Training Courses

WEB100: Auditing and Assessing Web and Network Security

CPE credits: 7

Description: This seminar will introduce the attendee to the technologies, terms and processes related to Web security from the perspective of the internal/external Infosec auditor's point-of-view. Covered during the seminar will be concepts and techniques related to general Web security, network security, operating system security and methods for evaluating overall and general network environment security. Additionally, the concepts and technologies behind such security measures as intrusion detection, firewall design and deployment, DMZs, router, and virtual private networks and overall network security are addressed.

Audience: This seminar is intended for Chief Technology Officers, Chief Information Officers, Chief Security Officers, Controllers, internal and external audit professionals, and individuals who wish to learn more about securing and controlling their organization's Web environment.

Prerequisites: There is no prerequisite for this seminar.

Objectives: After completing this seminar, participants will be able to:

Recognize how easy it is for perpetrators to mount an Internet attack
Describe the latest threats when connecting internal systems to the Internet
Explain the countermeasures used to protect organizations against attack
Describe the latest risks involved when providing Internet services to staff
Conduct an assessment and technical review of their organization's Internet and Web-based systems

Course Outline:

Network Security Fundamentals

· The Web client/server architecture

· What does the Web server do?

Goals of Network Security

· Availability

· Authentication

· Privacy

· Integrity

Network Security Threats

· Client information leakage

· How cookies work

· Assessing the threats from Java, JavaScript, VBScript and ActiveX

· Hostile applets and viruses

Web Security

· Disabling Java applets

· Turning off cookies

· Using an online virus checker

· Obtaining browser certificates

· Enabling and disabling signing authorities

Vulnerabilities of Web Tools

Creating a Secure Network Strategy

· Authenticating users

· File permissions and document roots

· Operating privileges for the server

· Audit tools

Common Web Attacks and Their Defenses

Intrusion Detection

Security Baselines

· Components of a firewall

· What firewalls can and cannot do

· Comparing firewall types

· Using application proxies

Auditing & Compliance

· Responding to security violations

· Real-time monitoring

· Limiting damage

· Keeping up to date on new threats

Security Assessment

Establishing Network Defenses

Dr. Marcella’s seminar will draw upon his 29 years of field experience in the areas of corporate, data, IT and physical security and his roll as a Board of Director member for the Saint Louis community InfraGard project, a Board of Governor member for the Saint Louis Institute of Internal Auditors and as a member of the Saint Louis Cyber-Terrorism Task Force.

Back to training courses.

IT Management Consulting, Training Services, and Audit & Security Reviews Since 1984