How to perform a network device audit
From unauthorized applications to rogue devices like data-slurping USB sticks, enterprise networks face a growing number of security risks. For financial-services firms, the data loss or network intrusions that can result from unauthorized network devices can be devastating. Network device audits are critical to ensure devices such as routers and firewalls are configured properly. In this tip, Judith Myerson explains how to prepare and initiate a network device audit
Today's network administrators are no doubt aware that a growing number of rogue devices and applications are increasing enterprise network security risks. For instance, end users often attach USB sticks to their computers unnoticed, downloading sensitive data and potentially uploading malware. Unauthorized applications are commonly installed, resulting in software licensing and copyright infringements, not to mention opening potential holes into the network. While these risks are substantial to any enterprise, to a financial-services firm, lost data or network intrusions can be the difference between making a profit and potentially going out of business.
The examples above are just a few of the reasons why it is important that financial organizations know how to perform network device audits to ensure network devices, such as routers and firewalls, are configured properly. Networks must be audited from all points of entry, such as desktop and laptop computers, remote access, connections to third-party networks, pluggable external devices and wireless access points.
A network device audit tool performs security audits of network device configuration files. A financial-services firm should look for a tool that can modify network-filtering audits. For instance, open-source network infrastructure parser tool Nipper, through its customizable filtering audits, can check rules allowing access from any source to any destination, note rules that are disabled, or deny rules that aren't logged. It supports a wide variety of devices from different manufacturers including Cisco Systems Inc., Nokia, Hewlett-Packard Co. and Nortel Networks Ltd.
Preparing for and performing a network device audit
When implementing network device audit tools, the ultimate goal is to audit the entire network and identify issues that prevent it from functioning at its optimum state. To achieve this, organizations should take these steps when preparing for and initiating a network device audit:
- Review firewall management policies to ensure they are keeping pace with new threats (e.g., via firewall logs) and do not conflict with established audit and business policies. Review firewall configurations in response to changes in regulatory requirements, so the time needed for security auditing can be reduced.
- Conduct a site analysis using a network assessment tool to ensure the audit tools can collect all the required data on all network devices of two types: enterprise and pluggable. Enterprise devices include servers, workstations, routers and switches, firewalls, encryption devices and intrusion detection systems. Pluggable devices are those typically used in conjunction with client machines, such as USB memory sticks, Bluetooth devices, flash cards, smart phones and portable disk drives.
- Set up a network audit-review team to include both internal and external auditors. Internal auditors have detailed knowledge of the network devices, policies and procedures, while external auditors are hired for a completely independent objective evaluation at additional cost. These network device auditors need to collaborate with the external compliance auditors.
- Conduct a pilot study of network device audit tools on a sample portion of the network. This will help the auditors and integrators solve any potential problems before making use of the tools on a large scale. It will also help determine what education and training the auditors and integrators will need to solve unusual problems. Without proper training and education, network device audits can be difficult.
As part of the pilot study, do the following:
- Create a network device auditing checklist. At a minimum, make sure it includes device configuration, administrative and authentication services, network filtering, protocol analysis, operating system version and time synchronization.
- Consider ISO 27001, an Information System Security Management Standard (ISMS) as part of your checklist on policy, procedures and operation, such as redundancy, log monitoring and incident handling.
- Change default configurations for antispam, antivirus, routing, VPN, encryption, wireless and firewall systems. Review configuration audit policy for network devices, and review audit configuration options on network filtering audit checks, network firewall port lists, timeouts, password encryption and password audit complexity checks.
- Ensure compliance regulations can be met and the data required for compliance has not been blocked by firewalls, and that storage of data can be retained for a specified period of time.
- Test the restoration of backup media as part of a review of backup policies. Run backup media at off-production times to ensure they are in good condition when needed in a disaster recovery.
Knowing how to conduct a network device audit can be a challenge for a financial organization. Following these implementation techniques can make the job easier.
About the author:
Judith M. Myerson is a systems architect and engineer. Her areas of interest include middleware technologies, enterprise-wide system, database technologies, application development, network management, computer security, information assurance, financial, RFID technologies and project management. She is also a consultant. You can reach her jmyerson at bellatlantic.net