This hands-on course will help you get started in the field of information technology and security auditing. During the week we will examine or work with tools ranging from such things as URLScan (a part of Microsoft's IIS Security Wizard) and various CIS Scoring Tools to HFNetCheck (hfnetchk.exe) and Unix syslog, helping the student to see how each of these can be applied in security and audit validation. In the SANS Audit Essentials course, we feel that we have put together a very strong audit training program, giving both audit theory and strong technical details. It covers the essentials of security, compliance and IT auditing, everything you need, nothing you don't. As each topic is discussed in the class, the course will strive to first teach the underlying theories and then explain how and what about these topics require the attention of an auditor or compliance officer. The course is presented hands-on so that students can receive the most benefit by actually trying what is described in the lectures!

Auditors and compliance officers are asked to examine a large number of complex systems today, including large networks, exposure of intellectual property and physical facility security. Day one of this course introduces key technologies and systems relating to these problems, tying each of them directly to audit controls and activities for the measurement of overall security.

In order to effectively provide corrective feedback to better secure and improve information security at a site, it is important to understand historical and current threats and vulnerabilities as well as how to defend against them. Today's material will cover risk assessment and business impact analysis models to assist an auditor to document their findings and explain their recommendations, in addition to covering a number of common vulnerabilities and how to identify them in the course of an audit.

Electronic commerce and data interchange has become the way to do business in the twenty first century. Organizations want to know if they're secure and what they need to do to become more secure. This course will provide an auditor with the technical underpinnings of these technologies followed up with hands on testing and validation exercises so that these questions can be answered. Over the course of the day, we will cover everything required to implement a comprehensive information assurance program and validate it from end to end.

Connected closely to the issues surrounding EDI and EC are secure communications. This day will look at encryption and how it can be applied to information assurance problems in communication. More importantly, attention will be given to identifying the correct types of encryption to use for various situations and how to validate encryption in terms of compliance controls.

Windows remains the most pervasive operating system in use today. Today's material will take a technical look at the numerous security controls and settings available on a Windows system, particularly in terms of compliance management and auditing. The material will give you a solid handle on Windows 2000, XP and .NET security issues. In this section we will also consider some of the many Microsoft utilities available to secure Microsoft Windows systems including HFNETCHK, MBSA, URLSCAN, IIS Lockdown, and many more.

This final day of the course covers an introduction to Unix and Unix security with an eye on security auditing. A wide range of topics will be covered quickly, drawing in information from earlier in the week by showing how systems like TCPWrappers are used in a running system or network. Students will leave with an overall plan for auditing any Unix system.