About the course

Business-based workshops are introduced as knowledge is acquired. These require you to decide how networks and applications should be deployed and managed. You will hear commentary on certain real disasters that have happened to high profile companies in the past. Don’t follow them into the same black hole!

Planning for audits and discussion of suitable tests forms a substantial part of the course and the fully featured appendices accompanying the course will prove a valuable audit resource for you. There is a great deal of hands on accompanying this course. You will find Unix and windows servers in the lab, as well as firewalls and other network devices. Hack the classroom network and find out what the intruders do. Experiment with the lab firewalls and commission your own e-mail filtering software. Examine SNMP servers and data, as well as many other particularly relevant demos and hands-on routines. Delegates will get a chance to run network probes, port scanners and examine network settings. Attacks will be generated – for instance packet floods and potentially lethal web based exploits.

Who should attend
This course is designed for audit and security specialists who need to understand how networks operate, what the sources of risk are and how to manage the risk. Also, the training is particularly relevant to those who manage, or are responsible for large corporate networks. Check the list of staff roles below. If you are on the list, then this training is ideal for you.
Computer auditors and audit managers
Security specialists
IT directors
Project managers requiring a networking overview, with the emphasis on security
Network managers and their staff
Legal professionals who need to understand networks and the risks
Business managers exploring cost implications of network ownership
Any staff requiring a security-focused introduction to networking tools and technology.

Prerequisites
A general familiarity with the use of ICT in businesses, from the viewpoint of a user, is a sufficient prerequisite. You should feel comfortable loading, running and experimenting with software, under guidance from the instructor. You should be able to take in your stride the command line and GUI utilities that are employed on the course.

Duration

3 days

1. A review of networking technology

Network security concepts
Business issues
Network development lifecycle
Network hardware and software
Risks and objectives
Local area networks
TCP/IP
LAN devices
Directory services
Virtual private networks
Transmission system vulnerabilities
General network management
Ports and sockets
Routing
Various hacking and probing tools

3. Remote access

Remote access topologies
Telephone lines
Authenticating remote users – the Shiva corporation
Defending the remote machine
Virtual private networking
Auditing equipment cross the internet
Wireless LANs (WLANs)
IP version 6 (IPV6)

5. Building a trust infrastructure

Business objectives
Types of encryption
Symmetrical cryptography
PGP
Hash check-summing
SSL
Digital Certificates
VPNs

2. WAN technology

WAN technology
Frame relay
ATM
ISDN
ADSL
Satelite
General network management
Virtual private networks

4. Traffic control
Candidate points of weakness
Standard firewall services
Firewall specimen specification
Firewall deployment
Risk assessment methods
Rule lists and logs

6. System security checks

Top 20 system risks in an e-commerce environment
Detection of vulnerabilities
What the hackers do
Best practice in resisting intrusions

APPENDICES

Appendix 1: Best practice in network management

Appendix 2: The resources CD-ROM accompanying this training course

Appendix 3: Workshops

Appendix 4: Sources of risk and controls in network administration