Viruses, hacking techniques, and other outside threats are always changing. Is your network equipped to handle them as well? Instead of assuming your company's system is resilient against all outside threats, be sure of it by conducting a network assessment.
A full analysis of security, a network assessment tests the server, firewall, and other devices for weak points. Simulating hacker tactics – also referred to as "ethical hacking" – a network assessment attempts to access the system from the outside. Common techniques used for conducting a network assessment include penetration tests, personal interviews, vulnerability scans, examining operating systems, and researching historical data.
On a large scale, a breach of network security can become WikiLeaks' usurping of U.S. government documents. Although your company may not be the target of such threats, smaller attacks can be just as harmful, resulting in disabled security or identity theft. Small and medium-size businesses are particularly vulnerable to security breaches, in which files, records, and data are stolen by a third party, and a network assessment identifies these weak points and offers solutions. Some of the factors considered and examined in an assessment include:
- Company security policies and how they are used.
- Where are access control lists and audit logs?
- Are the audit logs being reviewed?
- Are your network security settings up to industry best practices standards?
- Have all unnecessary applications been deleted?
- Are all operating systems and commercial programs up to date?
- Does the system have a backup, and if so, where is it?
- Is the system backup up to date, and how is it accessed?
- Does your business have a disaster recovery plan?
- Are adequate data encryption tools configured?
- Do all custom-built applications correspond with security and have they been tested?
- Are configuration and code changes being documented? Who reviews these records?
- Previous security incidents
Once the full network assessment is complete, the company conducting the procedure, such as Robrige, produces a report. Consisting of a summary, findings, and data, the report indicates problem areas and offers solutions for addressing them.
Network security assessment, however, should not be a one-time procedure. Network configurations and security changes and external threats evolve, and not being up-to-date and fully protected makes your business's system open to risks. If part of your network has changed, a security assessment should follow. Even if everything stays the same, hacker tactics, viruses, and other threats are always being revised to undermine network security, and to be fully protected, have a network assessment completed regularly.