Auditing & Monitoring Networks and Systems

What You Will Learn

Controls That Matter - Controls That Work

This course is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-wworld examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.

Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas. The combination of high-quality course content, provided audit checklists, in-depth discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique setting for students to learn how to be an effective enterprise auditor.

"AUD507 has obvious practical applications, and it's great to see some of the most infamous hacking methods explained and executed in real time. In the labs, I'm getting hands-on experience with the tools. The opportunity to learn how to interpret the results taught me more in one afternoon than I've picked up here-and-there over an entire career." - Tyler Messa, AWS

BUSINESS TAKEAWAYS:

Gain confidence in whether you have the correct security controls and they are working well
Lower your audit costs with effective, efficient security audits
Improve relevance of IT audit reporting, allowing the organization to focus on what really matters
Improve security compliance while reducing compliance and security risks, protecting your reputation and bottom line

SKILLS LEARNED:

How to apply risk-based decision making to the task of auditing enterprise security
Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
Establish a well-secured baseline for computers and networks as a standard to conduct audit against
Perform a network and perimeter audit using a repeatable process
Audit virtualization hosts and container environments to ensure properly deployment and configuration
Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain
Utilize scripting to build a system which will baseline and automatically audit Linux systems

HANDS-ON TRAINING:

This course goes beyond simply discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations. AUD507 uses hands-on labs to reinforce the material discussed in class and develop the "muscle memory" needed to perform the required technical tasks during audits. In sections 1-5, students will spend about 25% of their time in lab exercises. The final section of the course is a full-day lab that lets students challenge themselves by solving realistic audit problems using and refining what they have learned in class.

Students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. Each section affords students opportunities to use the tools and techniques discussed in class, with labs designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems.

Section 1: Audit Sampling: Calculating samples and margins of error, Network scanning and Continuous Monitoring with Nmap, Network Discovery Scanning with Nessus
Section 2: Introduction to PowerShell and Scripting, Windows Management Instrumentation, System Information, Open Ports, Users and Groups, Permissions and Rights Assignments, Windows Logging
Section 3: Unix Scripting, System Information, Permissions, File Integrity, Logging and Monitoring
Section 4: Examining Hypervisors, Auditing Docker Security, Capturing and Analyzing Network Traffic, Analyzing and Validating Device Configurations, Testing Public Services
Section 5: Introduction to Web and Testing Technologies, Secure Server Configurations: TLS and Information Disclosure, Authentication Attacks, Authentication Information Disclosure, Logic Flaw, Input/Output Flaws: Cross-Site Scripting and SQL Injections
Section 6: Capture the Flag: Audit Essentials, Network Devices and Firewalls, Web Applications, Windows, Unix

"The labs or exercises were Excellent because provides knowledge, information and experience." - Amjad Awdhah Saeed Alshahrani, Site

"Today's NetWars was definitely a challenge and for me I needed the team so we could all use our strengths. Excellent coverage of everything we've learned without repeating exact exercises we had done in the week. Good way to know I did understand what we've been learning all week. The workbook was a good reference to return to." - Carmen Parrish, US Government

"The hands-on labs reinforce the learning from the book. I learn best when I can touch and feel the material being taught." - Rodney Newton, SAP

SYLLABUS SUMMARY:

Section 1: How to be an IT auditor. What tools will make you look smart
Section 2: Using PowerShell and native tools to measure security of Windows systems and domains
Section 3: Understanding Unix security and how to use built-in tools and scripting to measure it
Section 4: Auditing security of hybrid cloud environments and enterprise networks
Section 5: Understanding and auditing the OWASP proactive controls for web applications
Section 6: Full-day hands-on lab exercise using all the skills and tools learned during the course

ADDITIONAL FREE RESOURCES:

WHAT YOU WILL RECEIVE:

Printed and Electronic Courseware
MP3 audio file of the complete course lecture
Audit checklists

WHAT COMES NEXT:

Depending on your current role or future plans, one of these courses is a great next step in your leadership journey:

Compliance or Auditor Professionals:

Technical Security Manager or InfoSec Technician:

MGT516: Managing Security Vulnerabilities: Enterprise & Cloud

Syllabus (36 CPEs)

