While it’s vital that your organization regularly perform such audits of security policies and procedures, it’s just as important to include a network risk assessment in this process.
External network risk assessment tools can be used in the first phase of identifying potential network security vulnerabilities on your organizations systems that are visible to the general public from the internet. An internal assessment uses similar methodology, but you conduct it from the point of view of someone with access to the internal network.
Using a combination of network risk assessment tools of various freeware and commercial techniques to evaluate your network offers a clear picture of the dangers the company faces. At the minimum, an effective network assessment testing methodology should address the following areas:
- External network topology for improper firewall configuration
- Router filtering rules and configuration
- Weak authentication mechanisms (which could lead to dictionary-based authentication attacks)
- Improperly configured or vulnerable e-mail and DNS servers
- Potential network-layer Web server exploits
- Improperly configured database servers
- SNMP checks
- Vulnerable FTP servers
Make a point of emphasizing systems that deliver content or services to the public Internet. Common delivery mechanisms are at a greater security risk of becoming targets for potential intruders and automated malicious software, including worm attacks due to increased accessibility and exposure.
Your network risk assessment tools should include discovery, device profiling and scanning.
Discovery involves establishing a fingerprint of the target network segment. This should include all active device addresses and their associated TCP, UDP, and other network services accessible from the internal network.
During this phase, use both active and passive sniffers to collect network traffic for parsing and analysis. Information obtained through this method should include identification of active hosts, authentication credentials (such as username and password combinations), indication of potential computer worms and/or Trojan presence, and other vulnerabilities.
Using the information gathered during the discovery phase, you can analyze the list of accessible network services, Internet Protocol (IP) stack fingerprints, and known network architectures to identify potential roles and trust relationships each device plays in your network infrastructure.
Test each network service identified during the discovery and device profiling phases for known vulnerabilities. Vulnerabilities can fall in to one or more categories. These include:
- System compromise
- Unauthorized data access
- Information disclosure
- Command execution
- Denial of Service (DoS)
After you’ve completed the first three phases of your network risk assessment, your final step is to attempt to exploit or validate all results from the vulnerability scanning phase. Tests and techniques applied during this stage of the assessment are often very specific to the potential vulnerabilities detected. This final phase of the assessment will generate the bulk of your results.
Assessing your network for potential risks and using network risk assessment tools is part of the responsibility of providing network services to your organization’s users and customers. After you finish these steps, you should have an overall outlook on what type of cyber security your business needs. A professional will still want to go through your resources and do their own risk assessment.
