Using network risk assessment tools is the first step to building a strong defense is to understand where your defenses are currently weak and how you can strengthen them.
While it's vital that your organization regularly perform such audits of security policies and procedures, it's just as important to include a network risk assessment in this process.
External network risk assessment tools can be used in the first phase of identifying potential network security vulnerabilities on your organization's systems that are visible to the general public from the Internet. An internal assessment uses similar methodology, but you conduct it from the point of view of someone with access to the internal network.
Using a combination network risk assessment tools of various freeware and commercial techniques to evaluate your network offers a clear picture of the dangers the company faces. At the minimum, an effective network assessment testing methodology should address the following areas:
External network topology for improper firewall configuration
Router filtering rules and configuration
Weak authentication mechanisms (which could lead to a dictionary-based authentication attack)
Improperly configured or vulnerable e-mail and DNS servers
Potential network-layer Web server exploits
Improperly configured database servers
Vulnerable FTP servers
Make a point of emphasizing systems that deliver content or services to the public Internet. Common delivery mechanisms are at a greater security risk of becoming targets for potential intruders and automated malicious software, including worm attacks due to increased accessibility and exposure.
Your network risk assessment tools should include discovery, device profiling and scanning.
Discovery involves establishing a fingerprint of the target network segment. This should include all active device addresses and their associated TCP, UDP, and other network services accessible from the internal network.
During this phase, use both active and passive sniffers to collect network traffic for parsing and analysis. Information obtained through this method should include identification of active hosts, authentication credentials (such as username and password combinations), indication of potential computer worm and/or Trojan presence, and other vulnerabilities.
Using the information gathered during the discovery phase, you can analyze the list of accessible network services, Internet Protocol (IP) stack fingerprints, and known network architectures to identify potential roles and trust relationships each device plays in your network infrastructure.
Test each network service identified during the discovery and device profiling phases for known vulnerabilities. Vulnerabilities can fall into one or more categories. These include:
Unauthorized data access
Denial of service (DoS)
After you've completed the first three phases of your network risk assessment, your final step is to attempt to exploit or validate all results from the vulnerability scanning phase. Tests and techniques applied during this stage of the assessment are often very specific to the potential vulnerabilities detected. This final phase of the assessment will generate the bulk of your results.
Assessing your network for potential risks and using network risk assessment tools is part of the responsibility of providing network services to your organization's users and customers. After you finish these steps, you should have an overall outlook on what type of cyber security your business needs. A professional will still want to go through your resources and do his own risk assessment.