I came across some very interesting information the other day. Apparently the SANS institute (System Administration Networking and Security), has a list of 20 items that a business can implement at no cost. I realize that time is money too. Soooo, even if there is no direct monetary value attached to the ideas, someone still has to put them in place. If I was naming this list it would say 20 good ideas for security (definitely a cheap way to get it done). While I won't be covering this whole document right now, I plan to dive into it more over the next few weeks. Here is the link to the article if someone get's to jumpy and can't wait (http://www.sans.org/reading_room/whitepapers/hsoffice/small-business-budget-implementation-20-security-controls_33744)
Ok, so the real question is why do we care about securing networks? How effective are the ideas listed in this article? According to SANS, the adoption of this program in 2009 resulted in an 88% drop in vulnerabilities. In other words the number of systems which were vulnerable went down a lot. It bears reminding that a vulnerability is a weakness which may be exploited in a system. It is like locking a window in your house. Just because a windows is open doesn't mean a thief will break into it. So, onto the vulnerabilities, let's start with item one on the list.
- Inventory of authorized and unauthorized devices.
Small bushiness's are notoriously busy doing everything in their power to make money. When a computer is broken they buy a new one. When they network goes down they call a guy to fix it. That guy buys some equipment and puts it into place. The problem is solved and business as usual goes on. This happens over a long timeline. No one considers any of it, after all things are working. At some point in this a company get's to a size where they need a little more formal I.T. help. The company may hire an MSP (managed service provider). This MSP may make their network more complicated. They may host the e-mail for the company, or offer to take care of the Anti-Virus system. However, and I can only speak from my experience, they will not document what happens. They won't serialize the PC's on the network and list the MAC (Media Access Control) number. As an interesting aside you can tell a lot by one of these. Most likely what kind of equipment it is or where it came from. Check these links out for further information. (http://www.coffer.com/mac_find/ , http://en.wikipedia.org/wiki/MAC_address). That is because while these things are helpful, they are not vital to the immediate need of a business. However, they are vital to the integrity of a business's information.
I mentioned some of this in last week's post. I won't belabor the point, but if I knew what the good items on the network were, I could have isolated the bad one by Mac address. So, how does one go about getting this inventory going? There are certainly many ways to accomplish this. However, for free, I would start with spice works. This piece of software will scan your network and figure out what you have on it. If you have managed switches, you can also check the ARP tables (Address Resolution Protocol) on those switches. If you are in a domain environment, and you have a file server, you can check the ARP table there as well. You can even check your DHCP server. This will have the same information. In order to track ongoing changes, SANS recommends sourcefire RNA, this will make alerts when a new device is added. However, I was unable to find any information about getting Sourcefire for free. Spiceworks will do this. While the notification will be less automatic, it will help you notice when something new shows up.
While this doesn't cover everything in a hardware inventory, I hope it does point out some simple steps.
No comments:
Post a Comment