Download PDF

Overview
This section provides the "on-ramp" for the highly technical audit tools and techniques used later in the course. After laying the foundation for the role and function of an auditor in the information security field, this section's material provides practical, repeatable and useful risk assessment methods that are particularly effective for measuring the security of enterprise systems, identifying control gaps and risks, and enabling us to recommend additional controls to address the risk. We finish off the section with coverage of the security risks and associated audit techniques for virtualization hosts, cloud services and container systems.
The first part of this section is dedicated to defining the terms used in the class and setting the stage for performing highly effective technology security audits. We follow this with demonstrations of practical risk assessments using consequence/cause analysis and time-based security. We discuss what defense-in-depth really means and how to apply the results of our risk assessments to providing a well-reasoned deep defense of our enterprise systems and business processes. We apply these risk assessment and defense concepts to realistic case studies involving the controls commonly used by enterprises.
We present a proven six-step audit process and the qualities required of a technical auditor. We discuss how to plan for and manage audit engagements, how to gather useful audit evidence, and how to best present findings to management in both written reports and in-person presentations.
The last part of this section is spent covering the tools that will make your life much easier as an IT auditor. The first is NMAP, which can be used for host and service discovery, service and OS version identification, and even configuration checking. We present the "auditor's view" of NMAP, including the settings to use for more reliable audit results and the scripts which might speed up your evidence gathering. Then we move on to a discussion of vulnerability scanners and their use in audit, assurance and operations in the enterprise.
Exercises
- Audit sampling: Calculating samples and margins of error
- Network Scanning and Continuous Monitoring with Nmap
- Network Discovery Scanning with Nessus
Topics
Auditor's Role as it Relates to:
- Policy Creation
- Policy Conformance
- Incident Handling
Basic Auditing and Assessing Strategies
- Baselines
- Time-Based Security
- Thinking Like an Auditor
- Developing Auditing Checklists from Policies and Procedures
- Performing Effective Risk Assessments
Risk Assessment
- Identifying Existing Controls
- Determining Root Failure Causes
- Using Risk Assessment to Specify New Controls
The Six-Step Audit Process
- How the Steps Interrelate
- How to Effectively Conduct an Audit
- How to Effectively Report the Findings
Network Population Monitoring
- Robust Process for Node Identification
- Network Population Change Management and Monitoring
- Automated Notification Processes
Vulnerability Scanning
- Effective Scanning
- Effective, Business Aligned, Reporting
Overview
The majority of systems encountered on most enterprise audits are running Microsoft Windows in some version or another. The centralized management available to administrators has made Windows a popular enterprise operating system. The sheer volume of settings and configurable controls, coupled with the large number of systems often in use, makes auditing Windows servers and workstations a huge undertaking.
In this section, we teach students how to audit Windows systems and Active Directory domains at scale. We begin with an introduction to Windows PowerShell, covering how to use the shell and moving on to writing and editing scripts which allow the auditor to perform repetitive tasks quickly and reliably. Throughout the section we work to build a comprehensive baseline auditing script which can be used to audit all the systems within a domain.
Most of this course section is spent examining operating system security in general, and Windows security in particular. We demonstrate how to use PowerShell, Windows Management Instrumentation (WMI), command-line and graphical tools to obtain audit evidence from Windows systems. We move from there to auditing Microsoft Active Directory using PowerShell and command-line tools which access the Lightweight Directory Access Protocol (LDAP).
We continue with discussions of user management, user rights management, file, registry, and share permissions. Finally, we wrap up the section by exploring Windows logging options and how to use the tools and scripts developed during the day to perform meaningful continuous monitoring of the Windows domain and systems. One of the primary goals of the material presented is to allow the auditor to move from checking registry settings to helping administrators to create a comprehensive management process that automatically verifies settings. With this type of system in place, the auditor can step back and begin auditing the management processes which generally help us to be far more effective.
Exercises
- Scripting with PowerShell
- Exploring WMI with PowerShell and WMIC
- Discovering Operating System and Patch Levels
- Querying Active Directory
- Permissions and Logging
Topics
Windows Support and End of Life
PowerShell Command Essentials
PowerShell Scripting
Windows Management Instrumentation (WMI)
WMI and PowerShell for Auditing
- Operating System Information
- Hardware Information
- Patches Installed
- Software Installed
- Services
PowerShell, DSQuery and LDAP
- Users
- Group Membership
Password Management and Auditing
User Right Assignments
- PowerShell Module for Easier Auditing
System Security Settings
- Group Policy
