Course Information
Linux as an Audit Target...and as an IT Audit Tool
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Since its inception in the early 1990’s, Linux has made increasing inroads into the production IT server environments in many organizations, often taking the place of legacy Unix and mainframe systems, as well as, proving to be a cost-effective solution to Windows server. The open source foundation of Linux offers many cost savings and flexibility benefits… but also “The Penguins” bring along some significant risks to the party. Linux, especially Ubuntu variants, have emerged as often the preferred vulnerability testing and forensics testing workstation platform of choice – making it an attractive option for cost conscious Information Security and IT Audit professionals. In this pragmatic seminar, we will identify the important Unix/Linux security controls, best practice for secure configuration, and tools and techniques on how to audit Linux and other Unix variants. Additionally, we will demonstrate methods to build inexpensive Linux based IT audit workstations and self-booting Linux media.
Course Objectives
Upon completion of this course, participants will be able to:
· Understanding the architecture of Linux file systems
· Identifying and auditing Linux logical access control points
· Leveraging open source Linux software for IT audits
Introducing the Linux Software Architecture
· Overview of Linux variants and their positioning for server and workstation applications
· Understanding the architecture of Linux file systems
Identifying Linux Security Controls and How to Audit Them
· Identifying and auditing Linux logical access control points:
o User accounts and groups
o Password policies
o Data access authorization and file security
o TCP/IP applications
o System integrity: root account controls, SETUID/SETIG program controls, file integrity monitoring, SELinux
o Security event (audit) logs
· Evaluating Linux change control and patch management
· Learning simple Linux/Unix commands and associating scripting procedures to collect audit evidence from Linux systems
Building Linux-based IT Audit Workstations
· Leveraging Kali and other open source Linux software for IT audits
· Installing Linux system software and audit tools on different types of desktop and portable devices
· Creating self-booting Linux media
Sources of Additional Unix/Linux Information and Tools
Instructors
Ken Cutler is a Senior Teaching Fellow with CPEi, specializing in Technical Audits of IT Security and related IT controls. He is the President and Principal Consultant for Ken Cutler & Associates (KCA) InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. He is also the Director – Q/ISP (Qualified Information Security Professional) programs for Security University. An internationally recognized consultant and trainer in the Information Security and IT audit fields, he is certified and has conducted courses for: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and CompTIA Security+. In cooperation with Security University, he recently was featured in two full length training videos on CISSP and Security+.
Ken was formerly Vice-President of Information Security for MIS Training Institute (MISTI), Chief Information Officer of Moore McCormack Resources, a Fortune 500 company. He also directed company-wide IS programs for American Express Travel Related Services, Martin Marietta Data Systems, and Midlantic Banks, Inc. Ken has been a long-time active participant in international government and industry security standards initiatives.
He is a prolific author on information security topics and has been frequently quoted in popular trade publications, including Computerworld, Information Security Magazine, Infoworld, Information Week, CIO Bulletin, and Healthcare Information Security Newsletter, and has been interviewed in radio programs My Technology Lawyer and Talk America.
Ken received Bachelor of Science degree in Business Administration and Computer Science degree from SUNY Empire State College. He received a Bachelor’s of Science in economics from the University of Massachusetts and a Masters in Public Administration (MPA) with a major in Finance from Suffolk University. Ken is a Certified Governmental Financial Manager, Certified Information Systems Auditor, Certified Information Security Manager, Certified Fraud Examiner, Certified Quality Assurance specialist, and Certified in the Governance of Enterprise IT.
Additional Information
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.
Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.
You might want to bring a light sweater or jacket, as room temperatures vary.
To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.