Network Audits

A network audit makes use of various tools, and discovers potential vulnerabilities on the local networks. A network topology is built using SNMP and other protocols, and compared to the current understood topology (if there is one). Specific problems that may be inherent in a particular style of networks will be addressed at the time the audit is arranged. Very few networks are homogeneous, and it is assumed that most networks will require a unique approach.

A network audit consists of the following:

• External Network Penetration Test
• Network Topology Analysis
• Host Security and Integrity Test
• Report and Presentation

It is expected that the tester and the customer agree upon the scope and depth of the test. Tests may be expanded or narrowed to meet the needs of the customer. No extreme methods will be used, since it would impose undue logistical difficulties.

Network Type

Network Audits include, but are not limited to, the following types and protocols

• TCP/IP
• AppleTalk
• NetBIOS/NetBUI
• SNA
• DECNet
• OSI and Other

Operating System Type

• Unix
• Commercial
• Sun/Solaris
• Sun/SunOS
• HP/UX
• SGI/IRIX
• IBM/AIX
• Compaq/Unix (under its many names)
• Less Common
• BSDI
• SCO
• QNX
• Open Source
• Linux
• FreeBSD
• OpenBSD
• NetBSD
• MicroSoft
• MS/DOS
• Windows 3.x
• Windows 95
• Windows 98
• Windows NT 3.x/4.0
• Windows 2000
• MVS
• VMS
• Other
• BeOS
• FreeDOS

External Penetration Test

An external penetration test will be performed to determine network based vulnerabilities. This will include tests of the Internet firewall, DNS, routers and other network devices.

Testing methods including, but not limited to, TCP high-jacking, DNS spoofing, IP spoofing, source routing, source port spoofing and routing redirection.

Network Topology Analysis

An analysis of the network topology will be conducted. It will consist of a review of the currently deployed network technologies and the effectiveness of such technologies. Analysis will include, but is not limited to: Evaluation of trust relationships, single point failures, network protocols, and network types.

Initial evaluation will be completed with an automated network topology scanner. Additional manual testing will be conducted to examine the possibility of access escilation.

Host Security and Integrity Testing

Each host on the network will be inspected for possible security or efficiency problems. This procedure will be done in several phases.

Phase I: A sweep with an automated scanner will be completed to identify hosts that are attached to the customer's network. This scan will identify the types of hosts that are attached to the network as well as locate any unregistered or rogue systems.

Phase II: An automated security sweep will be performed to identify common security problems, using a scanner such as ISS or CyberCop. Tools like Saint or Nessus may also be used.

Phase III: A team will manually verifiy problems noted by automated procedures and test for other security problems that automated procedures cannot detect.

Report and Presentation

After the completion of individual tests, the customer will be provided with a summary sheet of the test results. This is not intended to be a final report, but is meant to provide the customer with the highlights and significant elements of the report that will be provided.

After all phases are complete, collected data will be studied, a report will be formally written, and an oral presentation describing the finding of the audits and studies will be given. This report will include recommendations for the correction of any security problem or risks observed during the audit. When possible, the report will contain multiple solutions or work-arounds to said problems.