Home > Ask the Information Security Experts > Network security threat management Questions & Answers > What to look for in a network security audit
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

What to look for in a network security audit

Peter Wood EXPERT RESPONSE FROM: Peter Wood

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Enterprise IT tips and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 09 October 2009
What information should I look for when I do a network security audit?

This is a short question with a potentially huge answer!


>
A thorough network security audit would start with a network discovery exercise, using a tool like SolarWinds Inc.'s Network Sonar to identify all the devices on the network. This would be followed by a common port scan of the identified devices, using Nmap or SuperScan to look for unused services and locate admin interfaces on devices such as routers, switches, access points, etc.

Next, I would run authenticated vulnerability scans against a representative selection of devices -- the QualysGuard appliance is excellent for this, but Nessus and other scanners provide a good alternative, providing they are configured correctly (beware of causing denial-of-service or other outages).

Lastly, I would compare system configurations with best practice, again for a representative selection of devices, using manual techniques. Best practice will depend on the systems you are using (Cisco vs. Microsoft vs. Unix, etc.). Generally, I advise people to look at the National Security Agency (NSA) and Center for Information Security (CIS) standards documents, although some of their more rigorous settings may need to be relaxed for some commercial environments.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Threat and Vulnerability Management
Social networking: Workplace productivity, security no match for Facebook
McAfee-Intel: Why the McAfee acquisition is being met with scepticism
Network security 101: Default router settings, network hardening
Network security 101: Password policy best practices, security documents
Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
ISACA issues mobile smartphone security policy guidance
Zeus Trojan: Data-stealing malware transfers £675,000 from UK bank
Survey: Web 2.0 security issues cause concern
Spy recording devices can be thwarted by portable USB security policy
Microsoft issues temporary fix for Windows Shell zero-day

Network Security Monitoring: Tools and Systems
Network security 101: Default router settings, network hardening
Network security 101: Password policy best practices, security documents
Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
First of data loss prevention vendors touts downloadable DLP software
Law firm security gets positive verdict with UTM device
Database activity monitoring technology vs. SIEM tools
Security event log management streamlines netsec for call centre
Single sign-on technology for health care helps medics roam securely
Considerations for buying and implementing DLP solutions 2
Amid high network security cost, organisations explore internal savings

Network security threat management
Database activity monitoring technology vs. SIEM tools
Is it enough to analyse log files, or is an IDS necessary?
How to address a spike in TCP and UDP flows
How secure are extended validation SSL certificates?
What should happen to users and devices that fail NAC policies?
When to use a unified threat management system
Cloud computing network security best practices
When IT security costs are cut, which security product is a must?
What considerations should be made when outsourcing IT infrastructure?
When running Wireshark, will adding a switch stop packet sniffing?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Centre for the Protection of National Infrastructure  (SearchSecurityUK.com)
Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary







Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Access Management: Authentication, Biometrics, Password Security
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008 - 2010, TechTarget | Terms of Use | Read our Privacy Policy 		  TechTarget