How to prepare for internal security audit?
Posted on 2011-03-17
We are having an internal audit completed in several weeks. I was wondering what types of free or functional trial software I can use to scan my network for various weak entries, open shares, blank passwords on routers, sql, etc? We are wired only and no wireless.
They do two types of internal audits i'm mostly concerned with preparing for. The first is we give them access to our network as an end user and the second is when they find a random port then they try to gain access. What they won't do is sniff our network traffic for passwords.
We've done all the easy basic things like full disk encryption, usb lock, port lock downs, firewalls, anti virus on pc's. I'm looking for something that will go out on my network to find something more!
Unfortunately, I haven't implemented a DLP (Data Loss Prevention) system. That isn't scheduled to go live for another month or two.