Network audits can be instrumental in sanitising your systems, ensuring there are no legacy, outdated or vulnerable applications lurking on the network.
You probably don’t need us to tell you that networks are complex beasts. Network administrators walk a tightrope between making sure all files are available for the right people at the right time, and ensuring that the unauthorised are denied access at every turn.
Knowing what is on your system is vital – we’ve previously discussed how many admins are surprised at what they find on their network when they perform an audit.
In the same way out-of-date food can linger in a pantry gathering dust for years, most networks harbour legacy applications that are no longer critical to the business. Unlike the outdated food though, they can cause real problems for the network if not dealt with.
“When it comes to proper network and information defense, a company’s security team must be familiar with the environment which they are to defend,” said Ryan Hays, Security Engineer at TBG Security. “What often falls by the wayside are the applications that are installed on various hosts or client machines.”
Are legacy apps lurking on your network?
As a network administrator, here are the type of questions you should be asking yourself:
- Have your users ever been allowed to install software without informing the IT department?
- Are there any applications on your system that have been retired by the vendor?
- Have your users ever been allowed to connect devices or add hardware to the network infrastructure without informing the IT department?
- Do your admins always fully document newly installed, updated or deleted software/hardware?
- Do you have a clear patching process in place?
- Are all traces of retired applications removed from the system once they have been superseded by new applications?
Why network audits help
Here are some of the advantages of conducting an audit for legacy systems:
- Less downtime. Bottlenecks caused by improper configurations or conflicting IP addresses can hinder employee productivity;
- Improved security posture. Network audits can help identify security risks (holes in your system, lack of security patches, etc.);
- Backup assurance. Backups are checked to ensure they are working as expected.
The upshot is simple: the result is a smaller attack surface and fewer vulnerabilities.
Recommendations and tips
If you have never conducted a concerted network audit before now, or it’s been a while since you have completed one, this task can seem a bit daunting.
Sourcing specialized computer security experts or personnel to review and audit software across the network on an quarterly basis is a good idea. Their experience and expertise will help to simplify and speed up the process.
Splunk’s tools simplify the cataloging of installed system software, secure compatible versions of the software, and allow for continual monitoring of the network environment to detect future vulnerabilities.
Splunk also offers continuous monitoring to provide network administrators with information on how the network might be affected when new exploits are released.
Creating a proper computer usage and system auditing policy will help to ensure you maintain a healthy and updated system. We’d recommend you establish and enforce a policy for regular patching of all your installed software as soon as patches and updates are made available from the vendors.
As part of this patching policy, make sure you include the time needed to test patches before full network implementation, as well as estimate how much network disruption might occur.
We’d also recommend that when installing patches and updates, the software is installed on one or two hosts first in order to determine whether the updates have any detrimental side effects, such as unanticipated bugs or issues.
Finally, as part of your policy, we recommend you specify which users, if any, are authorized to download or install software from reputable software vendors. A policy that prohibits employees from installing software helps to prevent the introduction of incompatible, unpatched, and unverified software into a company’s network environment.
About TBG Security Inc.
TBG Security is a leading provider of information security and risk management solutions for Fortune 100 and Fortune 500 companies. TBG designs and delivers cyber security solutions to work in harmony with existing operations. Companies depend on TBG services in areas including risk management,penetration testing, security policy development, security strategies for compliance, business continuity, network security, managed services,software and service integration and incident response.
For more information on how TBG Security can help your organization with your information security initiatives please visit https://tbgsecurity.com.