Network Security Audit with Penetration Testing for Intrusion and Attack Detection

This course is designed to help auditors perform effective audit of computer networks to detect vulnerabilities and network attacks.  It takes you from basic computer network concepts, building foundation for understanding complex network security issues and conveniently takes you to technical levels with techniques and procedures for actively auditing computer network security, including the use of penetration testing to perform substantive review of the network.

At the end of the course participants will be able to confidently plan and execute network security audit and write effective message-based audit reports.  The following is the course outline, divided into two (Understanding Network Security and Applying Penetration Testing Network Auditing)

Understanding Network Security
•    Defining the Networked IT System Environment
•    Networking Standards and  Protocols/ LAN/WAN/Wireless Technologies
•    Network Infrastructure – Functionality, Management and Security
•    Planning and Performing a Network  Security Risk Analysis
Network Security Auditing Procedures
•    Intrusion Prevention Systems/Intrusion Detection Systems
•    Firewall Configuration / Protecting the Directory Services/Domain Names, etc
•    Defining and Selecting Network Security Strategy

Applying Penetration Testing to Network Security Auditing

Phase 1 – Gather the Data
A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.

Phase 2 – Penetrate the Network – Thinking Like the Hacker
•    How hackers get past the security and into the data.
•    Non-intrusive target search, Intrusive target search, Data analysis
•    Network Discovery Tools and Techniques: Hands-On Exercises
•    Discovery/profiling objectives. Locating Internet connections
•    Host-locating techniques: manual and automated, Operating system footprinting
•    Review Step-by-step process of each scanning and profiling tool

Phase 3 – Analyze the Results
•    Tips and techniques for effective, actionable penetration test analysis
•    Real-World Scenarios

Phase 4 – Write the Report
•    How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items
In-Class Exercises
•    Building and maintaining a target list, Conducting multiple non-intrusive and intrusive target searches
•    Tools and techniques for testing for Web site vulnerabilities, Probing and attacking network firewalls
•    Performing multiple remote target