General discussion

Locked

overall network security audit - how to?

By webmaster ·
I am, at this time, a strictly self taught system administrator on about a 25 PC network for a mid-sized police department. I pull "double duty" as a patrolman as well. We are running WinNT4 on one PDC and two BDCs with clients running WinNT4 Wkst/Win95/98. Due to our Nationally Accredited status, I am required as of this month to perform a first annual full security audit of our network with a written report. I am reasonably knowledgeable and have maintained and expanded this network since April of last year, adding two ADSL internet connections and setting up WinRoute Lite to handle NAT and provide that connection to other PCs on the network. The connection is always active. My main concern as far as security is my own lack of education on outside intrusion. My first recommendation in this audit is to get me some formal training in security issues! I only very generally understand what NAT does. If an outside hacker gets around that, what is the likelihood that his attempts to connect to the network will show up in the security log? Or, if WinRoute stops his efforts, will it show up in the security log then? What about intrusion detection software? WinRoute Lite does none of that. I expect there would be conflicts with Winroute Lite and any intrusion detection stuff - two separate pieces of software trying to do a similar job with the same aspect of NT. Agree? Workarounds? I currently have all shares set so that only authenticated domain users can log on. I guess I'm looking for some direction here with whatever specifics can be offered. I have no clue how to do a full and formal written security audit. I'm sure I can accomplish it but I am concerned about my serious lack of "hacking and anti-hacking" knowledge. Some serious input would be appreciated. Thanks!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

overall network security audit - how to?

by Clint Hartner In reply to overall network security ...

Check out www.isaca.org - this group certifies IS auditors. They have a book they call CoBIT, which has guidelines for auditing many features of an operation, including security. This site also details training for getting certified as an auditor.

For straight Information Security training and certification, try www.isc2.org or www.sans.org. ISC2 provides training and certification as a Certified Information Systems Security Professional (CISSP). SANS also offers certification. I see CISSP as a certification with an emphasis on management, but with knowledge of technology. The SANS certification is more hands-on security for the network administrator.

Personally I'm pursuing both CISA and CISSP (thankfully my company is helpingpay).

Good luck!

Clint

Collapse -

overall network security audit - how to?

by webmaster In reply to overall network security ...

"Hands-on" training is definitely what I need! Sans.org seems great. I haven't looked at the other site in-depth yet. Thanks!

Collapse -

overall network security audit - how to?

by insatiable In reply to overall network security ...

I highly recommend SANS. I've been a member of SANS for about five years. Systems Administrators Networking and Security. You're performing all of those roles, as many of us do.
SANS is free, other than the Security Training, which is highly recommended. I went to the course in Monterey a few months ago for the Unix Security and it was the BEST conference/symposium/training session, whatever you want to compare it with, that I have ever had in the 20 years of my experience.
You can find information to secure your systems and network at the website.
A noble statistic from the SANS org is that within five minutes of putting a system on the internet, it can be recognized by a hacker. Within 5-10 minutes it can be intruded.
Winroute isn't the security you need - you have to go beyond thatk, especially if you're sharing. Passwords are cracked, etc.
Please go to www.sans.org, even if you don't give me points! hahaha
You'll find a list of resources on the first page. If you're self-taught in the other things you've been doing -- you'll find this a piece of cake, literally!
Auditing information is available too. Sorry I'm not giving you urls, but I think once you get to SANS, you'll be all over that site. :-)
Good luck -- let me know what you think!
Melissa

Collapse -

overall network security audit - how to?

by webmaster In reply to overall network security ...

Lots of info at sans.org, thanks!

Collapse -

overall network security audit - how to?

by webmaster In reply to overall network security ...

I have checked out the sites you both mentioned. Both of you have been helpful. Thanks, but can either of you answer the more specific question I posted about outside attempts to access the network showing up in NT's security log? I have used somehacker and other software from home in attempt to access our network, but no attempts have shown up in the security log. Shouldn't they? I am auditing successful and unsuccessful logons. I must confess, I really don't know what I'm doing in my attempts to "hack in." Maybe I wasn't doing something right. But again, shouldn't the log pick that up?

Collapse -

overall network security audit - how to?

by webmaster In reply to overall network security ...

Nevermind the above - I found my answer to that at sans.org!

Collapse -

overall network security audit - how to?

by webmaster In reply to overall network security ...

This question was closed by the author

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums