• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

How to prepare for internal security audit?

Hello,

We are having an internal audit completed in several weeks. I was wondering what types of free or functional trial software I can use to scan my network for various weak entries, open shares, blank passwords on routers, sql, etc? We are wired only and no wireless.

They do two types of internal audits i'm mostly concerned with preparing for. The first is we give them access to our network as an end user and the second is when they find a random port then they try to gain access. What they won't do is sniff our network traffic for passwords.

We've done all the easy basic things like full disk encryption, usb lock, port lock downs, firewalls, anti virus on pc's. I'm looking for something that will go out on my network to find something more!

Unfortunately, I haven't implemented a DLP (Data Loss Prevention) system. That isn't scheduled to go live for another month or two.
0
First Last
Asked:
First Last
1 Solution
 
lrmooreCommented:
Biggest thing I've seen on audits is on the ASA/PIX interface itself, not restricted to SSLV3 only. SSl v1/2 is default for SSH and HTTPS to manage the device itself. Be sure to set it to SSLV3 only before the audit...
Otherwise, get NMAP and run it internally..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now