LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Network Security Audit (Part I) Print E-mail
User Rating:      How can I rate this item?
Features "Information for the right people at right time and from anywhere" has been the driving force for providing access to the most of the vital information on the network of an organization over the Internet. This is a simple guide on conducting a network security audit, This article contains points for conducting an audit.

This of course has led to the situations where this valued information falls into the hands of wrong people. This may be because of a bug/vulnerability in the application software which provides these data access from the Internet, Misconfiguration by the administrator/vendor, or due to Negligence from the Management.

Whilst we are talking about access from Internet. Most of the surveys indicate that breach attempts are considerably high from Internal users. So a security policy is the most basic need for the Network security. This requires reviews and redefining policies according to the changing business environment. So security policy definition requires an understanding of the environment, Loop holes in it and the steps need to be taken to check these loop holes. Hence this starts with a network audit.

This is a simple guide on conducting a network security audit, This article contains points for conducting an audit (of course I too have learned it from many an experts articles on the net and experience). This first of the series (may be, many to come. If u guys really want to hear from me.) doesn't' get into the core of each of the aspects, this will generally outline the things to be kept in mind while conducting a Network security audit. May be you guys let me to put my ideas in my future writings.

General assumption of (and wrong) Network security audit is limited to determination of the services available on the network for access. No, it doesn't, A Network security audit should address all the concerned areas that are listed in this article and if possible more (Don't forget, the more steps you take for preventing, the more secure it gets. So don't stop at this, keep on doing it better.....).

So the minimal aspects to consider are.

Management

The Audit should cover a questionnaire to the Organization's management to know about seriousness about its Information Security. The questionnaire should be able to collect a considerable amount of information like say,

    1. Is the Management of the organization serious about the Information security requirements.

    2. Any established procedure exists for reporting security breaches or attempts of security breach.

    3. Review of Security controls

    4. Life Cycle, Etc., .............

Administration

Knowing Administration controls helps in understanding the kind of protection of data has and that the security deviations are detected and corrected. Attempts to be made to understand the security implications that the following might have,

    1. Backup and Disaster Recovery.

    2. Response to Intrusion Detection

    3. Response to Virus/Trojans

    4. Grant/Change/Removal of Privileges

    5. Documentation

    6. Log reviews

    7. Changes in Network

    8. Software License compliance, Etc., .................

LAN Security

Get an understanding of the LAN configuration, the number of users on the LAN, the general use of the LAN. Audit on,

    1. Protection against Viruses, Trojans, etc.,

    2. Communication controls

    3. Acquisition

    4. TCP Ports

    5. Firewall/ACLs

    6. Application Finger printing

    7. Lan Access policy, Etc., .........

Access Control

Determine the access control mechanism for users to access various resources across the network. Some times:

    1. Authentication, Requests, Duties

    2. User guidelines

    3. Password policy

Operations

    1. Physical Security

    2. Contingency planning

    3. Training

    4. H/w and S/w maintenance


Now that we have outlined the aspects of Assessing, Lets look into the each of these in as much detail as possible.


Management :

What is the necessity or things that are to be checked in the Organization's Management? What does it take care of? These are some of the questions arise when we say about Assessing the Organization's Management. I will try to justify as much as possible.


The first thing to look up for would be to analyze weather the management has taken the issue of Information security seriously, this can be accessed by knowing,

  1. Is there procedure/guideline specified for acquisition and installation of LAN peripherals/accessories etc.,?

  2. Are the users been notified about the security concerns, terms of use of systems and network access, Limitations and Proceedings in case of breach of security policy. Have the users been notified about their tasks?

  3. Are the users been notified about their emails being monitored (in case if it is)?

  4. Is the procedure to formally report security breaches in place?

  5. Are the findings of Audit and/or inspections reported to management?

  6. Are emergency and disaster procedures established with well defined tasks and responsibilities?

  7. Is there a proper backup plan in place so that the operations can return to normal in case of the installations being completely damaged? Are these plans tested ?

  8. Does the organization's management taken care of forbidding Software Piracy and informed to the PC users?

  9. Are there proper inventory controls for the software and hardwares?

  10. Does the users know who is in charge of the security and how to get in touch with him when required to?

  11. Is the security policy scrutinized every so often (is the life cycle of the security policy determined)?

  12. Are the necessary corrective actions taken/granted on each of the weakness found?


The more precautions/interest taken by the management shows the Management's seriousness about the organization's information security and makes the users feel that they will be liable for any harm/loss caused by them. Thus the management should provide the basic foundation.


A organizations failure of IT security is because it's involvement is more reactive one rather than being a pro-active one. Often the vulnerabilities are closed only after those weaknesses have been exploited after an attack, at the cost of time, data, and money. Very few organizations take pro-active steps on evolving a security policy and strategies. So keeping up to date with the organization's security strategies by the management is very important.


Administration

An effective network administration ensures the continued availability and protection of data as desired by the organization's management. Its very important to have a good network administration team as they are the key peoples when comes to actual implementation of the security policies, Disaster recovery plan, etc., Hence the administration should see that


Setup of Servers:

  1. Make sure that the applications available on the network are not misconfigured.

  2. The applications are patched/updated very frequently as and when available.

  3. Keep track of various Vulnerabilities, Backdoors, Viruses on the move and the solution to these.

  4. Virus protection both at Mail server/gateway and also at the user's desktop level should be taken care of

  5. Servers should conduct proper identification and authentication of users before being granted access.

  6. Does the Server setup conducts proper authentication to suit the risk associated with their access?

  7. Is proper encryption enabled for data transfer (Where ever required)?

User access to applications:

  1. User management like adding, deleting, modify, disabling, enabling user IDs and setting proper guidelines to the users on password choosing, periodically changing the password, granting and revoking of access rights as required, etc.,

  2. Formal procedure for seeking/change in access and getting formal approval for it from the management.

  3. Periodically Track/Analyze the user requests, Accesses made like time and duration of the access and if possible the kind of data sought by the user etc.,

  4. Periodically review the user access to the system.

  5. Document any anomaly in user access, etc., Report it to the management for action if required.

  6. Protecting Top secret applications meant for access only by the privileged of the users, and proper grants to its access. Take note of failed login attempts periodically and verify with the concerned.

  7. Procedure established to deal with Repeated attempts by a user to gain unauthorized access to these resources.

  8. Check for un-authorized use of external storage devices like Floppies, CD-ROMS, etc.


Apart from these checks, other checks should be performed regarding the way the data handling and data exchanges are made. If Third party data access is allowed (Clients/Business partners/etc.), are there proper control on their access, identification and Authentication? Is it possible to identify and track all the assets (ease of it determines the quality)? Are development systems separated from the operational systems? Is the security of media on the move established? Are the system clocks synchronized? And many more aspects.


Comments
LecturerWritten by Imran Daud on 2006-12-29 06:49:05
Thanx for providing such informative document. I'll suggest you to add more security steps needed for any security audit. like physical security, passwords, serve security, user security etc 
Regards 
Imran Daud 
How about specific tools?Written by Sarah on 2007-04-12 08:02:03
Very informative content indeed. Though I think it's also good to add that there are various software tools out there which can help out in network security audits and also automate some of the tasks involved. Tools such as GFI LANguard, StealthAUDIT and NSauditor can aid network admins greatly.
studentWritten by sachin bhat on 2007-05-04 05:46:18
thanx for providing such valuable information. i am really gratful to you. i am management student from mumbai, india.
Written by SHALB on 2009-02-16 12:18:43
As for me you could use all kinds of paranoia to prevent security issues but, what about social security. We cant keep out of mind that social aspect of security.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.