The network security assessment is a comprehensive analysis of an organization’s computing infrastructure that an IT security professional performs to identify vulnerabilities and risks. To perform a proper assessment, a variety of common survey tools and techniques are used to gather information about operating systems, applications, and network devices. A security professional assigned to evaluation performs a scheduled attack on the designated organization that attempts to gain administrative control over servers and other devices without being detected.
The purpose of any network security Indianapolis estimate is to uncover vulnerabilities and define a general security rating for organizations. Within the security rating matrix, five ratings can be attributed to the overall security situation. The high-risk rating reveals serious vulnerabilities that can be easily exploited and significant shortcomings in design, implementation or management. This medium and high-risk rating reveals weaknesses with a moderate potential for exploitation and multiple designs, implementation or management deficiencies.
The moderate risk rating reveals weaknesses with a moderate potential for exploitation and at least one deficiency in design, implementation or management. A high-risk rating reveals weakness with a low likelihood of exploitation and slight design, implementation or management deficiencies. The low-risk rating determines that no security holes or deficiencies in design, implementation or management have been found and that all patches and service packs have been applied correctly.
The evaluation focuses on several key areas; I will briefly identify each of the 19 components.
The physical security review primarily focuses on IT assets such as server rooms, wiring lockers, telecom rooms, and public spaces. Network management and monitoring focus on managing and monitoring the tools required to maintain a secure network. A firewall review requires an IT security professional to investigate firewall implementation, including rules and ongoing monitoring and evaluation of security vulnerabilities.
Authentication focuses on the access control mechanisms that secure the network, such as usernames and passwords. The file system review focuses on the structure of network shares and the mechanisms in place to ensure the integrity and confidentiality of the information stored on these devices.
A quick review of remote access to a corporate network is essential along with a review of VPNs. Network security or the protocols used to enable communication on the network, such as the IP protocol that enables computers to communicate over the Internet, should also be reviewed. This component also deals with local area network switches, VLANs, and routers.
Host security focuses on the server and workstation operating systems, while Content Inspection reviews content controls and scanning mechanisms. This component covers URL blocking, ActiveX blocking, malicious code scanning, and end-user auditing.
A scan is implemented to identify and support the protection of any wireless computer networks. Anti-virus and malicious encryption systems are reviewed; Including desktop computers, servers, email, web, and FTP systems. Intrusion detection/prevention systems are also analyzed.
The vulnerability assessment reviews the vulnerability management processes and tools, followed by an examination and scanning of both a Wide Area Network (WAN) and a Local Area Network (LAN).
An analysis of Internet traffic is created using a network sensor to analyze traffic to and from the Internet. Finally, the documentation of processes and procedures related to network configuration, management and security are reviewed, and policies related to the computing environment are reviewed and registered.
Once the basic components of a network security assessment are completed, three documents are compiled and presented to their intended audience. The first document is a written executive summary for senior management. This section briefly describes the evaluation process, key findings and priority action items list. The second document is a technical executive summary containing technical details; This section summarizes the findings and assigns a rating from the classification matrix to each major evaluation area.
A management response section is included for each area and the IT personnel are intended to respond to the findings. The last document provides detailed results; This is where the observations, implications, and recommendations for each of the key evaluation areas are documented. Typically, diagrams, tables, Survey Tool output, procedures, and detailed technical instructions are also found in this section.