Abstract image of a woman sitting on books and studying on a laptop

Network-Security-Audit

Y
Yigal Behar

A law firm with over 10 branch locations hired a security firm to audit their network security. The audit had 3 phases: discovery of all network devices, creation of network diagrams, and assessment of management access practices, device hardening practices, and network policies. The assessment highlighted any omissions in security settings and adherence to industry standards. A final report was generated that both technical and non-technical stakeholders could understand. The security firm concluded it delivered greater security, visibility and control over the law firm's infrastructure.

1 of 1
Download to read offline
1
80 Broad Street, 5th Floor New York, NY 10004 www.2secure.biz info@2secure.biz Tel: 646-666-9601 Fax: 718-942-5355 Date: 10/13/2014 Case Study: NETWORK SECURITY AUDIT Preface: A Network Security Audit evaluates network devices for security settings and recommends changes to en- hance resilience and compliance. The Case: A Law Firm headquartered in New-York City with more than 10 worldwide branch locations, was looking to perform a Network Security Audit on its infrastructure. This audit followed 3 main phases: Discovery: Documenting devices with their Location, Model #, serial, MAC and management IP Network Diagrams: Create global and location based diagrams. Assessment: Management Access Best Practices  TACACS+ (highlight omissions)  SNMPv3 (highlight omissions)  Privilege levels (highlight omissions)  Line, console, VTY access  AAA functionality correct and operational  Support for SSHv2, no Telnet  Use of HTTPS and disable HTTP (if applicable) Assessment: Device Hardening Best Practices  Secure routing practices  Disable unused services and ports  Device plane hardening techniques  Infrastructure ACLs  Layer-2 security  Performance Recommendations Assessment: Network Policy Review  Validate current device OS software against known PSIRT advisories  Adherence with industry and regulatory requirements The above process was fully documented with a report that both Managers and Engineers understood. In Conclusion: Our experts delivered greater security, visibility and control over infrastructure while saving money. About 2Secure Corp 2Secure is a Cyber Security firm that takes a PROACTIVE approach to solving network problems. We provide the right tools to fix problems the first time around – in fact, we guarantee it!

More Related Content

PDF
VAPT Services by prime
Prime Infoserv
 
PDF
Trustport - Roman Veleba
Jan Fried
 
PDF
Darryl T. Smith Resume (1)
Darryl Smith, CISSP
 
PDF
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Security Session
 
DOCX
Jeffrey_Smith_Resume_2016
Jeffrey Smith
 
PDF
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
PPTX
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
PPTX
What is Next-Generation Antivirus?
Ryan G. Murphy
 
VAPT Services by prime
Prime Infoserv
 
Trustport - Roman Veleba
Jan Fried
 
Darryl T. Smith Resume (1)
Darryl Smith, CISSP
 
Insights of a brute-forcing botnet / VERONICA VALEROS [CISCO]
Security Session
 
Jeffrey_Smith_Resume_2016
Jeffrey Smith
 
Penetration Testing Services, Penetration Testing
eNinja Technologies
 
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
What is Next-Generation Antivirus?
Ryan G. Murphy
 

What's hot (20)

PDF
Carbon Black Corporate Overview 2016
Exclusive Networks ME
 
PPT
Ch19
Joe Christensen
 
PDF
JAKU Botnet Analysis
Napier University
 
PDF
RAMNSS_2016_service_porfolio
Rhys A. Mossom
 
PPTX
Nac market
Sumit Bhat
 
PDF
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
PDF
Larry fermi generic nac overview-expanded - atlseccon2011
Atlantic Security Conference
 
PPTX
Base Metal Forensics
Napier University
 
PPT
What Every Organization Should Log And Monitor
Anton Chuvakin
 
PDF
Penetration Testing Services
Cyber 51 LLC
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PDF
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
PPT
Firewall audit
Velliyangiri K.S
 
PPTX
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
PPTX
Intro to Network Vapt
Apurv Singh Gautam
 
