I’ve written few blog posts about my passion for the need for everyone to conduct regular network assessments. With all my years in the business, I’ve seen more than my fair share of unhappy people whose lives were turned upside-down by a network failure or compromise that never should have happened.
I understand if you’re skeptical. I would be too if I didn’t run into scary situations whenever I run one of our quick and easy network assessments. Here are eight common problems I typically find:
- Inactive users. Our scans reveal everyone who is configured on your system as a user. When we show that list to the owner, more often than not we find people who have been inactive for a long time because they’re no longer employed (but still have potential network access), or even sometimes users who are active, who shouldn’t be!
- Computers that have not logged in. Our scans will detect and highlight computers and devices that are technically still part of the network domain, but have not logged into the system. This usually happens with computers that are decommissioned for newer replacement models. The old machines are often given away to employees or charitable organizations, but are still technically part of the domain and able to gain access.
- Misalignment of IT asset organization. Our scans reveal how Active Directory is organized and lists all of the different security groups, computers and users. When we compare the network configurations against the company’s security policies there’s often some discrepancy that needs attention.
- Single Point of Failure. You probably don’t need a scan to know this, but there’s value in a report that highlights when an entire network is running off a single domain controller. If that baby goes, it’s goodnight Irene! Use the report to rethink the network vulnerability.
- Inappropriate User Access. I know you’ll think I’m stupid for writing this, but I can’t tell you how many times our scans reveal that everyone is set up as a system administrator. Fortunately, most end-users don’t know it and wouldn’t have a clue what to do even if they were aware. But I’ve see savvy computer users figure this out and take full (and inappropriate) advantage of this unintended access.
- Weak Passwords. When we do a scan, I get an automated assessment of the passwords that end-users have created to access the network. While our scan does not capture the actual passwords themselves, it can and does detect which passwords are weak — meaning that they don’t comply with the company’s minimum password specifications.
- External Vulnerabilities. One of the more important security holes that our scans can detect are ports that are open to the internet. Sometimes the client knows about the open port and is willing to take the risk of keeping it open. But often this comes as a complete surprise and the client asks us to lock it down.
- Lagging Patch Management. Our scans can detect the last time the key software and operating system was patched. We often find that the clients are not diligently uploading and installing the latest version of their OS, virus protection, browsers and other key applications. This, of course, exposes them to external security breaches.
Believe it or not all of these things, and more, can be uncovered in about 10-20 minutes using a non-invasive network assessment tool. There’s really no excuse not to have this procedure run on a regular basis. Each time you run it, you’re likely to find something that you’ll want to fix as a preventative measure. And, in the off chance that you come up with a completely clean report, you’ll rest better at night knowing your network is safe and secure.