Author: duster, Posted: Tue Jan 22, 2008 4:39 pm Post subject: Network Assesment ---- This is a question for all the security admins out there. I would like to know the steps that you all perform and the tools used in assessing a network for security threats, intrusion, etc. Given this senerio how would you assess this network. 200 windows 2000 client. 5 cisco switches, 40 win2003 servers, 300 remote users. cisco vpn concentrator, pix firewall. 10 remote offices. Any advice will be appreciated
Author: The_Real_Gandalf, Location: Athens,GreecePosted: Wed Jan 23, 2008 1:11 pm Post subject: ---- use a very good IDS , focusing on switches and routers , since the systems are way too much to handle one-by-one.
If you are able though to monitor protocols and ports/services, then you have done 90% of the job.
Gandalf
Author: Fracker, Posted: Fri May 02, 2008 8:25 am Post subject: ---- Good IDS deployment also need an assessment i guess!!
@Question
Network Assessment is based on your network architecture, if your network has the points where most of the communication has to pass, than i guess deploying IDS on those points will do the most of the Job. But still without reviewing these
For network Devices
1) Reviewing the Architecture, Designs (Especially ACLs, Zones, Policies) of the network
2) Reviewing the changes management details
3) Reviewing the Logs