The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

SANS is hands down the best bang for the buck available, no one else even comes close!
-Derek Masseth, University of Arizona

AUDIT 507

Auditing Networks, Perimeters, and Systems

6 CPE Credits Per Day

One of the most significant obstacles facing many auditors today is how exactly to go about auditing the security of an enterprise. What systems really matter? How should the firewall and routers be configured? What settings should be checked on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? All of these questions and more will be answered by the material covered in this course.

This course is organized specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practice, the students will have the opportunity to dive deep into the technical how-to for determining the key controls that can be used to provide a level of assurance to an organization. Tips on how to repeatedly verify these controls and techniques for automatic compliance validation will be given from real-world examples.

One of the struggles that IT auditors face today is assisting management to understand the relationship between the technical controls and the risks to the business that these affect. In this course these threats and vulnerabilities are explained based on validated information from real-world situations. The instructor will take the time to explain how this can be used to raise the awareness of management and others within the organization to build an understanding of why these controls specifically and auditing in general is important. From these threats and vulnerabilities, we will explain how to build the ongoing compliance monitoring systems and how to automatically validate defenses through instrumentation and automation of audit checklists.

You'll be able to use what you learn immediately. Five of the six days in the course will either produce or provide you directly with a general checklist that can be customized for your audit practice. Each of these days includes hands-on exercises with a variety of tools discussed during the lecture sections so that you will leave knowing how to verify each and every control described in the class and know what to expect as audit evidence. Each of the five hands-on days gives you the chance to perform a thorough technical audit of the technology being considered by applying the checklists provided in class to sample audit problems in a virtualized environment. Each student is invited to bring a Windows XP Professional or higher laptop for use during class. Macintosh computers running OS X may also be used with VMWare Fusion.

A great audit is more than marks on a checklist; it is the understanding of the what the underlying controls are, what the best practices are, and why. Sign up for this course and experience the mix of theory, hands-on, and practical knowledge.

  • Who Should Attend:
    • Auditors seeking to identify key controls in IT systems
    • Audit professionals looking for technical details on auditing
    • Managers responsible for overseeing the work of an audit or security team
    • Security professionals newly tasked with audit responsibilities
    • System and network administrators looking to better understand what an auditor is trying to achieve, how they think, and how to better prepare for an audit
    • System and network administrators seeking to create strong change control management and detection systems for the enterprise
  • A Sampling of Topics
    • Audit planning and techniques
    • Effective risk assessment for control specification
    • Firewall and perimeter auditing
    • A proven six-step audit process
    • Time based auditing
    • Effective network population auditing
    • How to perform useful vulnerability assessments
    • Uncovering back doors
    • Building an audit toolkit
    • Detailed router auditing
    • Technical validation of network controls
    • Web application auditing
    • Audit tools

As a SysAdmin, I found this tack invaluable. It not only gave me the skills I need to audit my own systems, but also gave me some insight on how to better work with external auditors.
-Christoper O'Keefe, CPC

Author Statement

This advanced systems audit course stands alone in the information assurance arena as the only comprehensive source for hands on audit how-to. Past students have included long-time auditors and those new to the field, both of whom have found significant benefit from the refresher material. One individual, a vice president with the Institute of Internal Auditors, said, I've been auditing systems for a very long time, and no one ever actually gave me a formal process that I can apply to conducting technical audits. Thank you! While we don't require a high level of technical experience as a prerequisite to this course, we have worked hard to make sure that anyone who comes to the course walks away with a wealth of material that they can go back to their office and apply tomorrow. We realistically address the problem, How do I get there from here? by offering short-term goal solutions, which, when combined, will allow you to achieve your goal: identify, report on, and reduce risk in your enterprise.
- David Hoelzer

Training Events By Course

AUDIT 507 :: Auditing Networks, Perimeters & Systems
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
SANS Security East 2010 New Orleans, LA January 10, 2010 - January 18, 2010
SANS Security West 2010 San Diego, CA May 07, 2010 - May 15, 2010
Mentor Session - Audit 507 Raleigh, NC February 02, 2010 - April 06, 2010
Mentor Session - Audit 507 Ottawa, ON April 29, 2010 - July 01, 2010
Community SANS Boston 2010 Boston, MA March 15, 2010 - March 20, 2010
Mentor Session - Audit 507 Anchorage, AK February 24, 2010 - April 28, 2010
EU Mentor Session - AUD507 Odense M, Denmark January 13, 2010 - March 17, 2010
Mentor Session - Audit 507 Santa Clara, CA February 09, 2010 - April 13, 2010
Mentor Session - Audit 507 Ann Arbor, MI January 07, 2010 - March 11, 2010
SANS vLive! - AUD 507 - Dave Hoelzer Webcast Classroom Training, VA March 29, 2010 - May 05, 2010
SANS OnDemand Online Training & Assessments Anytime
SANS SelfStudy Books and .MP3s Only Anytime