Unlike an Information Security Analyst, to be a professional IT auditor, you are not strictly required to have an in-depth understanding of your operating system, nor do you need to be a hacker to be able to audit the files, folders and permissions on your network.
However, it is imperative that the auditor knows exactly what they are auditing, which does require a high level of technical knowledge. There are still a large number concepts and technologies which many IT auditing professionals are not aware of, which they really should be. Regardless of whether you are CISA or CISSP certified, it important that you have a profound understanding of the following:
- The difference between Windows domain user accounts (used to manage multiple computers), and local user accounts (used to manage one computer)
- The difference between local admin accounts and domain admin accounts, which have elevated access rights when using Active Directory.
- How Active Directory groups and permissions are used to control access
- The difference between share permissions and NTFS permissions
- The relationship between the network, applications and database, and how they interact with each other
- The importance of implementing a strict password policy, including the use of blacklists and expiration controls
- The difference between a security policy document and Windows security settings
- How password policies are implemented in different Windows domains
- How to map drives and network devices, and ping them by name and IP address
- How to determine a device’s IP address, network mask and gateway
- How to detect which DHCP and DNS server, your current device is using, on any given network
- Relational database theory and terminology, i.e. tables, views, instances etc.
- How to monitor system changes, which include changes to files, folders and permissions on your network
- How to create the audit reports necessary for management and compliance
- Configure URL rewriting (or URL manipulation), to implement URL mapping and routing on your network
- The use of wireless network scanners to find the best channel for your router on any operating system
- Configure wireless network cards and routers for Wi-Fi Protected Access (WPA)
- How to use data backup and recovery tools
This is just a basic list, but as you can see, there are a lot of things to consider. Many auditing professionals still rely on the raw system logs to audit system changes. However, this is a very cumbersome and archaic approach to auditing. These days there are a wealth of tools and technologies that can make this process a lot easier. For example, LepideAuditor allows you audit and monitor changes that take place across Active Directory, Group Policy, Exchange, SQL Server, SharePoint and File Servers. Such technologies make it a lot easier for administrators to determine ‘who, what, where and when’, changes are made.
On top of which, LepideAuditor can help administrators manage password expires, rollback changes, provide real-time threshold alerting, and is capable of generating over 270 reports, which can be used for system management and compliance.