PPTX
Ethical Hacker
keriann70
 
PPTX
OTG - Practical Hands on VAPT
shiriskumar
 
PDF
Security and Privacy in Visual Sensor Network
Khan Reaz
 
PPTX
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Carbon Black Corporate Overview 2016
Exclusive Networks ME
 
Ch19
Joe Christensen
 
JAKU Botnet Analysis
Napier University
 
RAMNSS_2016_service_porfolio
Rhys A. Mossom
 
Nac market
Sumit Bhat
 
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Larry fermi generic nac overview-expanded - atlseccon2011
Atlantic Security Conference
 
Base Metal Forensics
Napier University
 
What Every Organization Should Log And Monitor
Anton Chuvakin
 
Penetration Testing Services
Cyber 51 LLC
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Firewall audit
Velliyangiri K.S
 
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Intro to Network Vapt
Apurv Singh Gautam
 
Ethical Hacker
keriann70
 
OTG - Practical Hands on VAPT
shiriskumar
 
Security and Privacy in Visual Sensor Network
Khan Reaz
 
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Ad

Viewers also liked (12)

PDF
Network Audit
Michael Cohen
 
PDF
Technology Audit
Arish Roy
 
PPT
Harris Network Audit Pp
wericsmith
 
PDF
Inbound.org Technical SEO Audit
Sam Mallikarjunan
 
PDF
Quick Technical SEO Audit Checklist - Peter Handley Brighton SEO April 2014
Peter Handley
 
PPT
Audit of it infrastructure
pramod_kmr73
 
PDF
Network Architecture Review Checklist
Eberly Wilson
 
PPT
3. security architecture and models
7wounders
 
PPSX
2 Security Architecture+Design
Alfred Ouyang
 
PDF
How to do a Project Audit
AdaptiveOrg Inc.
 
DOCX
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
 
DOCX
Project audit & review checklist
Ram Srivastava
 
Network Audit
Michael Cohen
 
Technology Audit
Arish Roy
 
Harris Network Audit Pp
wericsmith
 
Inbound.org Technical SEO Audit
Sam Mallikarjunan
 
Quick Technical SEO Audit Checklist - Peter Handley Brighton SEO April 2014
Peter Handley
 
Audit of it infrastructure
pramod_kmr73
 
Network Architecture Review Checklist
Eberly Wilson
 
3. security architecture and models
7wounders
 
2 Security Architecture+Design
Alfred Ouyang
 
How to do a Project Audit
AdaptiveOrg Inc.
 
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
 
Project audit & review checklist
Ram Srivastava
 
Ad

Similar to Network-Security-Audit (20)

PPTX
How to perform a network security audit for.pptx
lahirur
 
PDF
PCI Compliance NOT for Dummies epb 30MAR2016
Erika Powell-Burson, MSIA, CISSP, CISA
 
PDF
Chamber Technology Committee Presentation
Tony DeGonia (LION)
 
PDF
The Legal Case for Cybersecurity
Shawn Tuma
 
PPTX
Cyber Risks Implementation on an IP MPLS Network
Gabriel E Ozique
 
PPT
Network Capability Profile
pds2k.com
 
PPTX
PCI DSS Business as Usual (BAU)
Kimberly Simon MBA
 
PPTX
Network Security Forensics
seniorsam
 
PPTX
Increasing Challenges in Healthcare Privacy and Security
CynergisTek, Inc.
 
