Top “Un-noticed” Network Configurations Which Deserve Your Attention

September 19th, 2012

Even if you have reliable network monitoring agents running on your network, that doesn’t guarantee that you’re getting visibility into all of the most important security and configuration items that need to be regularly checked.  In human terms, its like the difference between hearing someone you love is “doing fine” and actually seeing so for yourself – there’s a lot more subtleties that come into play when someone really knows their subject, knows what they’re doing and knows what to look for…and suspects something “just might not be right.”

An Apt Description
“Something just not being right” might have been an fitting description for a case in Andrews, Texas where a man illegally accessed his former employer’s computer database and deleted a few very important files. The man had been an employee of a services provider to the domestic natural gas and oil exploration and production industry. He admitted to gaining illegal access to his former employer’s computer system and deleted approximately 68 files, including analysis reports on oil and natural gas wells in Odessa, Levelland, Denver City and Andrews.

This kind of stuff happens all the time. Sometimes the illicit activity is caught after the fact, when the damage is already done. More often than not, the business owners are taken completely by surprise. They assume that their networks are safe because they have software agents running on their network, because they have a firewall set up, and they’re running the latest virus protection and malware filtering programs.

A knowing body likely was not looking for that “something” that just wasn’t right; hence, a lot of vulnerabilities simply elude standard network monitoring and firewall security.

The Doctor's Top Un-noticed Network Configurations Which Warrant Your Attention
Here are my top network attributes that are most likely to fall under the radar of standard network monitoring systems:

  • Domain, network, system and application discovery
  • User password strength and risks.
  • Permissions and user rights
  • Devices connected, but unidentified
  • Existing issues on individual computer systems not being monitored
  • Discovery of SQL servers, Exchange servers, web servers, printers and more
  • Installed application inventory

Compiling this list was (unfortunately) easy after running a very simple scan on a wide range of networks that were supposed to be safe and secure. And, oftentimes after running an assessment, one or more unpleasant surprises are found.

The good news is that you can discover any of the issues associated with the network attributes I mentioned without spending a lot of money, taking down your network, installing a bunch of software, or disrupting your business in any way.

A simple scanning tool that runs on your domain controller does all the work, and usually in 10-30 minutes, for most networks. We will pull in a mountain of valuable data that our quality network technicians can evaluate - we'll tell you exactly what was uncovered and recommend appropriate remediation.

Any other quick and inexpensive network discovery suggestions?  What tools have you used and what they have helped you uncover?