- Local Security Policy
- Auditing Applied Settings
File and Share Permissions
Registry Permissions and Settings
Windows Logging
- Retention Settings
- Collection Options
- Centralized Aggregation of Logs
Continuous Monitoring for Windows
Overview
While many enterprises today use Microsoft Windows for their endpoint systems, Linux and other Unix variants are well-established as servers, security appliances and in many other roles. Given the nature of the work these Unix variants do, it is critical to ensure their security. Add to that the fact that mass centralized administration is less likely to occur with these systems, and auditing at scale becomes even more important.
This section uses Debian and CentOS Linux as the example operating systems. We assume that students may have little or no Linux experience and build skill during the day accordingly. We begin with a discussion of system accreditation in a field where many servers are "snowflakes" - uniquely designed and different from our other enterprise systems. Then, we move on to discuss the fundamentals of Linux/Unix operating systems and the tools available to auditors for system testing and for developing audit scripts.
The bulk of the section concentrates on understanding Linix/Unix operating systems and using native tools and scripts to gather system information, enumerate running services, determine software patch levels, audit user access and privilege management, examine system logs and examine configuration and hardening. Emphasis is placed throughout the day on developing reusable tools and scripts which can be used to gather audit evidence on a variety of Linux/Unix systems.
Neither Unix nor scripting experience is required for this section. The course book and hands-on exercises present an easy-to-follow method, and the instructor is prepared to help with any difficulty students have in this sometimes unfamiliar environment.
Exercises
- Unix Scripting
- System Information, Permissions and File Integrity
- Services and Passwords
- Unix Logging, Monitoring and Auditing
Topics
Accreditation and Snowflakes
Linux Basics
Command Line Tools and Scripting
- Grep
- Sed/Awk
- Script
- Command Substitution
Scripting Commands and Syntax
System Information
- Distribution Version
- Kernel Version
- Memory
- Disk Space
- Package Versions
- Non-Package Daemon Versions
File Permissions
- Overview
- Find Command
- SUID/SGID/Sticky Bits
File Integrity
- Tripwire
- OSSec
Services
- Startup Methods
- Netstat
- Nmap
Patching
- Kernel Patching Without Rebooting
- Configuration Management
Users, Groups and Privilege Management
- Passwd and Shadow Files
- John the Ripper
- Centralized Authentication
- SSH Server Configuration
- Sudo and Sudoreplay
Logging and Monitoring
System Audit Tools
- Lynis
- Authenticated Vulnerability Scanning
Continuous Monitoring
Overview
This section focuses on securing the enterprise network. The days are gone when a good firewall at the edge of the network is all we really need. In fact, in many enterprises, the network has no real "edge". Auditors should encourage their organizations to focus on security within the network with the same diligence as they use at the perimeter.
We begin the section with a discussion of private and public cloud technologies used in the modern enterprise. First, we look at the security issues related to virtualization hosts and present a list of controls which auditors should examine for the most commonly used hypervisors. Next, we examine how enterprises integrate cloud technologies into their portfolios and look at how cloud providers and their customers should share security responsibilities. We examine guidance from the Cloud Security Alliance and major cloud vendors to develop a list of items to review when auditing an organization's use of cloud services.
The next part of the section is dedicated to understanding containers and container orchestration tools and how they should be deployed and configured. Using the Center for Internet Security's (CIS) Docker Benchmark as a guide, we take a deep look at how our container deployments should be secured and the important items to audit in those deployments. We continue with a discussion of container orchestration tools, like Kubernetes, and how to secure those tools for production use. We wrap up this section with a discussion of serverless functions and their use in the enterprise.
We continue the section with a discussion of Ethernet networks and then work our way up the networking stack. Students will learn how to identify insecurely configured VLANs, how to determine perimeter firewall requirements, how to examine enterprise routers and much more. We continue with a study of wireless networking and the best practices for defending it.
This section ends with an analysis of common security requirements for public services, focusing on the domain name system (DNS) and the simple mail transfer protocol (SMTP). Finally, students are guided through best practices for using network mapping tools like Nmap and vulnerability scanners to assist the organization in securing and continuously monitoring the network.
Many auditors confess that networking is one of their weakest topics. Therefore, each technology is fully explained using simple, everyday illustrations. Each topic is a component of a risk-driven framework for securing a network long-term and discussed in the context of a real security organization. How do we reconcile security concerns with operational requirements? What questions should a security auditor be asking? What should the answers to those questions be? How does continuous monitoring fit in and how do you architect those processes?
