A Step-by-Step Guide on How to Audit Your Network

Veronica Henry
Veronica Henry
Veronica Henry provided this guest opinion on behalf of GFI Software Ltd.

Organizations spend considerable time and money to establish security policies and practices. These policies include procedures to measure compliance and one of the most important tools in their arsenal is the security audit.

 

Auditors can be either internal staff or external service providers, but their purpose remains the same-to gauge compliance to internal policy and potentially, external regulatory dictates. It is a technical assessment, a snapshot of how security policy is being enforced. The review will likely uncover some compliance gaps. This shouldn't be viewed as a negative, but as an essential part of the process.

 

An audit is wide reaching and involves many resources, both technological and human, so management should ensure adequate time is allocated by key participants. Auditors perform their work using a variety of tools and processes, some manual and some automated. As the first thing you need to determine is the size and contents of the network, you typically begin with a site survey.

 

This will provide a thorough technical description of the network, hosts, connections, and the like. Next, you should review previous findings or historical data if it is available. Don't overlook the importance of this data, as it can provide valuable insight into lingering vulnerabilities.

 


The audit should then proceed with personal interviews. At this point, the audit will become more technical and will include vulnerability scans, followed by an examination of operating system and application system settings. To rate the controls, you should ask about topics including system management tasks/controls, access controls, system administration practices, external connections, remote access, incident and disaster recovery, backup procedures, passwords, logs, updates and patches and physical security controls.

 

The data gathered should be contrasted against the corporate security policy to measure compliance. Audits times vary from a week to as long as a month. Following the review, a final assessment report should be prepared. This report will detail findings and include the conditions tested, criteria used, the outcome and recommendations.

 

This report is a powerful tool, one that should be used to adjust system settings or update corporate policy. Auditing should be seen as integrated, recurrent task, essential to ensuring the security of your enterprise network.

 

This guest post was provided by Veronica Henry on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information about GFI network auditing software can be found at http://www.gfi.com/lannetscan/network-auditing-software.htm



Add Comment      Leave a comment on this blog post

May 17, 2010 6:04 AM Jim Laws Jim Laws  says:

Thanks for the useful article.

Reply
May 18, 2010 9:08 AM Mister Reiner Mister Reiner  says:

I would include an Internet Connectivity Audit (ICA) using something similar to this approach: http://misterreiner.wordpress.com/internet-connectivity-audit-ica/

Reply
May 18, 2010 9:39 AM Dave Jones Dave Jones  says:

Our advanced security team is focused on forensics, ethical hacking,  application, perimeter and penetration security testing. Coolcat performs a controlled hacking exercise or penetration testing against networks (wired and wireless) and application environments. This exercise often uncovers openings or flaws that was thought to be secure.

Coolcat leverage solutions from GFI to secure networks and to allow clients to more easily adhere to compliance objectives. Tools like GFI WebMonitor can be leveraged to not only shape the Social Engineering landscape but a combination of applications can be used to control the actual flow of information out of less traditional egresses; such as a fax machine being used to send social security numbers.

As our society becomes more dependent on information, the value of that information increases, not only to the businesses who own it, but to the criminals who wish to gain profit from stealing it.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data