Ask the Expert

Network assessment

How can I assess the security of my network?

    Requires Free Membership to View

That depends on what aspects of network security you wish to assess. Are you looking to protect your network from outside attack, or are you trying to prevent insiders from misusing resources? Studies have shown that up to 70% of all computer crimes are committed by insiders.

Assuming you want to assess the security of the network against outside attacks, there are many good security scanners that are available, both commercial products and freeware. These scanners can give you a snapshot of what known vulnerabilities are available to be exploited in your network. However, none of these tools can find all the holes, and there are likely to be holes that haven't been discovered yet.

There is a good article in the Jan. 8, 2001 issue of Network Computing, which tested and ranked scanners.

A better way to assess security would be to hire a consultant trained in Information Security (INFOSEC) Risk Management. Particularly useful is the INFOSEC Assessment Methodology (IAM) developed by the National Security Agency. For more information, visit the INFOSEC Web site.

A well done INFOSEC Assessment will look at your entire security program from policies to implementation and make recommendations for improvement. This will address threats and vulnerabilities both from within and outside of your organization.

This was first published in February 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: