Solved

How to prepare for internal security audit?

Posted on 2011-03-17
1
506 Views
Last Modified: 2012-05-11
Hello,

We are having an internal audit completed in several weeks. I was wondering what types of free or functional trial software I can use to scan my network for various weak entries, open shares, blank passwords on routers, sql, etc? We are wired only and no wireless.

They do two types of internal audits i'm mostly concerned with preparing for. The first is we give them access to our network as an end user and the second is when they find a random port then they try to gain access. What they won't do is sniff our network traffic for passwords.

We've done all the easy basic things like full disk encryption, usb lock, port lock downs, firewalls, anti virus on pc's. I'm looking for something that will go out on my network to find something more!

Unfortunately, I haven't implemented a DLP (Data Loss Prevention) system. That isn't scheduled to go live for another month or two.
0
Comment
Question by:First Last
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35161381
Biggest thing I've seen on audits is on the ASA/PIX interface itself, not restricted to SSLV3 only. SSl v1/2 is default for SSH and HTTPS to manage the device itself. Be sure to set it to SSLV3 only before the audit...
Otherwise, get NMAP and run it internally..
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Site-to-Site VPN Cisco ASA 5505 to Cisco RV320 4 30
Cisco vlan question 12 41
cisco switch stacking 6 34
Gateway Resilience 4 20
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now