From the course: Performing a Technical Security Audit and Assessment
Required skillsets
From the course: Performing a Technical Security Audit and Assessment
Required skillsets
- Security assessment reviews are the process of examining documents, systems, files, and network data for two purposes, to potentially identify security gaps or vulnerabilities and to gather information for the security tests. Because information gathered from reviews will be used to help facilitate the security tests, they must come before the tests are conducted. In this chapter, I'll cover six techniques useful for conducting technical security assessment reviews. These techniques are documentation review, log review, ruleset review, system configuration review, network sniffing, and file integrity checking. Here are some baseline skillsets for each of these techniques. For documentation review, the assessor should have a good understanding of security concepts and principles. So he can identify any missing or incorrect documentation during the review. For log review, the assessor should have a strong familiarity with log formats for the systems under review. He needs to be able to interpret log data and identify any evidence of activity that indicates lack of security controls. He should also be able to us automated log analysis and log correlation tools. For ruleset review, the assessor should have a good understanding of how firewall and switch rulesets work, including various formats and structures. He should also be able to analyze and correlate the rulesets from different devices. For system configuration review, the assessor should know what it takes to have a secure system configuration for any platform under review. He should also know which configuration settings represent strong security and be able to determine if they're set properly. He should be able to use automated system configuration testing tools. For network sniffing, the assessor should have a good understanding of how TCP/IP networks function, as well as be able to analyze and interpret network traffic. He should also be able to use network sniffing tools to capture and analyze network traffic. For file integrity checking, the assessor should know how file systems work on various systems, as well as understanding file verification principles, such as hash algorithms. He should also be able to use file integrity checking tools and know how to interpret the results. With these skillsets, one should be able to successfully conduct technical security assessment reviews.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Required skillsets2m 52s
-
(Locked)
Conduct documentation reviews2m 8s
-
(Locked)
Conduct log reviews3m 4s
-
(Locked)
Conduct ruleset reviews2m 57s
-
(Locked)
Conduct system configuration reviews3m 35s
-
(Locked)
Conduct network sniffing1m 43s
-
(Locked)
Network sniffing tool demo: Wireshark3m 21s
-
(Locked)
Conduct file integrity checking4m 55s
-
(Locked)
File integrity checking tool demo1m 18s
-
(Locked)
Challenge: Pick the right reviews1m 6s
-
(Locked)
Solution: Pick the right reviews3m 9s
-
-
-
-
-
-
-