SysAudits network assessments are slightly different than most other network security reviews. Rather than expending time and resources searching, gathering, and discovering information from the public domain which can be interesting reading and knowledge, SysAudits prefers to jump-right-in with knowledge of host addresses and networks. Specifically, network assessments will be performed from both the Internet (externally) and within the agency or company’s local area network (internal).
SysAudits believes the external scans will provide an assessment of the threat from an outside attacker, while the internal scan would represent an attacker with knowledge of the targeted network and hosts. SysAudits will use a wide variety of tools and techniques to perform the network assessments. These tools include commercial-off-the-shelf (COTS) and proprietary tools developed by SysAudits.
In addition, SysAudits believes a full network assessment is not accomplished without assessing the network devices and their configurations. Therefore, SysAudits recommends that at a minimum, core routers and the primary firewall configurations be assessed after the external and internal testing is complete.
Network device configuration assessment coupled with the knowledge of any discovered vulnerabilities will only add value and improve the agency or company’s network security posture. Network device assessments include reviewing the configuration of the internal operating system (IOS) on which the firewall is implemented.
The primary intent of the configuration reviews is to identify weaknesses in controls within the firewall and router software configuration itself.