A company’s security network is like a chain in that it’s only as strong as its weakest link. For this reason, a thorough and regular
Network assessments are a critical element to determining the effectiveness of your overall network security. And thoroughness is of the utmost importance, which is why we’ve put together a list of tips for a professional-grade network assessment.
How to Assess the Effectiveness of Your Company's Network Security
An in-depth and thorough network security assessment is, of course, an extremely intricate process, so for the purposes of brevity (and internet attention spans), we’ll just cover the basics here. A network security assessment should be completed by an experienced professional, and the below information is primarily for purposes of knowledge. For a thorough assessment, contact a Kelser Network Security expert.
Policies
Secure policies are the backbone of a network security strategy, and will ensure its long-term success. Policy-based security includes: policies related to acceptable use, email, and other communications, remote access, BYOD, encryption, and privacy. Without proper policies in place, user knowledge, and enforcement, a strategic network security plan can’t be successful over the long term. After all, how can users abide by a plan if there isn’t one?
Once you have policies in place you can use them as a proprietary checklist for your specific network.
Server Security
Servers tend to bear the brunt of malicious attacks for the simple reason that they contain the mother load of information. To maintain a secure server environment, you need a checklist to go over for existing servers, and as you add new ones to the environment. The first thing you’ll need to do is make a list of your servers, then assign the parties responsible for them, ensure they have the proper secure naming conventions, manage the IP addresses, ensure they’re on your patch-deployment program, and add proper antivirus and firewall technology. And of course, assign strong passwords and preferably assign permissions in domain groups. If you’ll be using remote access, pick one solution, stick with it, and put it on all your servers. During assessments, confirm that all servers are included in your management console (you’d be amazed how many ‘ghost’ servers are out there), and then check all the points above. As a final measure, perform a vulnerability scan.
Workstations
Workstation security can be one of the most difficult aspects of network security, so you’ll want to use security protocols that are similar to those used for your servers. To start, form a centralized workstation list, ensure that each one uses proper naming conventions, and ensure that each one is a part of a centralized patching, firewall, and antivirus update process. Encryption is a solid practice to employ on workstations in this day and age, so ensure they’re all running encryption software. Finally, perform a vulnerability scan on each workstation via the central management platform.
Networking Equipment
While your networking equipment doesn’t contain a ‘mother load’ of data, they are the gatekeepers to your servers and workstations—so protect them as strongly as everything else. Your specific plan of attack for assessment and risk mitigation will vary depending on if you have a sole-manufacturer or a multiple-vendor environment.
Like you do for your servers and workstations, create a master list of devices (by now you’re hopefully realizing how critical device lists are), including switches, VLANs, firewalls, and routers. Employ a standardized configuration—this will make assessment and risk mitigation easier. Use static IPs and then manage the devices with an IP address management tool. Check to ensure that you’re successfully centrally deploying patches to all devices. Perform vulnerability scans during each assessment.
Backups
Backups are critical to your restoration process in the event of a malicious attack. During your network security assessment you’ll need to double check that all of your vital devices are backed up and that you have a proper restoration plan to prevent downtime and lost data. For added security, ensure that your off-site storage is accessible, destroy all old tapes that have reached end-of-life, ensure that your encryption methodology is solid, and ensure that you’ve implemented a plan to regularly confirm backups and restores.
Email and Internet Security
Use proper assessment software to double check your email and internet security, including intrusion detection, anti-virus, anti-spam, and anti-phishing software.
Do you Need Professional Help?
Network security is serious business. A professional should complete your periodic network security assessments because you need just as much knowledge, if not more, than the hackers trying to access your network.
Assess your company's cybersecurity posture with our quiz:
