How do you Audit Network Security?
The importance of auditing network security cannot be underplayed. Protecting data from hackers and unauthorised parties is essential if the integrity of any business is to be maintained. Audits allow you to stay in touch with how your system is performing and, as they can isolate security breaches and threats of data interference, they give your tech team the information they need to restrict access as necessary and remain on top of online surveillance. In essence, an audit allows a business to be proactive, rather than reactive, which keeps it in a stronger position when it comes to protecting data and reassuring clients that you have a sound security reputation.
Contents
What exactly is a network security audit and why do you need one?
Why is a security audit important?
What is the primary goal of a network security audit?
How do you perform a network security audit?
What should be included in an audit?
What are the types of IT security audit?
Tools Required
How often should you audit?
What should a network security audit checklist look like?
What should be in an audit report?
What Exactly is a Network Security Audit and Why Do You Need One?
In short, this kind of audit offers the chance to evaluate operating systems and the way in which your IT infrastructure is functioning. We all recognise that today the reliance on digital platforms for the storage of data has increased dramatically and therefore the continuous assessment of online defence is vital if breaches are to be averted. Of course, auditing incurs a cost, but this cost will be nothing in comparison to what a breach of company data could see you forking out.
Carrying out this continuous safety monitoring allows you to reinforce your company cyber defence protocols and ensure data protection. Falling foul of a breach is not only expensive but its effect on damaging a reputation can be catastrophic. With so much competition out there, clients are likely to look elsewhere once their trust in your business has been tainted.
Perhaps you need new software, technological updates or new data management software; being aware of your online operations through the process of an audit can in turn lead to informing future business decisions. Auditing can also help you resolve backlog inefficiencies, decrease IT department tasks and seek out weak company policies that may otherwise go unnoticed.
Audits are also done in order that compliance with industry standards is achieved. Government regulation also needs to be met and these will also be considered and assessed.
Why is a Security Audit Important?
With the increased reliance on IT and online platforms for storage of sensitive information it is clear why having a secure network is vital. Maintaining network integrity through an auditing process is equally as important. Here’s a quick reminder as to exactly why:
Maintains all-important critical data protection for the business and clients.
Keeps the company compliant with regards security policies and standards.
Identifies vulnerabilities in the systems.
Identifies vulnerable loopholes, hopefully before any cybercriminal does.
Keeps a company up to date with safety measures.
Helps to make decisions going forward concerning new policies in securing the network systems.
Most importantly it helps a company put strategies in place should a breach occur.
What is the Primary Goal of a Security Audit?
There are several goals of this kind of audit and all are equally as important. If we had to pick a primary goal, however, it would be:
‘To identify gaps, problems and weaknesses in network security, allowing issues to be dealt with and hacking to be avoided.’
How Do You Perform a Network Security Audit?
Before running an audit it must be decided whether it will be done internally or externally. Many companies have a senior IT manager who may be skilled enough to do the job but if not, you can commission consultants like us to perform the job.
Companies often look to hire providers like Defended Solutions whose team has a specialist background in cybersecurity and network security. The external option is also used when an organisation needs to ensure it is conforming to government regulations and industry standards.
What Should Be Included in an Audit?
No matter who is carrying out the work, there are some key aspects that need to be considered. First, all devices and operating systems must be identified along with their endpoints and vulnerabilities. Any new system update or new device recently added brings added risk of a breach so all of these must be brought up to date as soon as possible to prevent an incident.
Security control effectiveness is also assessed. This refers to how well a company has implemented the policies and procedures it has in order to protect its systems. Does the company control its mobile devices through an administrative procedure for example? The auditor must test the controls to ensure they are safeguarding effectively.
A company must also have measures in place to manage data encryption and software systems need to be working effectively and providing accurate information. Systems are therefore monitored to check that the necessary controls are in place to divert unauthorised users gaining access. All data processing, computer systems and software development will be examined.
Just as every business is individual in its chosen way of working, businesses vary in their preferred security policies and regulations. Something as simple as an employee updating their password every few months is an example of a company’s relevant policy. Auditors will need to assess these firstly to see that they comply with current protocol but also to discern if any need updating.
Firewalls are another important aspect of securing the online storage of a business. When auditing, firewall configuration, management process, rule-based analysis and the topology of the firewall will need to be carefully considered. The firewalls are a key defence mechanism in protecting against threats coming in from outside but they also help avert internal issues too. When functioning up to speed, they segment network access into limited areas or compartments that can only be accessed by a few users.
A Distributed Denial of Service (DDoS) attack is another way that criminals manage to disable network infrastructure and an investigator will also review this risk for your business. Firewalls can help minimise these attacks but you really need a more detailed security strategy to deal with the extent of this kind of breach.
An auditor will also take a close look at the technology a company uses and how compatible it is with protecting data. In essence, a risk assessment is carried out and this is a vital part of what the investigation consists of. Risk assessments give a company the tools to assess external risks and categorize them depending on their potential effect and the associated cost.
Finally the auditor will carry out a test ‘hack’ or a penetration test to assess the security measures in place. In order to stay one step ahead of the cyber criminals you need to know how they think. Testing the viability of the safeguarding system in this way helps to pick out any gaps in safeguarding and in turn provide the auditor with information to advise the business on how to make improvements on which systems to implement going forward. Architecture management capabilities will also be checked as well as telecommunication controls.
Furthermore some service providers will include other elements in their package. These can include the following:
Remote access security
Internal network security posture assessment
White box external and internal network penetration tests
External and internal vulnerability assessments
Human error (phishing, telephone impersonation, email filters, and spam)
Takeaway: If you do not have someone in house who knows how to carry out a sound audit then you will need to outsource the job. Ask for a checklist to make sure that all of your requirements are covered, and make sure they provide a comprehensive report for you so that you can use this to make future decisions when it comes to best practice for your network security.
