IT Audit Training

Why 3 courses on Windows and Active Directory?

Randy offers 3 difference courses because the Windows/Active Directory environment really requires 3 different infrastructure type audits.

Active Directory

First, Active Directory is a foundation technology that has connections to much more than just your Windows systems. AD provides centralized authentication and authorization (aka identify management) for not just your Windows servers and workstations but increasingly for the critical applications, databases and even other operating systems on your network. A security vulnerability somewhere in Active Directory constitutes a vulnerability to every system, application and database that is integrated with and depends on Active Directory. As such AD requires a focused audit methodology that takes into account the wide reaching impact of controls or lack thereof on this critical technology. Click here to learn about Audit and Assessment of Active Directory.

Windows Server

Second, the Windows servers on your network host critical information, applications and processes. Even if Active Directory is secure, that's absolutely no guarantee your Windows servers are secure. Each Windows server has a host of security settings and controls that must be locked down. Moreover, there are a number of administrative pitfalls such as the use of local accounts that frequently open vulnerabilities on specific servers. Therefore the Windows servers - at least those critical to the organization - must be audited. No matter what application and database level controls are present information is only as secure as the operating system where it's stored and processed. Click here to learn about Audit and Assessment of Windows Server.

Windows Workstations

Finally, workstations require an audit adapted to the very different environment of an end-user's desktop or notebook. Yes, Windows workstation operating systems such as Vista and XP are essentially the same OS as that of Windows Server 2000, 2003 and 2008. However the environment, risks and dynamics are very different. Workstations deal with much more content from the Internet, face a much wider array of software and usage scenarios by end-users. All of this means that the risks and controls relevant to workstations are much different than for servers. And contrary to common perception, workstation security is just as important as server security - at least for user with privileged access to critical information. If an intruder or malware can take over a Purchasing Agent's workstation that intruder or malware now has access to everything on the network that the normal end-user can access - including applications, file shares and databases. The fact that this comes as a surprise to many demonstrates the value of the Audit and Assessment of Windows Workstations course.

Upcoming Webinars

Additional Resources

Training

•	Audit and Assessment of Active Directory
•	Audit and Assessment of Windows Server
•	Audit and Assessment of Windows Workstations

Follow @randyfsmith

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2012 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.