Network Risk Assessment Tools

Using network risk assessment tools is the first step to building a strong defense is to understand where your defenses are currently weak and how you can strengthen them.

images.jpg

While it's vital that your organization regularly perform such audits of security policies and procedures, it's just as important to include a network risk assessment in this process.

External network risk assessment tools can be used in the first phase of identifying potential network security vulnerabilities on your organization's systems that are visible to the general public from the Internet. An internal assessment uses similar methodology, but you conduct it from the point of view of someone with access to the internal network.

Using a combination network risk assessment tools of various freeware and commercial techniques to evaluate your network offers a clear picture of the dangers the company faces. At the minimum, an effective network assessment testing methodology should address the following areas:

External network topology for improper firewall configuration

Router filtering rules and configuration

Weak authentication mechanisms (which could lead to a dictionary-based authentication attack)

Improperly configured or vulnerable e-mail and DNS servers

Potential network-layer Web server exploits

Improperly configured database servers

SNMP checks

Vulnerable FTP servers

Make a point of emphasizing systems that deliver content or services to the public Internet. Common delivery mechanisms are at a greater security risk of becoming targets for potential intruders and automated malicious software, including worm attacks due to increased accessibility and exposure. 

Your network risk assessment tools should include discovery, device profiling and scanning.

Discovery involves establishing a fingerprint of the target network segment. This should include all active device addresses and their associated TCP, UDP, and other network services accessible from the internal network.

During this phase, use both active and passive sniffers to collect network traffic for parsing and analysis. Information obtained through this method should include identification of active hosts, authentication credentials (such as username and password combinations), indication of potential computer worm and/or Trojan presence, and other vulnerabilities.

Using the information gathered during the discovery phase, you can analyze the list of accessible network services, Internet Protocol (IP) stack fingerprints, and known network architectures to identify potential roles and trust relationships each device plays in your network infrastructure.

Test each network service identified during the discovery and device profiling phases for known vulnerabilities. Vulnerabilities can fall into one or more categories. These include:

System compromise

Unauthorized data access

Information disclosure

Command execution

Denial of service (DoS)

After you've completed the first three phases of your network risk assessment, your final step is to attempt to exploit or validate all results from the vulnerability scanning phase. Tests and techniques applied during this stage of the assessment are often very specific to the potential vulnerabilities detected. This final phase of the assessment will generate the bulk of your results.

Assessing your network for potential risks and using network risk assessment tools is part of the responsibility of providing network services to your organization's users and customers. After you finish these steps, you should have an overall outlook on what type of cyber security your business needs. A professional will still want to go through your resources and do his own risk assessment.