What are the Types of IT Security Audit?
As with many audits there are different ways in which an IT investigation can be categorized. Some of the more popular categorisations are as follows:
Approach Based
Black Box Audit: This is the situation in which the auditor is the only person aware of the information that is publicly available regarding the business that is to be assessed.
White Box Audit: Here the auditor is given company information that is to be looked at, such as source codes, employee access etc.
Grey Box Audit: In this situation the person carrying out the job is given some of the information to start the process with. In some cases the auditor sources this but often it is provided for them so time is used more efficiently.
Methodology Based
Penetration Tests: Here, the auditor tries to hack the system to test the efficacy of the existing safeguarding.
Compliance Audits: In favour of efficiency, this is when only certain aspects are checked to assess business compliance with regards network safety.
Risk Assessments: In this case critical resources that may be open to a hack, are assessed.
Vulnerability Tests: Scans are carried out to identify security risks. False positives may crop up.
Due Diligence Questionnaires: These are used to determine exactly what security standards exist in the company wide network.
Tools Required
As we have mentioned, being proactive is key in fighting cybercrime. There are several tools you can use to help stay on top of your systems and keep online criminals at bay. Some of the more popular tools you may want to consider include:
SolarWinds Network Configuration Manager
This was designed to audit networks and instigate configuration changes to devices across the network.
Intruder Cloud-based Vulnerability Scanner
Carries out monthly scans that support multiple networks.
Nmap
Popular since the 1990s this is a top choice among online defence professionals.
OpenVAS
An open-source tool providing detailed security auditing (specifically for Linux environments).
ManageEngine Vulnerability Manager Plus
A simple tool that efficiently identifies high-risk activity and outdated devices on your network.
Metasploit
Sound penetration testing software.
Netwrix Auditor
Monitoring configuration changes and risk analysis across large networks.
Don’t forget that software and data management is always changing and evolving and keeping your management program updated is vital if you are to avoid creating vulnerabilities and react to any breach quickly.
How Often Should You Audit
This is a question that often crops up and is quite tricky to answer as the answer depends very much on the nature of a business, the demands on the IT network, the industry it belongs to, the number of systems it has and the applications that require investigating.
Some organisations such as health care and those involved in the financial sector audit more often because of the highly sensitive nature of the data they store. Likewise companies that only use one or two applications may well audit more frequently as with so few applications the process is more simple.
Regulations may have a bearing on how often you are required to carry out the process. Once or twice a year is enough for some businesses but others choose to do it quarterly or even monthly. Different departments within your business may require a different frequency of auditing. Again, it comes down to the complexity of systems being used and the importance of the data held within it. This tends to determine frequency.
Note: If a data breach occurs then an investigation must be carried out immediately to decipher what went wrong.
What Should a Network Security Audit Checklist Look Like?
Once an audit has been agreed on, all stakeholders must be in favour of exactly what is to be checked and investigated. Then a list of exactly what will be looked at should be drawn up and provide the basis for the investigation and final report. An audit checklist can be extremely long but you and your service provider (should you be using one) may think about about including the following:
General
A written Network Security Policy that lists the rights and responsibilities of all staff, employees, and consultants
Training for all employees regarding the use of the Network, sharing data outside the company and not allowing unauthorised access
All outside contractors must sign a security agreement when working with your business
Password Security
Password policy made available to all
Password training
Password documentation storage
LAN Protection
Remove unnecessary services and applications
Keeping unnecessary files off servers
No anonymous users allowed
Unauthorized login attempt policies
Remote Access Security policy and implementation
Consider auditing of Administrator login attempts
Use strong passwords for Administrator accounts
Configure audit logs to track unauthorised access of anything confidential
Ensure Wireless Network safeguards are configured correctly
Workstation Logons
Screen Locks on all computers
Passwords on all devices
Remove unnecessary applications
Anti-virus software installed
Ensure anti-virus and software updates are occurring frequently
Pop-up blockers activated
Mobile Devices
Enforcement of the mobile device policies
Wireless access points secured
Network Equipment Security
Configure logs to monitor access
Document user accounts and passwords for accessing devices and store in a safe place
Router/Firewalls
Use a firewall
Configure firewall policies to prevent inbound access to unused locations
Implement network address translation (NAT) where possible
Make sure the router and firewall software is updated regularly
Consider having penetration testing performed to identify weaknesses
What Should be in an Audit Report?
It is all very well getting a report at the end of the process but what exactly does that report tell you? Audit reports are complete analyses of a security system and should provide the information needed for companies to fix any issues and move forward to a more robust IT plan if necessary. Your report should include:
A comprehensive analysis of security measures
Risk assessment
A policies and procedures review
Examination of controls and technologies protecting all assets
Firewall configuration assessment
Network security audits assess data that is both static and activity-related. Static data refers to policies, passwords and systems while activity-related data tests examine data access, transferred files and user log-in activity.
Hopefully now you can understand a little more about what a security network audit actually is and that it is not something to be dreaded but rather something to be embraced. By being proactive rather than reactive you can stay one step ahead of the hackers, and by appreciating the entire process and the reasons for it, there will be no fear factor about what is involved.
It is so important to protect your customers and maintain the integrity of your business; an audit offers you the means to do just that. Defended Solutions provide a professional and flexible auditing service so if you are keen to get up to speed and need expert advice on keeping your systems safeguarded, get in touch and one of our team will talk you through the whole process while tailoring your service to fit your business.