The make-up of an office network changes virtually by the week. For system administrators it is barely possible to keep up with which devices and applications are added and which are no longer in use. In addition, there are the operational systems installed for specific functions in the past.
In this blog, I’ll give you suggestions and you’ll discover tooling to map and monitor the security of the office network.
Thomas Stols, Security Specialist at Computest
With all those applications and systems, there is a real risk of proper monitoring not being performed and updates not being implemented. So how can you be sure that your office network is secure? In this blog I provide some tips and tell you about tooling in order to map and monitor the security of your office network.
The security of fixed resources in the office network
What are the fixed components of your network and how do you guarantee that security is assured? The following 5 steps can help you.
Step 1: Catalogue the office network
Perhaps the most important question that every system administrator should be able to answer is: what software is running on the office network? A logical first step is to make an inventory. Make sure you always have an up-to-date overview of the systems in place, which services are running on them and how they are positioned in the network. This can take the form of detailed network drawings, but just a simple Excel file can often be a good starting point.
Your inventory will probably list many different components. For instance, various servers, routers, workstations, printers, appliances, laptops and mobile devices. And of course a wireless network for employees and guests. That's a lot of different elements to keep an eye on.
Tip! Besides the fixed resources in the network, also make a note of the IP ranges issued for workstations, laptops and other mobile devices.
Of course, this system only works if you keep the list up to date, and experience shows that this is difficult as the network grows. So if you can, it's better to use an asset management tool. This can be a simple open source web app like NIPAP or part of a larger ERP or configuration management system.
Step 2: Scan your office network for vulnerabilities and errors
There are many appliances and tools that can help you in testing the security of your office network. One of the tools commonly used to get a quick picture of vulnerabilities and configuration errors in systems is Nessus.
Tip! The vulnerability scanning tool Marvin_ performs a highly extensive security check of your complete IT infrastructure daily and only displays the relevant vulnerabilities, so you don't waste time on 'false positives'.
Nessus is a vulnerability scanner that scans the systems for known vulnerabilities on the basis of a number of IP addresses. A free 'home version' is available that can be installed on any operating system. Marvin_ is another well-known vulnerability scanning tool. Marvin_ performs a highly extensive security check of your complete IT infrastructure daily and only displays the relevant vulnerabilities, so you don’t waste time on ‘false positives’.
Step 3: Evaluate your security scan
You have completed the vulnerability scan. This is followed by the important step of evaluating the findings. It is important to properly compare the results against the inventory you drew up previously. Because although you may not be expecting it, the actual situation always differs from how you imagined it. Perhaps the scanner came across services that were not supposed to be accessible, or even systems that were completely missing from the inventory. The evaluation can therefore be quite a task in itself and can also throw up many false positives. In order not to incur hours of extra work, you could ask a security expert to look over your shoulder.
Nessus and Marvin_ already assign a priority to the vulnerabilities detected. The vulnerabilities coloured red are important to attend to, they are labelled CRITICAL. These types of vulnerabilities are often easy to exploit by using existing tools and have a high impact, for example executing random code on the system. The vulnerabilities coloured yellow also warrant attention, whereas those coloured green and blue simply provide information about the services found.
Step 4: Take action
It goes without saying that the problems identified need to be resolved. In some cases, this can be done by installing updates or patches. Other problems require changes of configuration and sometimes you really have to look into a problem in depth to resolve it. That takes time, which could mean it gets left undone. Again, you can outsource this part.
Step 5: Validate and repeat
After the problems have been resolved, it is always a good idea to perform a new security scan of your office network. It may be that a solution has not been properly implemented or that there are multiple ways to get around the built-in protection. So always validate your solution.
Tip! Always carry out a new security scan after the problems have been resolved, because there can be multiple ways to get around the built-in protection.
It is also possible that resolving problems or updating software throws up a new security issue. So it is important to carry out periodic checks and evaluate the results again and compare them with the previous scan.
Don't forget services that can be accessed remotely
Employees want to be able to access their data at all times and from any location. For this reason, applications and services are often also accessible online.
Tip! Use your vulnerability scanning tool to scan the URLs or IP addresses of online services to check them for security flaws.
It is important to also regularly check these services for security flaws. You can do so by using your vulnerability scanning tool to scan those URLs or IP addresses. Do be aware that you always need permission from the owner of the systems before performing a scan of this kind.
Get a daily handle on security with Marvin_
Do you find it hard to identify which findings produced by the vulnerability scanner are really important for you? Or are you more interested in information about the difference in findings over a longer period of time? If so, the hybrid service Marvin_ could be ideal for you! This vulnerability scanning tool performs daily security scans of your complete IT infrastructure. The results of the scans are visible in Marvin_'s online portal. In addition to daily security scans, Marvin_ also alerts you to sudden misconfigurations or changes.
Every morning, a Computest security specialist goes through all the new findings from the scans. Problems which are not relevant or ‘false positives’ are labelled as such. Moreover, findings are provided with sufficient explanation and context information so that you can act on them immediately. If you do have questions, you can put them to one of our security specialists directly using the chat function in the Marvin_ portal. With Marvin_, you know for sure that you are keeping your finger on the pulse of your network security and getting a better grip on it every day. Plus you get to devote your time to matters you know for sure require your attention.
Read how AFAS Software use the hybrid service Marvin_ and what they think of it.