The major elements of a network security audit are as follows:
- Physical audit including asset inventory
- Perimeter fencing
- Patch management
- Software and System Review
These elements identity the inherent risks and suggest ways to effect a fix.
Never underestimate the importance of a network security audit. Even if the home network does not have any sensitive data of interest to hackers, hackers still fancy the bandwidth and computing resources to launch DDoS attacks, eke out net banking passwords, and do other damages. Investigations to the major botnets reveal that such “evil empires” control “zombie” armies comprising of millions of unsuspecting home computers.
The basic component of a network security audit is listing out all the available workstations, servers, routers, printers, switches, and all other devices, accessories and peripherals in use. Creating such asset inventory helps in many ways, such as:
- Ensuring optimal allocation of resources. Checking the physical connections, for instance, allows connecting the printer to all the workstations, thus allowing for efficient sharing.
- Identifying obsolete or redundant hardware such as a TV tuner card no longer in use or an obsolete 5 ¼” floppy drive.
- Ensuring all workstations connect properly and optimally. For instance, connect all individual computers with a router, which serves as an effective firewall. Ensuring all devices connect independently to a power socket makes unplugging devices not required to both increase security and save energy.
- Ensuring security of all devices. For instance, not securing wi-fi with a password means that neighbors and passers-by can gain unauthorized access at will.
The conventional approach to network security is perimeter fencing, usually through firewalls and anti-virus software that prevents malware and other infections. The network security audit needs to ensure that firewall and anti-virus programs are both effective and up to date. Other methods of perimeter fencing, such as system administrators monitoring the network to detect threats real-time on a continuous basis, are not relevant for home users.
Test the effectiveness of perimeter protection through penetration testing. A penetration test is an attempt to infiltrate a network deliberately, to test its robustness. Penetration testers operate from outside the firewall and use the tricks usually applied by hackers such as phishing attempts, exploiting software vulnerabilities, dumpster diving, or any other method to try to gain unauthorized entry. If successful, it unearths the vulnerabilities plaguing the network.
Most software and operating systems have bugs, and hackers seek to exploit such vulnerabilities in the software for their nefarious ends. Software manufacturers release update patches on detecting bugs, but users have to download it. Failure to patch or secure all such devices or endpoints properly may result in hackers and malware using such weak spots to gain entry and wreak havoc with the systems.
Downloading patches needs to be a regular exercise. The audit should check whether all software have the latest patch installed, and whether the system configuration allows the software to detect and prompt the user to install the latest patches automatically.
Software and System Review
A software audit entails a thorough review of all software installed on the computer. Software or data that does not serve any purpose may actually be malware in disguise, posing grave security risks. Even otherwise, it serves as a drag on system resources and degrades performance.
The purpose of such software and system audit also extends to:
- Monitoring CPU usage. Software that runs when it should not be running may be malware.
- Identifying shares, services, and scheduled tasks running on the machines.
- Identifying unnecessary system and program files. Many malware programs pose as fake Windows components of system files. A good audit makes a thorough scan of the system to identify such fake files and delete them.
- Identifying whether critical resources such as internet access and hard drives are password protected, and to ensure the strength of those passwords.
- Analyzing logs of past activities in the network to detect any unusual or abnormal traffic.
- Reviewing access control lists and rights for different users.
- Ensuring the integrity of backup storage.
Many tools automate the network security risk analysis audit, or at least make the task easier. The following are some good tools:
- GFI LanGuard provides a comprehensive network security overview that covers all these audit steps, providing not just notifications and reports, but also remedial action for any issues. GFI LanGuard’s vulnerability assessment feature, for instance, performs over 45,000 checks on the operating system and installed applications, and rates each computer in the network with a risk and vulnerability rating.
- SpyBot: Search and Destroy, a freeware security program that tracks and destroys possible adware and other spyware.
- CCleaner, another freeware that removes all unnecessary files from the system and fixes any registry issues automatically.
Security audits serve their purpose only when done regularly, and the results are acted on immediately. In the fast changing world of computing, a fully secure computer one day may become wide open for hackers the next day, owing to the hackers developing some new technology, the software becoming outdated, the anti-virus failing to update, or any other reason. For instance, if the security audit identifies that the anti-virus does not update, a quick fix of updating to the latest version as a one-off measure hardly serves the purpose. What is later required is to develop a system of ensuring that the anti-virus software updates itself when new versions become available.
- Hayes, Bill. “Conducting a Security Audit: An Introductory Overview.” http://www.symantec.com/connect/articles/conducting-security-audit-introductory-overview. Retrieved August 12, 2011.
- Image Credit: freedigitalphotos.net/jscreationz free version
- Marchany, Randy. “Conducting a Number Change.” http://net.educause.edu/ir/library/pdf/pub7008g.pdf. Retrieved August 12, 2011.
- GFI LanGuard. http://www.gfi.com/network-security-vulnerability-scanner/