Students regularly describe this section in two ways. First, they say it's the most difficult section of the course; then they add that it filled in the gaps they had in understanding how networks really work and how they should be secured.
Exercises
- Auditing Hypervisors
- Auditing Docker Security
- Wireshark, Switch Configuration Symptoms and Device Configuration Auditing
- Auditing Public Services
Topics
Public, Private and Hybrid Cloud Deployments
Private Clouds and Hypervisor Security
- Common Hypervisors
- Useful Hypervisor Audit Tools
Public Cloud Technologies
Shared Responsibility Models
- Security of the Cloud
- Security in the Cloud
Containers, orchestration and serverless functions
Secure Layer 2 Configurations
- VLANs
- Spanning Tree
- VLAN Trunking
- Switching Topology Security
Router & Switch Configuration Security
- Remote Administration
- Logging Concerns and Practice
- ACL Configuration and Validation
- User Management
- Evolving Technologies
Firewall Auditing, Validation & Monitoring
- Information Flow Diagramming
- Converting Requirements to ACLs
- Understanding Firewall Design
- Network Architecture Validation
- Rules Review and Analysis
- Next Generation Firewalls
Wireless
- Secure Deployments Today
- Identification of Wireless Security Issues
- Effective Scanning
- Effective, Business Aligned, Reporting
Overview
Web applications seem to stay at the top of the list of security challenges faced by enterprises today. The organization needs an engaging and cutting-edge web presence, but the very technologies which allow the creation of compelling and data-rich websites also make it very challenging to provide proper security for the enterprise and its customers. Unlike other enterprise systems, our web applications are freely shared with the world and exposed to the potential for constant attack.
We begin this section with a discussion of the suite of technologies which make modern web applications work and the tools which auditors can use to identify, analyze, and manipulate these technologies as part of a well-designed and thorough security audit. We cover the technologies which make the web work: including HTML, HTTP, AJAX, web servers and databases. We also introduce the use of proxies in testing web applications by capturing, examining, and sometimes manipulating the traffic between a web client and the server.
We move on to introduce students to many of the resources available from the Open Web Application Security Project (OWASP), focusing on their Top 10 vulnerabilities list and the Top 10 Proactive Controls for web applications. From this foundation, we build a list of five critically important web development and deployment practices which serve as the basis for performing rigorous testing of web applications in the enterprise.
We dedicate most of the section to teaching the controls which can be used to secure applications and the skills needed to test and validate these controls. We develop and use a checklist for testing the most common and important security vulnerabilities. Throughout the section, students have the opportunity to use these tools to test sample web applications similar to those commonly deployed in today's enterprises. We also offer advice on how engineers, administrators, and developers can better secure the web technologies they design, implement and maintain. And finally, we discuss the best ways to report on findings and make useful recommendations.
Exercises
- HTML, HTTP and Burp
- Analyzing TLS and Robots.txt
- Fuzzing and Brute Forcing with Burp Intruder
- Finding Injection Flaws
Topics
Why Web Applications Are a Major Problem
Understanding HTTP, HTML, and related technologies
- Hypertext Markup Language - HTML
- Hypertext Transfer Protocol - HTTP
- HTTP Requests and Responses
Related Technologies
- WebDAV
- RESTful APIs
- Service Oriented Architecture/SOAP
- AJAX
- Single-Page Applications
- Cascading Style Sheets
- Cookies
The Burp Proxy
OWASP Top 10 List
OWASP Top 10 Proactive Controls
Server Configuration
- Information Disclosures
- HTTPS Settings
Secure Development Practices
- Use of Security Frameworks
- Dev/Test/Prod
- Multi-Tier Development
- Error Handling
- Code Review
- Static and Dynamic Analysis
- Scanning Caveats
Authentication
- HTTP Basic Authentication
- Forms Authentication
- Client Certificates
- Username Harvesting
- Brute Forcing
- Password Security
Session Handling
- Tracking Mechanisms
- Session Defenses
- Cross-Site Request Forgery
Data Handling
- GET vs. POST for Sensitive Data
- Input/Output Flaws and Solutions
- Injection Flaws - Cross-Site Scripting
- Injection Flaws - SQL Injection
- Other Injection Flaws
- Sensitive Output
Logging and Monitoring
- Log Everything
- Don't Log Too Much
- Auxiliary Logging Techniques
Overview
Audit Wars is a capstone exercise which allows students to test and refine the skills learned throughout the course. Using an online "capture the flag" (CTF) engine, students are challenged to audit a simulated enterprise environment by answering a series of questions about the enterprise network, working through various technologies explored during the course.
At the conclusion of this section, students are asked to identify the most serious findings within the enterprise environment and to suggest possible root causes and potential mitigations.
Exercises
Full-day Capture the Flag
- Audit Essentials
- Network Devices and Firewalls
- Web Applications
- Windows
- Unix
Topics
Technologies included in the capstone exercise include:
Network Devices
- Firewalls
- Cisco Switches & Routers
Servers
- Active Directory domain controllers
- DNS servers
- Web servers
- Linux Servers
Applications
- Intranet web applications
- Internet web applications
Workstations

