Overview

Focus on some of the most sensitive and important parts of our information technology
infrastructure: routers and firewalls. In order to properly audit a firewall or router, we need to
clearly understand the total information flow that is expected for the device. These diagrams will
allow the auditor to identify what objectives the routers and firewalls are seeking to meet, thus
allowing controls to be implemented which can be audited. Overall, this course will teach the
student everything needed to audit routers, switches, and firewalls in the real world.
Functions of a router, architectures, and components
How a router can play a role in your security infrastructure
Router technology, a TCP/IP perspective
Understanding the auditing issues with routers
Sample router architectures in corporate WANs
Detailed audit of a router
Security access controls performed by a router
Security of the router itself and auditing for router integrity
Identifying security vulnerabilities
Audit steps over routers
Sample audit outputs
Auditing switche
Layer 2 attacks
Audit steps for a switch
Testing the firewall
OS configuration
Firewall configuration
System administration
Testing the firewall rulebase
Identifying misconfigurations
Identifying vulnerabilities
Packet flow from all networks
Change control
Testing third party software
Encryption
Authentication
Virus scanning
URL redirection
Reviewing logs and alerts
Review IDS systems
Firewall logs
Firewall alerts
The tools used
Router Audit Tool (RAT)
Scanning tools for UNIX and Windows such as Nmap
Packet-building tools for UNIX and Windows such as -Hping2 and Nemesis
Sniffers such as Wire Shark
IDS Auditing Tools such as Fragroute