hands-on lab

Security Audit Techniques

Difficulty: Intermediate
Duration: Up to 1 hour and 10 minutes
Students: 757
Rating: 4.3/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

This Lab focuses on auditing the network security of Linux hosts. You will audit a Kali Linux host and an Ubuntu 8 host that is intentionally configured to be vulnerable to attacks. The techniques you learn apply to all modern distributions of Linux. By including the auditing techniques as part of routine system administration you can reduce the attack surface of your systems, potentially identify when systems have been compromised, and improve your overall security posture. 

The local network for this Lab is contained within a Hyper-V virtual environment. The hosts that you will audit are virtual machines running in the Hyper-V environment.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Perform network security audits of Linux systems
  • Understand how to construct commands specific to your auditing needs
  • Generate summary reports of system-wide network socket usage
  • Identify network sockets being used by specific processes and connections

Lab Prerequisites

You should be familiar with:

  • TCP and UDP network protocol basics

You can fulfill the prerequisites by completing the OSI and TCP/IP Networking Models Course.

 

Updates

July 9th, 2020 - Enabled direct browser RDP connection for a streamlined experience

Environment before

Environment after

Covered topics

Lab steps

Auditing Network Socket Statistics with ss
Using ss to Audit a Highly Vulnerable System