GIAC Systems and Network Auditor

The GIAC Systems and Network Auditor (GSNA) certification validates a practitioner's ability to apply basic risk analysis techniques and to conduct technical audits of essential information systems. GSNA certification holders have demonstrated knowledge of network, perimeter, and application auditing as well as risk assessment and reporting.

Auditing, risk assessments, and reporting
Network and perimeter auditing and monitoring, web application auditing
Auditing and monitoring in windows and Unix environments

More Certification Details

Prerequisites

AUD507 assumes that the student is capable of:

Navigating the filesystem in Microsoft Windows
Launching the command prompt and PowerShell in Windows
Running commands from the command line in Windows
Navigating the command line and running simple commands in Linux

Deeper Linux experience will be helpful but is not required. The courseware and instruction provide the student with the information necessary to use the Linux systems and tools utilized in class.

Laptop Requirements

Important! Use your own system configured according to these instructions!

CRITICAL NOTE: Apple systems using the M1 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.

A properly configured system is required to fully participate in this course. These requirements are the mandatory minimums. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. We strongly urge you to arrive with a system meeting all the requirements specified for the course.

It is critical that you back-up your system before class. It is also strongly advised that you do not use a system storing any sensitive data.

System Hardware Requirements

CPU: 64-bit Intel i5/i7 2.0+ GHz processor: Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. Your CPU and OS must support a 64-bit guest virtual machine.

VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines.
Windows users can use this article to learn more about their CPU and OS capabilities.
Apple users can use this support page to learn more information about Mac 64-bit capability.

BIOS: Enabled "Intel-VT": Intel's VT (VT-x) hardware virtualization technology should be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS throughout the class. If your BIOS is password-protected, you must have the password.

USB: USB 3.0 Type-A port: At least one available USB 3.0 Type-A port is required for copying large data files from the USB 3.0 drives we provide in a physical classroom. The USB port must not be locked in hardware or software. Some newer laptops may have only the smaller Type-C ports. In this case, you will need to bring a USB Type-C to Type-A adapter.

RAM: 16 GB RAM: 16 GB RAM is required for the best experience. To verify on Windows 10, press Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".

Hard Drive Free Space: 100 GB Free space: 100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.

Operating System: Windows 10 Pro or macOS 10.15.x or later: Your system must be running either Windows 10 Pro or macOS 10.15.x or higher. Make sure your operating system is fully updated with the correct drivers and patches prior to arriving in class.

Additional Hardware Requirements

The requirements below are in addition to baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.

Additional Software Requirements

VMware
Credential Guard: If your host computer is running Windows, Credential Guard may interfere with the ability to run VMs. It is important that you start up VMWare prior to class and confirm that virtual machines can run. It is required that Credential Guard is turned off prior to coming to class.

System Configuration Settings

Local Admin: Have an account with local admin privileges. Some of the tools used in the course will require local admin access. This is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to use a different system.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"Being an excellent information technology auditor requires a special mix of skills. An effective auditor will know how to assess organizational risk, scope, plan and execute an audit engagement properly. They must have the technical skills to design and perform tests of controls. Then, they must have the business communication skills to report risks to the business in a clear, actionable format. Auditors require the ability to work "in the weeds" when necessary with systems and network engineers and administrators, and then walk into the boardroom and deliver their findings and recommendations in a way that enables business leaders to make well-informed decisions regarding the risk faced by their enterprise.

AUD507 is designed to allow students from diverse backgrounds to learn the skills they need to design and deliver high-quality audits of organizations' IT systems, networks, and web applications. From day one, we teach students the thought processes, technical tools, and communications techniques to become a world-class auditor. When they leave the class, they have the technical skills and the mindset required to identify and report on risk in any organization."

- Clay Risenhoover

"Clay did an outstanding job of being able to teach to people with the lowest level of knowledge to those with the technical acumen to know how to utilize all the tools right up front." - Heather Brewer, NAVSEA

Ways to Learn

OnDemand

Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.

Live Online

Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

In Person (6 days)

Training events and topical summits feature presentations and courses in classrooms around the world.

Who Should Attend AUD507?

Auditors seeking to identify key controls in IT systems
Audit professionals looking for technical details on auditing
Security Compliance professionals
Managers responsible for overseeing the work of an audit or security team
Security professionals newly tasked with audit responsibilities
System and network administrators looking to understand better what an auditor is trying to achieve, how they think and how to better prepare for an audit
System and network administrators seeking to create strong change control management and detection systems for the enterprise
Anyone looking to implement effective continuous monitoring processes within the enterprise

NICE Framework Work Roles:

Security Control Assessor: SP-RSK-002
System Testing and Evaluation Specialist: SP-TST-001

"It's a ton of information that's applicable in the field, and not just theory." - Hatim Othman, Sony Interactive Entertainment

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Reviews

The material you learn is practical and the student can use immediately after taking this class.

Peter Kiilu

Niche Assurance LLC

This course is not only relevant to my current vulnerability management role, but it will also enhance my skills and open up future roles.

Frederick Young, Jr.

Keep up the materials and examples and I will take the course again in a couple of years to capture the newest information and solidify existing information.

Andrew B.

U.S. Federal Agency

I would recommend this to anyone who wants a real-world auditing experience. The closest to a "Live Fire" exercise as possible.

Vic N.

U.S. Federal Agency

The entire course has been fantastic. It far exceeded my expectations. I think SANS training is far superior to other training programs.

