Monday, March 28, 2011

Network Security Audit – The Benefits

Network security audit, also known as network security assessment, refers to the process of determining the security shortcomings on your network. The process is critical for a business because sensitive or critical information on a network cannot be adequately protected if you do not know what type of vulnerabilities or security holes exist on the network.

Security auditing and assessing of your network is not a one-time event. Security assessments should be ongoing because networks are constantly changing as new devices are added, configurations are changed, and software is updated. With any type of security assessment, the network layout must first be determined. The network security audit must accurately determine the extent or topology of your business network. This is includes the type of devices, the operating system in use on the devices, and what updates that have been applied. Also, you must determine what the critical information assets are and where they are located on the network.

Without this information, a network security audit is of little value because you cannot be sure to have completed a security assessment of the whole network or that you have evaluated the most critical components of the network where the most sensitive information is stored and accessed. Of course, there is much more to performing a network security audit, but these few elements are essential to make a proper evaluation of your corporate network’s security.

Benefits of Network Security Audits

Network security audits help identify vulnerabilities on your network and network devices including:

  • Running services – Any service that is running on a network device can be used to attack a system. A solid network security audit would help you identify all services and turn off any unnecessary services.
  • Open ports – A network security audit will help you identify all open ports on network devices and, just like running services, all unneeded ports should be closed to eliminate the possibility of being used to attack a network device.
  • Open Shares – Any open share can be exploited and should not be used unless there is some essential business purpose for it.
  • Passwords – Assessments/audits should evaluate the enterprise password policy and ensure that the passwords used on the network devices meet the business password policy of password strength, frequent change, and other requirements.
  • User Accounts – During the audit, you must determine which user accounts are no longer being used so they can be removed or disabled. Unused user accounts allow for someone from inside or outside the network to attack and take over the account or may be an indication of a successful attack of the network.
  • Unapproved Devices – Unapproved or unknown devices such as iPods, Smart Phones and Wireless Access Points installed on your network must be detected in an audit. Any or all of these, as well as other devices, can be used to attack the network or steal data off the network.
  • Applications – The type of applications being used on a system should be identified during this process. If any dangerous applications are found running on a system, they should be removed. Also look for software programs that run automatically because they can be an indicator of a malware infection.

Security audits should be done on an ongoing basis. Without recurring security audits or assessments, these new vulnerabilities may not be discovered and patched to keep the computer system secure. Also, such audits should not be done manually because if administrators fail to apply certain scans, vulnerabilities in the operating systems or in installed applications can be exploited.

Using vulnerability scanners makes the task of a security audits or assessments much easier and safer. These tools automate part of the process and allow administrators to analyze the results and determine what issues should be addressed first and in which priority the other security issues should be handled.

By identifying these types of vulnerabilities on an ongoing basis, you will be adding an extra layer of protection to your network. Because network security applications and services are constantly being updated, it is of great importance to apply one of the latest security scanners and use it on an ongoing basis, together with the expertise of knowledgeable security staff to evaluate the status of your network security.

About The Author

This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software