Security Auditing
Introduction to Auditing
What is an Auditor?
What Does an Auditor Do?
Auditor Roles and Perspectives
Conducting a Risk Assessment
Risk Assessment Stages
Discovery Methods
Discovery
Security Scans
Enterprise-grade Auditing Applications
Scan Levels
Social Engineering
What Information Can You Obtain?
Auditing Server Penetration and Attack
Techniques
Network Penetration
Attack Signatures and Auditing
Common Targets
Routers
Databases
Web and FTP Servers
E-mail Servers
Naming Services
Compromising Services
Auditing for System Bugs
Auditing Trap Doors and Root Kits
Auditing Denial-Of-Service Attacks
Buffer Overflow
Combining Attack Strategies
Denial of Service and the TCP/IP Stack
Security Auditing and the Control
Phase
Network Control
Control Phases
UNIX Password File Locations
Control Methods
Auditing and the Control Phase
Intrusion Detection
Intrusion-Detection Systems
What is Intrusion Detection?
IDS Rules
False Positives
Intrusion-Detection Software
Intruder Alert
Purchasing an IDS
Auditing with an IDS
Auditing and Log Analysis
Log Analysis
Baseline Creation
Firewall and Router Logs
Operating System Logs
Filtering Logs
Suspicious Activity
Additional Logs
Log Storage
Auditing and Performance Degradation
Audit Results
Auditing Recommendations
Creating the Assessment Report
Improving Compliance
Security Auditing and Security Standards
Improving Router Security
Enabling Proactive Detection
Host Auditing Solutions
Replacing and Updating Services
Secure Shell (SSH)
SSH and DNS