Paul Petrasko

Bemis Company

Display times in

Africa/Abidjan

Africa/Accra

Africa/Addis Ababa

Africa/Algiers

Africa/Asmara

Africa/Asmera

Africa/Bamako

Africa/Bangui

Africa/Banjul

Africa/Bissau

Africa/Blantyre

Africa/Brazzaville

Africa/Bujumbura

Africa/Cairo

Africa/Casablanca

Africa/Ceuta

Africa/Conakry

Africa/Dakar

Africa/Dar es Salaam

Africa/Djibouti

Africa/Douala

Africa/El Aaiun

Africa/Freetown

Africa/Gaborone

Africa/Harare

Africa/Johannesburg

Africa/Juba

Africa/Kampala

Africa/Khartoum

Africa/Kigali

Africa/Kinshasa

Africa/Lagos

Africa/Libreville

Africa/Lome

Africa/Luanda

Africa/Lubumbashi

Africa/Lusaka

Africa/Malabo

Africa/Maputo

Africa/Maseru

Africa/Mbabane

Africa/Mogadishu

Africa/Monrovia

Africa/Nairobi

Africa/Ndjamena

Africa/Niamey

Africa/Nouakchott

Africa/Ouagadougou

Africa/Porto-Novo

Africa/Sao Tome

Africa/Timbuktu

Africa/Tripoli

Africa/Tunis

Africa/Windhoek

America/Adak

America/Anchorage

America/Anguilla

America/Antigua

America/Araguaina

America/Argentina/Buenos Aires

America/Argentina/Catamarca

America/Argentina/ComodRivadavia

America/Argentina/Cordoba

America/Argentina/Jujuy

America/Argentina/La Rioja

America/Argentina/Mendoza

America/Argentina/Rio Gallegos

America/Argentina/Salta

America/Argentina/San Juan

America/Argentina/San Luis

America/Argentina/Tucuman

America/Argentina/Ushuaia

America/Aruba

America/Asuncion

America/Atikokan

America/Atka

America/Bahia

America/Bahia Banderas

America/Barbados

America/Belem

America/Belize

America/Blanc-Sablon

America/Boa Vista

America/Bogota

America/Boise

America/Buenos Aires

America/Cambridge Bay

America/Campo Grande

America/Cancun

America/Caracas

America/Catamarca

America/Cayenne

America/Cayman

America/Chicago

America/Chihuahua

America/Coral Harbour

America/Cordoba

America/Costa Rica

America/Creston

America/Cuiaba

America/Curacao

America/Danmarkshavn

America/Dawson

America/Dawson Creek

America/Denver

America/Detroit

America/Dominica

America/Edmonton

America/Eirunepe

America/El Salvador

America/Ensenada

America/Fort Nelson

America/Fort Wayne

America/Fortaleza

America/Glace Bay

America/Godthab

America/Goose Bay

America/Grand Turk

America/Grenada

America/Guadeloupe

America/Guatemala

America/Guayaquil

America/Guyana

America/Halifax

America/Havana

America/Hermosillo

America/Indiana/Indianapolis

America/Indiana/Knox

America/Indiana/Marengo

America/Indiana/Petersburg

America/Indiana/Tell City

America/Indiana/Vevay

America/Indiana/Vincennes

America/Indiana/Winamac

America/Indianapolis

America/Inuvik

America/Iqaluit

America/Jamaica

America/Jujuy

America/Juneau

America/Kentucky/Louisville

America/Kentucky/Monticello

America/Knox IN

America/Kralendijk

America/La Paz

America/Lima

America/Los Angeles

America/Louisville

America/Lower Princes

America/Maceio

America/Managua

America/Manaus

America/Marigot

America/Martinique

America/Matamoros

America/Mazatlan

America/Mendoza

America/Menominee

America/Merida

America/Metlakatla

America/Mexico City

America/Miquelon

America/Moncton

America/Monterrey

America/Montevideo

America/Montreal

America/Montserrat

America/Nassau

America/New York

America/Nipigon

America/Nome

America/Noronha

America/North Dakota/Beulah

America/North Dakota/Center

America/North Dakota/New Salem

America/Nuuk

