Active Audit Network Vulnerability Assessment
Why Active Audit?
Why is active audit necessary? Many companies rely on their
perimeter security. Perimeter can be breached most of the network and its systems
are virtually unprotected.
First, hackers are quite likely to be employees or may have breached the security
perimeter through a business partner or a modem. Because they are considered ‘trusted’
they have already breached most network security, such as firewalls, encryption,
and authentication. Note: the company network is usually considered the ‘trusted’
network while the Internet is ‘untrusted’. However, with up to 80%
of security breaches occurring in the ‘trusted’ network companies
may want to rethink their strategies for protecting systems and data.
Second, the defense may be ineffective. Aging, mismanaged security is no match
for today’s hacker, who is constantly improving techniques.
Third, most security breaks down due to human error. People make mistakes on programming
firewalls, they allow services to the network and forget to turn them off, they
are no efficient at changing passwords, they add modems and forget to turn them
off -- the list goes on and on.
Fourth, the network is always growing and changing, Every change is a new opportunity
for the patient hacker, who may spend months or even years waiting for an opening.
Firewalls , authorization, and encryption provide policy enforcement, but do not
monitor behavior. And with hacking, it is the behavior that is the problem.
These problems can be alleviated by creating a security process that includes
visibility into the network.
Network security is often viewed in terms
of point security technologies, such as firewalls, authentication
and authorization, and encryption. While very necessary to
a network defense they do not have the capability to analyze
and discover two items essential for network security:
-- are your employees, business partners, and anyone else
misusing the network?
2)System vulnerabilities --
if a ‘bad guy’ gets into your network, have your
systems been secured
lock him out?
This is where a strong firewall gives a false sense of security.
You must consider what would happen if your firewall is compromised.
The most effective and security strategy for your network
defense includes a ‘defense in depth’ or ‘layered
defense’. This includes augmenting your point solutions
with dynamic systems that monitor users as they use the network
and measure the network resources for changes and vulnerabilities.
And these technologies should be used to help better secure
the network perimeter as well as the intranet.
Often organizations have a tactical approach to network security
and do not treat it with the same importance as network operations.
However, more companies today are taking a strategic approach
to network security and treating it as part of the network
operation. This includes development of processes that constantly
measure, monitor and improve the security posture.
Active Audit—Network Vulnerability Assessment
Active Audit is the systematic implementation
of the security policy, to actively audit, verify, detect
intrusion and anomalies and report findings
For true security policy management enterprise-wide, Active
Audit capability must be in place and be applicable for all
access ports, devices and media.
Proactive network auditing tools provide preventative maintenance
by detecting security weak points before they can be exploited
Active Audit—Intrusion Detection System
Intrusion detection tools recognize when
the security of the network is in jeopardy. Intrusion detection
provides the burglar alarms that notify you in real-time when
break-in attempts are detected.
For example, you want to be able to see a bunch of port scans
are happening on your system. There's some IP address that
they are originating from. That somebody who could be potentially
doing bad things to your network.
You want to be able to watch suspect behavior. You also want
to be able to watch things like, hey, does that person in
data entry, are they going back into the data warehouse? Are
they going into our accounting system?
IDS architecture is going to consist of several different
parts. There's going to be some IDS engine, something that's
analogous to a sniffer that's watching the line, looking for
violations in policy. There's going to go some security management
system, someplace where you give the instructions about what
adheres to your security policy and what doesn't. And there
will be kind of real time alarm notification, some way to
tell the people within the organization, hey, this is what's
going on in your network. Something bad is about to happen.
Something bad is happening. It's time to take action.