PPTX
Csa presentation november 2016 sloane ghx
Trish McGinity, CCSK
 
PDF
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
PDF
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
PPT
Security Readiness Profile
pds2k.com
 
PDF
Defcon 22-tim-mcguffin-one-man-shop
Priyanka Aash
 
PPTX
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
DOCX
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
PDF
Monotype Enterprise Complete Scan Report 2024
nopihab937
 
PPTX
10. Process: ocp cfops security and access
ssusereb347d
 
PPTX
Aligning Application Security to Compliance
Security Innovation
 
PDF
f6_cyber_security_and_your_agency.pdf
Surendhar57
 
How to perform a network security audit for.pptx
lahirur
 
PCI Compliance NOT for Dummies epb 30MAR2016
Erika Powell-Burson, MSIA, CISSP, CISA
 
Chamber Technology Committee Presentation
Tony DeGonia (LION)
 
The Legal Case for Cybersecurity
Shawn Tuma
 
Cyber Risks Implementation on an IP MPLS Network
Gabriel E Ozique
 
Network Capability Profile
pds2k.com
 
PCI DSS Business as Usual (BAU)
Kimberly Simon MBA
 
Network Security Forensics
seniorsam
 
Increasing Challenges in Healthcare Privacy and Security
CynergisTek, Inc.
 
Csa presentation november 2016 sloane ghx
Trish McGinity, CCSK
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Security Readiness Profile
pds2k.com
 
Defcon 22-tim-mcguffin-one-man-shop
Priyanka Aash
 
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
Monotype Enterprise Complete Scan Report 2024
nopihab937
 
10. Process: ocp cfops security and access
ssusereb347d
 
Aligning Application Security to Compliance
Security Innovation
 
f6_cyber_security_and_your_agency.pdf
Surendhar57
 

More from Yigal Behar (8)

PDF
Hedge Fund Alert - Vendors List
Yigal Behar
 
PDF
January 2017 Printed Newsletter
Yigal Behar
 
PDF
December 2016 Printed Newletter
Yigal Behar
 
PDF
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
PDF
HFA103013
Yigal Behar
 
PDF
fund-managers-on-the-hunt-1
Yigal Behar
 
PDF
Penetration-Testing
Yigal Behar
 
PDF
Incident-Response-Policy
Yigal Behar
 
Hedge Fund Alert - Vendors List
Yigal Behar
 
January 2017 Printed Newsletter
Yigal Behar
 
December 2016 Printed Newletter
Yigal Behar
 
cybersecurity-in-the-c-suite-a-matt
Yigal Behar
 
HFA103013
Yigal Behar
 
fund-managers-on-the-hunt-1
Yigal Behar
 
Penetration-Testing
Yigal Behar
 
Incident-Response-Policy
Yigal Behar
 

Network-Security-Audit

  • 1. 80 Broad Street, 5th Floor New York, NY 10004 www.2secure.biz info@2secure.biz Tel: 646-666-9601 Fax: 718-942-5355 Date: 10/13/2014 Case Study: NETWORK SECURITY AUDIT Preface: A Network Security Audit evaluates network devices for security settings and recommends changes to en- hance resilience and compliance. The Case: A Law Firm headquartered in New-York City with more than 10 worldwide branch locations, was looking to perform a Network Security Audit on its infrastructure. This audit followed 3 main phases: Discovery: Documenting devices with their Location, Model #, serial, MAC and management IP Network Diagrams: Create global and location based diagrams. Assessment: Management Access Best Practices  TACACS+ (highlight omissions)  SNMPv3 (highlight omissions)  Privilege levels (highlight omissions)  Line, console, VTY access  AAA functionality correct and operational  Support for SSHv2, no Telnet  Use of HTTPS and disable HTTP (if applicable) Assessment: Device Hardening Best Practices  Secure routing practices  Disable unused services and ports  Device plane hardening techniques  Infrastructure ACLs  Layer-2 security  Performance Recommendations Assessment: Network Policy Review  Validate current device OS software against known PSIRT advisories  Adherence with industry and regulatory requirements The above process was fully documented with a report that both Managers and Engineers understood. In Conclusion: Our experts delivered greater security, visibility and control over infrastructure while saving money. About 2Secure Corp 2Secure is a Cyber Security firm that takes a PROACTIVE approach to solving network problems. We provide the right tools to fix problems the first time around – in fact, we guarantee it!