America/Ojinaga

America/Panama

America/Pangnirtung

America/Paramaribo

America/Phoenix

America/Port-au-Prince

America/Port of Spain

America/Porto Acre

America/Porto Velho

America/Puerto Rico

America/Punta Arenas

America/Rainy River

America/Rankin Inlet

America/Recife

America/Regina

America/Resolute

America/Rio Branco

America/Rosario

America/Santa Isabel

America/Santarem

America/Santiago

America/Santo Domingo

America/Sao Paulo

America/Scoresbysund

America/Shiprock

America/Sitka

America/St Barthelemy

America/St Johns

America/St Kitts

America/St Lucia

America/St Thomas

America/St Vincent

America/Swift Current

America/Tegucigalpa

America/Thule

America/Thunder Bay

America/Tijuana

America/Toronto

America/Tortola

America/Vancouver

America/Virgin

America/Whitehorse

America/Winnipeg

America/Yakutat

America/Yellowknife

Antarctica/Casey

Antarctica/Davis

Antarctica/DumontDUrville

Antarctica/Macquarie

Antarctica/Mawson

Antarctica/McMurdo

Antarctica/Palmer

Antarctica/Rothera

Antarctica/South Pole

Antarctica/Syowa

Antarctica/Troll

Antarctica/Vostok

Arctic/Longyearbyen

Asia/Aden

Asia/Almaty

Asia/Amman

Asia/Anadyr

Asia/Aqtau

Asia/Aqtobe

Asia/Ashgabat

Asia/Ashkhabad

Asia/Atyrau

Asia/Baghdad

Asia/Bahrain

Asia/Baku

Asia/Bangkok

Asia/Barnaul

Asia/Beirut

Asia/Bishkek

Asia/Brunei

Asia/Calcutta

Asia/Chita

Asia/Choibalsan

Asia/Chongqing

Asia/Chungking

Asia/Colombo

Asia/Dacca

Asia/Damascus

Asia/Dhaka

Asia/Dili

Asia/Dubai

Asia/Dushanbe

Asia/Famagusta

Asia/Gaza

Asia/Harbin

Asia/Hebron

Asia/Ho Chi Minh

Asia/Hong Kong

Asia/Hovd

Asia/Irkutsk

Asia/Istanbul

Asia/Jakarta

Asia/Jayapura

Asia/Jerusalem

Asia/Kabul

Asia/Kamchatka

Asia/Karachi

Asia/Kashgar

Asia/Kathmandu

Asia/Katmandu

Asia/Khandyga

Asia/Kolkata

Asia/Krasnoyarsk

Asia/Kuala Lumpur

Asia/Kuching

Asia/Kuwait

Asia/Macao

Asia/Macau

Asia/Magadan

Asia/Makassar

Asia/Manila

Asia/Muscat

Asia/Nicosia

Asia/Novokuznetsk

Asia/Novosibirsk

Asia/Omsk

Asia/Oral

Asia/Phnom Penh

Asia/Pontianak

Asia/Pyongyang

Asia/Qatar

Asia/Qostanay

Asia/Qyzylorda

Asia/Rangoon

Asia/Riyadh

Asia/Saigon

Asia/Sakhalin

Asia/Samarkand

Asia/Seoul

Asia/Shanghai

Asia/Singapore

Asia/Srednekolymsk

Asia/Taipei

Asia/Tashkent

Asia/Tbilisi

Asia/Tehran

Asia/Tel Aviv

Asia/Thimbu

Asia/Thimphu

Asia/Tokyo

Asia/Tomsk

Asia/Ujung Pandang

Asia/Ulaanbaatar

Asia/Ulan Bator

Asia/Urumqi

Asia/Ust-Nera

Asia/Vientiane

Asia/Vladivostok

Asia/Yakutsk

Asia/Yangon

Asia/Yekaterinburg

Asia/Yerevan

Atlantic/Azores

Atlantic/Bermuda

Atlantic/Canary

Atlantic/Cape Verde

Atlantic/Faeroe

Atlantic/Faroe

Atlantic/Jan Mayen

Atlantic/Madeira

Atlantic/Reykjavik

Atlantic/South Georgia

Atlantic/St Helena

Atlantic/Stanley

Australia/ACT

Australia/Adelaide

Australia/Brisbane

Australia/Broken Hill

Australia/Canberra

Australia/Currie

Australia/Darwin

Australia/Eucla

Australia/Hobart

Australia/LHI

Australia/Lindeman

Australia/Lord Howe

Australia/Melbourne

Australia/NSW

Australia/North

Australia/Perth

Australia/Queensland

Australia/South

Australia/Sydney

Australia/Tasmania

Australia/Victoria

Australia/West

Australia/Yancowinna

Brazil/Acre

Brazil/DeNoronha

Brazil/East

Brazil/West

CET

CST6CDT

Canada/Atlantic

Canada/Central

Canada/Eastern

Canada/Mountain

Canada/Newfoundland

Canada/Pacific

Canada/Saskatchewan

