hands-on lab

Security Audit Techniques

Up to 1h 10m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


This Lab focuses on auditing the network security of Linux hosts. You will audit a Kali Linux host and an Ubuntu 8 host that is intentionally configured to be vulnerable to attacks. The techniques you learn apply to all modern distributions of Linux. By including the auditing techniques as part of routine system administration you can reduce the attack surface of your systems, potentially identify when systems have been compromised, and improve your overall security posture. 

The local network for this Lab is contained within a Hyper-V virtual environment. The hosts that you will audit are virtual machines running in the Hyper-V environment.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Perform network security audits of Linux systems
  • Understand how to construct commands specific to your auditing needs
  • Generate summary reports of system-wide network socket usage
  • Identify network sockets being used by specific processes and connections

Lab Prerequisites

You should be familiar with:

  • TCP and UDP network protocol basics

You can fulfill the prerequisites by completing the OSI and TCP/IP Networking Models Course.



July 9th, 2020 - Enabled direct browser RDP connection for a streamlined experience

Environment before

Environment after

About the author

Logan Rakai, opens in a new tab
Lead Content Developer - Labs
Learning paths

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics

Lab steps

Auditing Network Socket Statistics with ss
Using ss to Audit a Highly Vulnerable System