and audit the critical safeguards in numerous forms of common wired and wireless network technologies and infrastructures used in most modern organizations.
In addition to control issues common to both internal and external network infrastructure security controls and audit procedures, such as network device security and change control, we identify the main IT audit focal points for public/Internet connections including: firewalls and proxy servers, virtual private networks and wireless.
To equip you with the necessary knowledge and audit tool awareness, attendees will be guided through a relevant series of practical hands-on exercises to test network security controls from the “outside in" as well as the “inside out”. We will provide the opportunity to use a wide array of built-in/bundled, open source, and low-cost commercial software tools to ensure widespread applicability and affordability when you go back to the office to apply those lessons.
All exercises are documented, highlighting the security and IT audit objective(s) and evidence gathering and analysis procedures and can be easily incorporated into work programs. Attendees will also receive valuable checklists and work programs, along with copious references for supportive information and audit tools.