Canada/Yukon

Chile/Continental

Chile/EasterIsland

Cuba

EET

EST

EST5EDT

Egypt

Eire

Etc/GMT

Etc/GMT+0

Etc/GMT+1

Etc/GMT+10

Etc/GMT+11

Etc/GMT+12

Etc/GMT+2

Etc/GMT+3

Etc/GMT+4

Etc/GMT+5

Etc/GMT+6

Etc/GMT+7

Etc/GMT+8

Etc/GMT+9

Etc/GMT-0

Etc/GMT-1

Etc/GMT-10

Etc/GMT-11

Etc/GMT-12

Etc/GMT-13

Etc/GMT-14

Etc/GMT-2

Etc/GMT-3

Etc/GMT-4

Etc/GMT-5

Etc/GMT-6

Etc/GMT-7

Etc/GMT-8

Etc/GMT-9

Etc/GMT0

Etc/Greenwich

Etc/UCT

Etc/UTC

Etc/Universal

Etc/Zulu

Europe/Amsterdam

Europe/Andorra

Europe/Astrakhan

Europe/Athens

Europe/Belfast

Europe/Belgrade

Europe/Berlin

Europe/Bratislava

Europe/Brussels

Europe/Bucharest

Europe/Budapest

Europe/Busingen

Europe/Chisinau

Europe/Copenhagen

Europe/Dublin

Europe/Gibraltar

Europe/Guernsey

Europe/Helsinki

Europe/Isle of Man

Europe/Istanbul

Europe/Jersey

Europe/Kaliningrad

Europe/Kiev

Europe/Kirov

Europe/Lisbon

Europe/Ljubljana

Europe/London

Europe/Luxembourg

Europe/Madrid

Europe/Malta

Europe/Mariehamn

Europe/Minsk

Europe/Monaco

Europe/Moscow

Europe/Nicosia

Europe/Oslo

Europe/Paris

Europe/Podgorica

Europe/Prague

Europe/Riga

Europe/Rome

Europe/Samara

Europe/San Marino

Europe/Sarajevo

Europe/Saratov

Europe/Simferopol

Europe/Skopje

Europe/Sofia

Europe/Stockholm

Europe/Tallinn

Europe/Tirane

Europe/Tiraspol

Europe/Ulyanovsk

Europe/Uzhgorod

Europe/Vaduz

Europe/Vatican

Europe/Vienna

Europe/Vilnius

Europe/Volgograd

Europe/Warsaw

Europe/Zagreb

Europe/Zaporozhye

Europe/Zurich

GB-Eire

GMT

GMT+0

GMT-0

GMT0

Greenwich

HST

Hongkong

Iceland

Indian/Antananarivo

Indian/Chagos

Indian/Christmas

Indian/Cocos

Indian/Comoro

Indian/Kerguelen

Indian/Mahe

Indian/Maldives

Indian/Mauritius

Indian/Mayotte

Indian/Reunion

Iran

Israel

Jamaica

Japan

Kwajalein

Libya

MET

MST

MST7MDT

Mexico/BajaNorte

Mexico/BajaSur

Mexico/General

NZ-CHAT

Navajo

PRC

PST8PDT

Pacific/Apia

Pacific/Auckland

Pacific/Bougainville

Pacific/Chatham

Pacific/Chuuk

Pacific/Easter

Pacific/Efate

Pacific/Enderbury

Pacific/Fakaofo

Pacific/Fiji

Pacific/Funafuti

Pacific/Galapagos

Pacific/Gambier

Pacific/Guadalcanal

Pacific/Guam

Pacific/Honolulu

Pacific/Johnston

Pacific/Kiritimati

Pacific/Kosrae

Pacific/Kwajalein

Pacific/Majuro

Pacific/Marquesas

Pacific/Midway

Pacific/Nauru

Pacific/Niue

Pacific/Norfolk

Pacific/Noumea

Pacific/Pago Pago

Pacific/Palau

Pacific/Pitcairn

Pacific/Pohnpei

Pacific/Ponape

Pacific/Port Moresby

Pacific/Rarotonga

Pacific/Saipan

Pacific/Samoa

Pacific/Tahiti

Pacific/Tarawa

Pacific/Tongatapu

Pacific/Truk

Pacific/Wake

Pacific/Wallis

Pacific/Yap

Poland

Portugal

ROC

ROK

Singapore

Turkey

UCT

US/Alaska

US/Aleutian

US/Arizona

US/Central

US/East-Indiana

US/Eastern

US/Hawaii

US/Indiana-Starke

US/Michigan

US/Mountain

US/Pacific

US/Samoa

UTC

Universal

W-SU

WET

Zulu

AUD507: Auditing & Monitoring Networks, Perimeters & Systems

GIAC Systems and Network Auditor (GSNA)

Course Authors:

Clay Risenhoover

What You Will Learn

Syllabus (36 CPEs)

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

Overview

Exercises

Topics

GIAC Systems and Network Auditor

Prerequisites

Laptop Requirements

Author Statement

Ways to Learn

Who Should Attend AUD507?

Need to justify a training request to your manager?

Related Programs

Reviews

Filters:

Register for AUD507

Loading...