How can I assess the security of my network?
That depends on what aspects of network security you wish to assess. Are you looking to protect your network from outside attack, or are you trying to prevent insiders from misusing resources? Studies have shown that up to 70% of all computer crimes are committed by insiders.
Assuming you want to assess the security of the network against outside attacks, there are many good security scanners that are available, both commercial products and freeware. These scanners can give you a snapshot of what known vulnerabilities are available to be exploited in your network. However, none of these tools can find all the holes, and there are likely to be holes that haven't been discovered yet.
There is a good article in the Jan. 8, 2001 issue of Network Computing, which tested and ranked scanners.
A better way to assess security would be to hire a consultant trained in Information Security (INFOSEC) Risk Management. Particularly useful is the INFOSEC Assessment Methodology (IAM) developed by the National Security Agency. For more information, visit the INFOSEC Web site.
A well done INFOSEC Assessment will look at your entire security program from policies to implementation and make recommendations for improvement. This will address threats and vulnerabilities both from within and outside of your organization.
This was first published in February 2001