Common Tasks
Search
Recent Posts
Tags
Community Connections

These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

Canadian Information Processing Society

AlignIT IT Manager Podcast Series

 

Resident Bloggers


Chris Di Lullo
Sr. IT Pro Marketing Manager
Twitter | LinkedIn

Jonathan Rozenblit
Technology Advisor
Microsoft Canada


Stephen Ibaraki
Industry Analyst
FCIPS, I.S.P., ITCP/IP3P, DFNPA, CNP, FGITCA, MVP

Archives
Archives
Resources

Best Practices for Performing a Security Audit from Laura Chappell

TechNet Blogs > Canadian IT Manager's Blog > Best Practices for Performing a Security Audit from Laura Chappell

Best Practices for Performing a Security Audit from Laura Chappell

2 Mar 2006 8:56 AM
  • Comments 3

I was talking with Laura Chappell about useful security tips since she "lives and breathes" security. As a bit of background, last year, she received the international Award for Professionalism founded by the NPA and given out at the Interop Conference in Vegas. Some of you may have caught her packed sessions at Microsoft TechEd conferences or HP Enterprise Symposiums. I know from my talks with some of you, you are familiar with her "Internet Safety for Kids Project" which she founded together with the "Protocol Analysis Institute."

Anyways, I asked her about the best ways to perform a security vulnerability audit on your network and she provided this list:

***
Well, Stephen, there are so many ways to go about this so I'll just start spewing out options:

  1. Identify assets (risk assessment)
  2. Prioritize the audit focus (separate the task into smaller chunks)
  3. Differentiate between intrusive and non-intrusive audit procedures
  4. Map the network from outside and inside the firewall
  5. Audit server and client software and hardware
  6. Examine software/hardware audit results against an ‘acceptable’ list
  7. Examine log files and log file usage
  8. Audit routers, firewalls and critical infrastructure devices
  9. Verify system and user configurations
  10. Audit application traffic for cleartext data transfer or unusual dependencies
  11. Audit all network access points (dial-in, wireless, tunnels, partner/consultant links)
  12. Audit security training information for users, management, consultants
  13. Check against industry-known vulnerabilities
  14. Audit antivirus and anti-spyware capabilities and status
  15. Audit patch and fix levels for hosts and servers (multiple OS types too)

***

Laura shares more of her best practices and provides her viewpoint on security in an upcoming interview. Look for it here...

Thank you,
Stephen Ibaraki

,
Comments
  • Jason Haley
    3 Mar 2006 8:18 AM
  • Stephen Ibaraki; sibaraki@cips.ca
    5 Mar 2006 10:06 AM
    Jason,

    You have useful links at your site... Nice work!

    Laura has some valuable viewpoints on how to best engage in security analysis as a career. She recently shared this:
    "A solid knowledge of TCP/IP communications is critical when analyzing, optimization, troubleshooting and securing a network. Reconnaissance processes and exploits travel across the network to the target. You need to differentiate between ‘normal’ network communications, anomalies and blatant attacks. With that solid communications knowledge you can separate network issues from application issues and dramatically reduce the time needed to interpret your network traffic. Once you build that solid foundation, optimization, troubleshooting and security tasks can be performed faster and more accurately."

    Best regards,
    Stephen Ibaraki
  • Canadian IT Managers
    10 Mar 2006 10:26 AM
    I have blogged about Laura's work before. This is the third interview in the series Blogged Down with...
Page 1 of 1 (3 items)