Solved

How to prepare for internal security audit?

Posted on 2011-03-17
1
513 Views
Last Modified: 2012-05-11
Hello,

We are having an internal audit completed in several weeks. I was wondering what types of free or functional trial software I can use to scan my network for various weak entries, open shares, blank passwords on routers, sql, etc? We are wired only and no wireless.

They do two types of internal audits i'm mostly concerned with preparing for. The first is we give them access to our network as an end user and the second is when they find a random port then they try to gain access. What they won't do is sniff our network traffic for passwords.

We've done all the easy basic things like full disk encryption, usb lock, port lock downs, firewalls, anti virus on pc's. I'm looking for something that will go out on my network to find something more!

Unfortunately, I haven't implemented a DLP (Data Loss Prevention) system. That isn't scheduled to go live for another month or two.
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35161381
Biggest thing I've seen on audits is on the ASA/PIX interface itself, not restricted to SSLV3 only. SSl v1/2 is default for SSH and HTTPS to manage the device itself. Be sure to set it to SSLV3 only before the audit...
Otherwise, get NMAP and run it internally..
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question