SANS AUD507: Auditing Systems, Applications, and the Cloud

انجام ممیزی های امنیتی IT در سطح شرکت می تواند یک کار قریب به اتفاق باشد. دشوار است بدانید که از کجا شروع کنید و ابتدا کنترل ها باید مورد بازرسی قرار گیرد. ممیزی ها غالباً روی چیزهایی که مهم نیستند تمرکز می کنند و وقت و منابع گرانبها را هدر می دهند. دوره SANS AUD507 ابزارها ، تکنیک ها و فرایندهای فکری مورد نیاز برای انجام ارزیابی و ممیزی های معنادار را به دانش آموز می دهد. بیاموزید که از ارزیابی های ریسک استفاده کنید تا توصیه کنید از کنترل ها باید استفاده شود و در کجا باید قرار گیرد. بدانید که کدام ابزار به شما کمک می کند تا تلاش های خود را متمرکز کنید و یاد بگیرید که چگونه این ابزارها را برای حداکثر اثربخشی خودکار کنید.

Date: 2021
Price: $8,275 USD
Format: Video + eBooks
Publisher: SANS
By: Clay Risenhoover

Performing IT security audits at the enterprise level can be an overwhelming task. It is difficult to know where to start and which controls should be audited first. Audits often focus on things that are not as important, wasting precious time and resources. Management is left in the dark about the real risk to the organizations mission. Operations staff cant use the audit report to reproduce or remediate findings. AUD507 gives the student the tools, techniques and thought processes required to perform meaningful risk assessments and audits. Learn to use risk assessments to recommend which controls should be used and where they should be placed. Know which tools will help you focus your efforts and learn how to automate those tools for maximum effectiveness. 20 Hands-On Exercises

What You Will Learn

Controls That Matter – Controls That Work

This course is organized specifically to provide a risk-driven method for tackling the enormous task of designing an enterprise security validation program, covering systems, applications, and the cloud. After covering a variety of high-level audit issues and general audit best practices, students will have the opportunity to delve into the technical “how-to” for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way, as well as many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the students learn how to be most effective in communicating risk to management and operations staff.

Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas including systems, applications, and the cloud. The combination of high-quality course content, provided audit checklists, in-depth discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique setting for students to learn how to be an effective enterprise auditor.

“AUD507 has obvious practical applications, and it’s great to see some of the most infamous hacking methods explained and executed in real time. In the labs, I’m getting hands-on experience with the tools. The opportunity to learn how to interpret the results taught me more in one afternoon than I’ve picked up here-and-there over an entire career.” – Tyler Messa, AWS

BUSINESS TAKEAWAYS:

• Gain confidence that you have the correct security controls and they are working well
• Lower your audit costs with effective, efficient security audits
• Improve relevance of IT audit reporting, allowing the organization to focus on what really matters
• Improve security compliance while reducing compliance and security risks, protecting your reputation and bottom line

SKILLS LEARNED:

• Apply risk-based decision making to the task of auditing enterprise security
• Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
• Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
• Establish a well-secured baseline for computers and networks as a standard to conduct audit against
• Perform cloud environment audits using automated tools and a repeatable process
• Audit virtualization hosts and container environments to ensure properly deployment and configuration
• Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
• Audit a web application’s configuration, authentication, and session management to identify vulnerabilities attackers can exploit
• Utilize automated tools to audit Windows and Linux systems
• Audit Active Directory Domains

HANDS-ON TRAINING:

This course goes beyond simply discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations. AUD507 uses hands-on labs to reinforce the material discussed in class and develop the “muscle memory” needed to perform the required technical tasks during audits. In sections 1-5, students will spend about 25% of their time in lab exercises. The final section of the course is a full-day lab that lets students challenge themselves by solving realistic audit problems using and refining what they have learned in class.

Students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. Each section affords students opportunities to use the tools and techniques discussed in class, with labs designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems.

• Section 1: Audit Tool Setup, Network scanning and Continuous Monitoring with Nmap, Network Discovery Scanning with Nessus, Configuring and Using Cloud Provider Tools, Cloud Provider Inventory
• Section 2: Introduction to PowerShell, Windows System Measurements, Auditing Users, Permissions and Logging, Compliance and Testing at Scale
• Section 3: Linux System Information and Permissions, File Integrity, Kernel Settings and Services, Linux Logging, Linux System Audits
• Section 4: VMWare and Kubernetes, Cloud Identity and Access Management, Cloud Infrastructure, Cloud Benchmarks
• Section 5: Web Auditing with Burp, Server Configuration and Static Analysis, Fuzzing with Burp, Injection Flaws
• Section 6: Capture the Flag: Audit Essentials, Windows Systems, Windows Domains, Kubernetes, Linux, OSQuery and Fleet, Cloud Services, Web Applications

“The labs or exercises were Excellent because provides knowledge, information and experience.” – Amjad Awdhah Saeed Alshahrani, Site

“Today’s netwars was definitely a challenge and for me I needed the team so we could all use our strengths. Excellent coverage of everything we’ve learned without repeating exact exercises we had done in the week. Good way to know I did understand what we’ve been learning all week. The workbook was a good reference to return to.” – Carmen Parrish, US Government

“The hands-on labs reinforce the learning from the book. I learn best when I can touch and feel the material being taught.” – Rodney Newton, SAP

SYLLABUS SUMMARY:

• Section 1: How to be an IT auditor; How to gain visibility for hybrid cloud environments
• Section 2: Using PowerShell and native tools to measure security of Windows systems and domains
• Section 3: Understanding Unix security and how to use built-in tools and scripting to measure it
• Section 4: Auditing security of hybrid cloud environments and enterprise networks
• Section 5: Understanding and auditing the OWASP proactive controls for web applications
• Section 6: Full-day hands-on lab exercise using all the skills and tools learned during the course

Syllabus
AUD507.1: Audit in the Enterprise and Cloud
AUD507.2: PowerShell, Windows System, and Domain Auditin
AUD507.3: Auditing Linux
AUD507.4: Auditing Cloud Infrastructure
AUD507.5: Auditing Web Application
AUD507.6: Audit Wars