• Home
• Topics
• Network Security Management
• Threat and Vulnerability Management
• What to look for in a network security audit

What to look for in a network security audit

Next, I would run authenticated vulnerability scans against a representative selection of devices -- the QualysGuard appliance is excellent for this, but Nessus and other scanners provide a good alternative, providing they are configured correctly (beware of causing denial-of-service or other outages).

Lastly, I would compare system configurations with best practice, again for a representative selection of devices, using manual techniques. Best practice will depend on the systems you are using (Cisco vs. Microsoft vs. Unix, etc.). Generally, I advise people to look at the National Security Agency (NSA) and Center for Information Security (CIS) standards documents, although some of their more rigorous settings may need to be relaxed for some commercial environments.

Dig Deeper

This was first published in October 2009

More from Related TechTarget Sites

• Networking UK
• Virtual Data Centre
• Data Management UK
• Security
• Cloud Security
• Security IN

• Networking UK

  • UK Networkers should gear up for mobility implementations in 2012

    Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.

  • Cloud gets vote of confidence from UK buyers in 2012 IT priorities

    The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.

  • UK networkers look to wireless networks and IP telephony for 2012

    Wireless networks and IP telephony are set to be the most common networking initiatives implemented by UK users in 2012, according to TechTarget’s 2012 IT Priorities Survey

• Virtual Data Centre

  • Palmer's College scores on virtualisation, data centre consolidation

    Palmer's College's virtualisation and data centre consolidation project did not just improve IT efficiency and scalability, but also saves on data centre cooling costs.

  • How IT can convince stakeholders of the value of technology projects

    IT professionals must take data centre measures to convince stakeholders of the business value of technology projects. This will help IT emerge as a valuable business resource.

  • Virtualisation, cloud and compliance are top priorities for IT in 2012

    A TechTarget study finds that IT pros’ main priorities for 2012 are virtualisation, cloud computing and compliance. Experts show how they can carry these out with limited budget.

• DataManagement UK

  • Gartner: Business, analytics fail to connect, mobile BI gets real

    Gartner’s BI London summit will show a landscape beset by strategic misalignment, intra-organisational struggle and weak cloud adoption. Yet mobile BI is becoming a reality.

  • 2012 training courses: BI, data management, data warehousing

    Find out where to hone your business intelligence, data management and data warehouse skills with this list of training courses for 2012.

  • Deloitte spots analytics trends, ethics and open data

    Deloitte identifies four analytics trends: an increased focus on ethics, the rise of open data, new business models and a refusal to do analytics for its own sake.

• Security

  • Adobe makes pitch for defensive security research to cripple exploit writing

    Adobe security and privacy director Brad Arkin urges the security industry to focus on the latest exploit techniques and develop mitigations that make exploit writing costly.

  • SEC filing: VeriSign security breach in 2010 was limited, execs say

    In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems.

  • Can a computer security researcher go too far?

    An examination of three cases illustrates that it’s not always a clear case of good vs. evil.

• Cloud Security

  • SaaS security: Weighing SaaS encryption options

    A look at SaaS encryption techniques and challenges.

  • Panel debates cloud computing governance issues

    Problems with data governance in the cloud aren’t much different than traditional outsourcing.

  • The proposed EU data protection regulation and its impact on cloud users

    Cloud customers and cloud providers would face stricter data security requirements under draft European regulation.

• Information Security

  • Apple updates OS X Lion to 10.7.3, releases Snow Leopard security fix

    Releases next major update to OS X Lion; pushes out security-only updates to Snow Leopard and other Apple software.

  • Symantec issues new pcAnywhere security guide following flaw resolution

    Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks.

  • IBM enters mobile device management market via BigFix integration

    Beta version of IBM Endpoint Manager for Mobile Devices supports Apple iOS, Google Android, Symbian and Microsoft Windows Phone devices.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map