This track is the end product of over one hundred skilled system, network and security administrators working with one common goal: to improve the state of information security.

This track, like all SANS courses, is based on known and validated threats and vulnerabilities. These threats and vulnerabilities are explained based on validated information from real world situations that can be used to raise awareness within an organization and build an understanding of why auditing is important. From these threats and vulnerabilities, we build the countermeasures and defenses including instrumentation, metrics and auditing. The course begins with a high-level introduction on methods and audit programs. It then takes you through all the particulars of how to actually audit devices and IT systems that range from firewalls and routers all the way down to the underlying operating systems.

You'll be able to use what you learn the day you get home. Five of the six days in the track will include hands-on exercises with the demonstrated tools on a live in-class network. Each student is invited to bring their own Windows 2000 or higher laptop for use during class. The hands-on exercises will allow you to experiment with the audit tools discussed in class and to actually perform audit functions against SANS-provided servers in class. A great audit is more than marks on a checklist; it is the understanding of the best practices, system analysis and forensics. Sign up for this course and experience the mix of theory and hands-on, pragmatic knowledge.

This course will fill in any foundational gaps you have in auditing in addition to presenting innovative approaches to auditing. For classes taught in the United States, coverage also includes legal requirements from such laws as Sarbanes-Oxley and Graham-Leach-Bliley. This course will also help any auditor to improve their audit process and presentation of audit findings.

Focus on some of the most sensitive and important parts of our information technology infrastructure: routers and firewalls. In order to properly audit a firewall or router, we need to clearly understand the total information flow that is expected for the device. These diagrams will allow the auditor to identify what objectives the routers and firewalls are seeking to meet, thus allowing controls to be implemented which can be audited. Overall, this course will teach the student everything needed to audit routers and firewalls in the real world.

This course continues where Day 2 left off, extending network and perimeter auditing to internal system validation and vulnerability testing, helping network security professionals to see how to use the tools and techniques described to audit, assess, and secure a network in record time. Following a defense-in-depth approach, learn how to audit perimeter devices, create maps of active hosts and services, and assess the vulnerability of those services. The afternoon covers database security and auditing for MSSQL, MySQL and Oracle with hands-on exercises.

This course will demonstrate how to identify security weaknesses for web-enabled services that could be exploited by remote users, using publicly available software and manual techniques. It would be especially useful for those auditing, developing or managing the development of a web-based application.

Windows NT and 2000 machines make up a large part of the typical IT infrastructure. Quite often, these systems are also the most difficult to effectively secure and control. This is the key class to understanding what to look for on a compromised computer system and how to look for it. The course covers Windows NT and 2000 and the use of free and commercial tools to audit and assess a system.

Students will gain a deeper understanding of the inner workings and fundamentals of the Unix operating system as applied to Linux, bsd and Solaris. Explore, assess and audit Unix systems hands-on. Lectures describe the different audit controls that are available on standard Unix systems, as well as, access controls and security models. Although a Unix based or dual boot laptop is not required, please be sure to check the laptop requirements for the track in order to derive the greatest benefits from the experience!