Network Assesment

Networking/Security Forums -> Computer Forensics and Incident Response

Author: duster PostPosted: Tue Jan 22, 2008 4:39 pm    Post subject: Network Assesment
    ----
This is a question for all the security admins out there. I would like to know the steps that you all perform and the tools used in assessing a network for security threats, intrusion, etc. Given this senerio how would you assess this network. 200 windows 2000 client. 5 cisco switches, 40 win2003 servers, 300 remote users. cisco vpn concentrator, pix firewall. 10 remote offices. Any advice will be appreciated

Author: The_Real_GandalfLocation: Athens,Greece PostPosted: Wed Jan 23, 2008 1:11 pm    Post subject:
    ----
use a very good IDS , focusing on switches and routers , since the systems are way too much to handle one-by-one.

If you are able though to monitor protocols and ports/services, then you have done 90% of the job.

Gandalf

Author: Fracker PostPosted: Fri May 02, 2008 8:25 am    Post subject:
    ----
Good IDS deployment also need an assessment i guess!!

@Question

Network Assessment is based on your network architecture, if your network has the points where most of the communication has to pass, than i guess deploying IDS on those points will do the most of the Job. But still without reviewing these

For network Devices

1) Reviewing the Architecture, Designs (Especially ACLs, Zones, Policies) of the network
2) Reviewing the changes management details
3) Reviewing the Logs

You can never say it is even closed to complete.



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group