How secure is your network? The best way to find out is to attack it. Network Security assessments provide you with a professional security consultant to identify and assess risks in Internet-based networks using the same penetration testing model they use to secure government, military, and large commercial networks.
For a small business owner or IT manager a network security assessment gives you a clear picture of your network infrastructure and the security posture of how the IT environment is set up and being maintained. If your company is considering expanding your network, an assessment is a great means to taking inventory and establishing a baseline of current performance levels. An assessment will identify equipment that is poorly performing or near its End-of-Life and will also reveal the skill level of the IT staff that is configuring and maintaining the IT environment.
An IT system isn’t just technology for technology’s sake. Technology should help meet specific business goals and provide value. An assessment can make sure that the technology is meeting these goals, or provide a blueprint for improving the technology and a specific and measurable template for achieving business objectives. It can also ensure that IT technology and security is in compliance with government guidelines and best practices.
There are any number of reasons that would motivate a business owner to perform an assessment. For example, if an IT employee recently gave his notice, it would be a good idea to have an independent third party assess the IT infrastructure and provide an unbiased report of how the employee is leaving the IT environment; are there any open issues that need to be addressed? Another common motivator is that the business owner feels the business has outgrown the capabilities of the current IT Service Provider. No matter what the motivation is; having an assessment preformed can help you establish the current health of your IT environment and you receive the added bonus of evaluating the professional service and engineering work of the assessing IT Service Provider.
Here is a great example of an assessment checklist. A typical assessment consists of 5 key evaluation areas:
- Server & Desktop Infrastructure: Document the hardware and software on each device, is there missing software license keys or worse yet are duplicate software keys in use? Is any of the equipment out of warranty or End-of-Life support?
- Operating Systems & Active Directory Configuration: An inventory of Operating Systems and an evaluation of how the O/S is set up. Is Active Directory in place, and is it correctly deployed?
- Patching & Anti-Virus/Malware Status: Are the Servers and PCs properly and timely patched? Is there a common Anti-Virus in place? Is it updating, scanning and quarantining as expected?
- Data Backups & Business Continuity: Are your backups running? Can you restore a file, application or server quickly? Do you test your backups to insure they are viable?
- LAN/WAN Performance & Security: Are your WAN routers, LAN switches, and your Firewall all manufacturers supported, flashed to recent software levels, and configured to insure good performance and high security?
Let me share with you our assessment process so you gain a sense of what to expect:
RB Information Assurance will send to your site our security expert to sit down with the owner or IT manager in front of their PC.
- The owner or IT manager types in all of the required passwords into his own PC; we never ask for and never see the business password which insures the business data remains secure.
- The owner or IT manager can actually watch and learn as the engineer evaluates everything in the assessment checklist. They can see all of the issues with their own eyes.
- The owner has an opportunity to gauge the technical prowess of the engineer performing the assessment.
- Once all of the items are assessed the technical data is collected and the information is reviewed for trends, problems and issues that are negatively affecting your network performance and security posture.
- RB Information Assurance then begins the off-site process of writing up our findings to review with the business owner.
Written IT Network Assessment Recommendations
Perhaps the most important deliverable in an assessment is the Statement-of-Findings and/or the Recommended Mitigation. The assessment checklists are reviewed and compared with best practices, business requirements and common design requirements. The results from the assessment are then utilized to develop specific recommendations that focus on design, equipment configuration, and security improvements. RB Information Assurance will generate a report and provide you with some specific prioritized recommendations to mitigate the most significant issues.
Typical assessment issues that are found are software that is out of license compliance or copied illegally which can cause huge fines and penalties to your business. An assessment will evaluate the existing software for compliance and create an audit process for future software. A software audit now as part of an assessment is much more cost effective than an audit later by a software company.
Security of your company data is a top priority. Proper security measures not only protect the data from outside hackers and disgruntled employees, but the ability to demonstrate good security is essential for new sales and customer retention. An assessment will evaluate and make recommendations to close holes in security and help create a bulletproof computing environment for critical data.
Another typical result of the assessment is that your backups are broken or not running at all. RB Information Assurance often determines that the wrong data is being backed up, or backup failures are going undetected and therefore not corrected. Unfortunately most often the backups are not being tested at all and so you really don’t know if the backup copy is viable and can actually restore data when called upon to do so.
