CIW Security Professional Series:

Security Auditing, Attacks and Threat Analysis (CIWSATA)

Security Auditing, Attacks, and Threat Analysis is a three-day course that teaches students how to perform different phases of a security audit, including discovery and penetration, and how to defeat unauthorized users from controlling company networks. The course discusses how to use Windows NT and Linux to identify security issues and suggest industry-standard solutions. Students will also learn how to generate effective audit reports that can help organizations improve their security and become current with industry security standards.

Target Audience

Network server administrators, firewall administrators, systems administrators, application developers, and IT security officers.

Job Responsibilities

Implement e-business solutions security policies; identify security threats and develop countermeasures using firewall systems and attack-recognition technologies; and manage the deployment of security solutions.

Prerequisites

Students must have passed the CIW Foundations, CIW Server Administrator, and CIW Internetworking Professional exams, and have completed the Network Security and Firewalls and Operating Systems Security courses or have equivalent skills.

Topics
  • Security Auditing
  • Security Auditing Principles
  • The Auditing Process
  • Auditing Roles and Perspectives
  • Conducting a Risk Assessment
  • Risk Assessment Stages
  • Discovery Methods
  • Discovery
  • Security Scans
  • Enterprise-grade Auditing Applications
  • Scan Levels
  • Social Engineering
  • What Information Can You Obtain?
  • Security Auditing and the Control Phase
  • Network Control
  • Control Phases
  • UNIX Password File Locations
  • Control Methods
  • Auditing and the Control Phase

Intrusion Detection

  • Intrusion-Detection Systems
  • What is Intrusion Detection?
  • IDS Rules
  • False Positives
  • Intrusion-Detection Software
  • Intruder Alert
  • Purchasing an IDS
  • Auditing with an IDS

Auditing Server Penetration and Attack Techniques

  • Network Penetration
  • Attack Signatures and Auditing
  • Common Targets
  • Routers
  • Databases
  • Web and FTP Services
  • E-mail Servers
  • Name Services
  • Auditing for System Bugs
  • Auditing Trap Doors and Root Kits
  • Auditing Denial-Of-Service Attacks
  • Buffer Overflow
  • Combining Attack Strategies
  • The TCP/IP Stack

Auditing and Log Analysis

  • Log Analysis
  • Baseline Creation
  • Firewall and Router Logs
  • Operating System Logs
  • Filtering Logs
  • Suspicious Activity
  • Additional Logs
  • Log Storage
  • Auditing and Performance Degradation

Audit Results

  • Auditing Recommendations
  • Creating the Assessment Report
  • Improving Compliance
  • Security Auditing and Security Standards
  • Improving Router Security
  • Enabling Proactive Detection
  • Host Auditing Solutions
  • Replacing and Updating Services
  • Secure Shell (SSH)
  • SSH and DNS

Security Resources (Appendix)

  • Sample Security Audit Report
  • Sample Enterprise Scanner Reports
  • Security Auditing Programs
  • Installing the TCP/IP Stack Updates
  • Security and Auditing Texts
  • Standards Documents
  • Internet Security Recourses