What to look for in a network security audit

What to look for in a network security audit? That's a short question with a big answer, says expert Peter Wood.

What information should I look for when I do a network security audit?
This is a short question with a potentially huge answer! A thorough network security audit would start with a network discovery exercise, using a tool like SolarWinds Inc.'s Network Sonar to identify all the devices on the network. This would be followed by a common port scan of the identified devices, using Nmap or SuperScan to look for unused services and locate admin interfaces on devices such as routers, switches, access points, etc.

Next, I would run authenticated vulnerability scans against a representative selection of devices -- the QualysGuard appliance is excellent for this, but Nessus and other scanners provide a good alternative, providing they are configured correctly (beware of causing denial-of-service or other outages).

Lastly, I would compare system configurations with best practice, again for a representative selection of devices, using manual techniques. Best practice will depend on the systems you are using (Cisco vs. Microsoft vs. Unix, etc.). Generally, I advise people to look at the National Security Agency (NSA) and Center for Information Security (CIS) standards documents, although some of their more rigorous settings may need to be relaxed for some commercial environments.

Read more on Hackers and cybercrime prevention