Archive for the ‘Network Discovery’ Category

Network Discovery – The first building block of internal network security

January 6, 2007

One of the things I have learned about network security is that you cannot defend something or against something you are not aware of its existence.

Ask yourself the following questions:

  • Do I know what elements reside on my network(s)?
  • Do I know who is on my network(s)?
  • Do I know what is being done on my network(s)?
  • Does the information I have, if at all, is current?

Don’t be surprised if you have answered no to some of these questions.

Apparently knowing the network is one of the most neglected fields within network security.

Let’s take patch management as an example.

  • How many of your Microsoft Windows-based elements are currently using a patch management solution?
  • How many of your Microsoft Windows-based elements operate outside of an organizational domain?
  • To how many Microsoft Windows-based elements the patch management solution do not have access to?
  • Can you tell how many Microsoft Windows-based elements reside on your networks?

If your organization is requiered to comply with a certain regulation the organiztion is required to demonstrate its ability of controlling and knowing all of its assets…

Real-time contextual information regarding the IT infrastructure should serve as the basis for different management and security applications such as: Asset Management, CMDB, Compliance & Audit, Helpdesk, Intrusion Prevention and Intrusion Detection, NAC, Patch Management, Vulnerability Management, Etc.

Without knowing the network, one simply cannot manage or secure it.