Generally networks are patched only when it has been already exploited, only because the administrator doesn't know about the vulnerabilities present in the network before hand. Vulnerabilities present in each host of the network can be identified only by performing intense Network Auditing. This auditing gives a report which helps the administrator to do proper patching accordingly.
Network Auditing tells how the confidentiality, integrity and availability of an organization's information are assured. In recent years there has been immense proliferation of enterprise local area networks and they are becoming increasingly vulnerable to attacks. Thus, there is a serious need to secure such networks from attacks. Usually an attacker can penetrate into a network by utilizing a chain of exploits. An exploit is a small piece of code that makes use of vulnerabilities present in a service or in a system. Each exploit in the chain has a set of preconditions and effects and lays the groundwork for the subsequent exploits. So it is highly recommended that your network must be regularly audited in order to enhance your network efficiency.
What is Network Auditing?
Every network audit needs to obtain certain information and understanding of the network that is under review to proceed with the audit of network security.
This information gathering can be done in the following steps and sequence:
Every network audit needs to obtain certain information and understanding of the network that is under review to proceed with the audit of network security.
This information gathering can be done in the following steps and sequence:
- What is the network? - The first step is determining the scale of the network. This is generally done by examining the topology of the network. The network topology is basically a map that shows all the routes available on the network. The key factor to worry about in the diagram is its accuracy. Large networks evolve and change constantly with changing business needs and a diagram that is not updated is useless. The auditing ascertains about the processes that exist in the organization to update and maintain the network diagram accurately. The use of a software tool to generate this network topology ensures some degree of accuracy. In any network, there will be locations where there is a concentration of resources, such as a data center where ERP servers, mail servers, etc., are hosted and many points such as manufacturing plants, sales offices etc., from which these resources are accessed. While smaller networks may have only one such location, complex networks may have many hosting points where critical resources are located. The network diagram could also provide input on the type of devices and protocols used on the network. The network diagram and its details provide the most important input for the audit.
- What are the critical information assets in the network? - Information security and audit is always related to protection is related to the risks associated with the assets as determined by a systematic risk assessment. Typically, one would want to protect enterprise systems including ERPs, mail servers and other internal applications, web servers that host applications that are accessed by customers and vendors, and the network and its components. Also the security and access mechanisms surrounding the applications and the servers (the OS and database) need to be robust.
- Who has access? - Now the next job is to determine the persons who have access to the systems on the network and how. Is the system accessed only by employees? Do customers and vendors also access the systems? Do employees access the system from outside the office? Do customers access only the web server via the Internet or do they perform remote logins to the enterprise systems? The answers to these questions have significant impact on security.
- What are the connections to the external networks? - Although this question is answered while studying the network diagram, it is an important step and should be dealt with separately. Every network is connected to the Internet through an ISP. The primary reason for connecting to the Internet is to enable receipt and dispatch of mail and to enable browsing by employees. Enterprises may also have other reasons to connect to the Internet, such as e-commerce web sites through which the company's vendors, customers and partners collaborate, place orders or exchange other information. Dedicated connections to the networks of other partners may also exist. The gateways through which each of these connections is made are potential entry points for the external world.
- What are protection mechanisms? - Once the basic understanding of the network, the resources and the risks has been obtained, the audit is ready to look at the protection mechanisms. Then the audit can evaluate them for effectiveness and adequacy.
How Network Auditing helps your Organization:
- It is capable of performing real-time traffic and protocol analysis, showing listings of all TCP and UDP endpoints on your system, including the owning process name, loaded modules, services running, memory details, remote address and state of TCP connections, host DNS name, network class type, etc in order to provide correct status of the network to the administrator.
- It improves the design of the demilitarized zone and the positioning of security products like firewalls and intrusion detection systems in your network.
- It helps you in saving bandwidth and gives information about open ports and service associated on that port, possible trojans associated with port and service description to the network administrator.
- Most important, it will prevent your network from different attacks, unwanted intrusions, viruses, etc which makes life easy for the network administrator.
