All programs AuditWorld 2015 BankAudit 2015 Cloud Security World 2015 Cyber Security World 2015 InfoSec World 2015 Conference & Expo ITAC 2015 SuperStrategies Conference & Expo 2015 Threat Intelligence Summit 2015
All programs The Audit Directors' and Managers' Symposium The Audit Leadership Institute The CAE Master's Program
     Conferences      Seminars      Symposia      Webinars      Online Self Study      Executive Dinners      Training Weeks      In-House Training      Certificate Programs      Exhibiting Info      Ways to Save      Request Info      Event Downloads      White Papers      Call for Instructors      Contact MIS      Site Map
Internal Audit IT Audit Info Security
Internal Audit IT Audit Info Security
Audit and Security Of Unix - ASO311  Hands-On In-House Only 
A Five-Day, Hands-On Crash Course on Controlling and Securing Unix
Learning Level: Advanced
CPEs: 40 Fee: $0.00
Focus and Features Agenda Who Should Attend
Focus and Features

ďVery detailed. The workshops were great. One of the best trainings Iíve been to.Ē
                                    -Holly Robins, Senior Technology Consultant, Protiviti

Unix is still the most popular operating system for critical and high-volume  applications.  The number of servers running Unix-based systems such as AIX,  Solaris, HP-UX and Linux increases daily. For many enterprises, these systems donít just support the business they are the business. On its own, a newly  installed Unix system is no more a security risk than other system of its genre.  But as we add users, network services, applications, and customizations for administrative support, we also add the possibility of mistakes and configuration errors that can turn the system into a security nightmare. 

In this hands-on, five-day seminar you will go through the steps to take to  audit and analyze the security of a Unix-based system. You will begin by  reviewing a typical Unix system that has been salted with common configuration  errors for you to discover. You will evaluate the systemís user access controls, examine standard system logs, analyze the effect of file and directory  permissions, search for special files that allow users extended capabilities, and evaluate the risks of system processes. You will learn how to use the Unix  shell, the standard user interface, to navigate the system, test file and  directory access controls, access and manage files, use the system search tools,  and capture evidence with shell redirection.  So that you can review shell scripts that control many of the operations of a Unix-based server, youíll cover  the basics of shell programming. 

Since servers use network interfaces to provide their service, you will also learn how to review Unix network control files and evaluate the risks of  selected common network services. You will explore add-on security tools and conduct a head-to-head comparison of the key features and capabilities of each of the major Unix-based operation systems, including Solaris, AIX, HP-UX,  Tru-64, and the most popular Linux varieties.

After each section you will perform a hands-on exercise to allow you to  investigate the settings on our sample server. After each exercise, the seminar  leader will review the class findings and go over the possible system risk that  each issue represents. When applicable, the instructor will demonstrate how some of these common errors can be used to successfully attack the system. A hand-out on each issue will provide you with valuable information on the findingís risk, severity, and recommended solution.

You will return to your office with the know-how to set up, manage, and maintain an enforceable Unix security policy, and with a thorough audit approach for securing Unix-based operating systems.

Prerequisite: Information Security Boot Camp (ISG291), Network Security Essentials (ASG203), or equivalent experience. 
Advanced Preparation: None
Learning Level: Advanced
Delivery Method: Group-Live
Field: Specialized Knowledge & Applications

For questions about your registration, government and team discounts, or multiple registrations, please call Linda Ronconi at (508) 879-7999, ext. 501 or e-mail

This seminar is available in-house. For more information about bringing this or other MISTI seminars to your organization, please call Mimi Hatch at (410) 692-2465 or e-mail