Security

One member's security assessment is an eye-opener for his client

When he was hired to perform an assessment for a client following an electronic break-in, an IT consultant found all kinds of security problems. Here's a rundown of the tools he used, what he finally found, and his prescription for a security fix.

When John Verry, a security consultant and a TechRepublic contributor, was hired by a client to perform a security assessment following the theft of customer information, he took us along for the ride. In a three-part series, Verry, who heads CQUR IT, a consulting firm that specializes in security, showed us what the compromised company had in place, what tools he used to illustrate his client’s security vulnerabilities, and what remedies he prescribed.

If you missed Verry’s articles, here’s a chance to catch up. When you’ve finished reading all three articles, tell us about the additional security tools you use to test your own system or your clients’ networks.

Comprehensive security audits unearth common wireless vulnerabilities
Instead of focusing on the client’s recent break-in, Verry used this one incident as a chance to ensure that whatever vulnerabilities existed in the $165 million company could be addressed. After meeting with executive management, major business unit leaders, key application/system/data “owners,” and many members of the IT organization, Verry and his team began their investigation.

Penetration testing finds more holes in wireless network
A large part of Verry’s assessment involved the use of “War Driving,” in which he and several colleagues found that his client’s WLAN was unsecured and accessible from any area within 500 feet of the client’s office building. In this installment, Verry details how he used hacker tools, including Nmap, NetCat, and Whisker, to detail the specific vulnerabilities in the network.

Security audit's final steps: Break the bad news and fix the WLAN
So once you know of your client’s vulnerabilities, what comes next? In this case, Verry spoke with senior management and gave them an unsettling demonstration that illustrated how easy it was to access the client’s customer data. He also included a rundown of his company’s prescription for better security.
0 comments

Editor's Picks