What to look for in a Security Assessment

When we perform a security assessment we typically use third party tools to review a customers network environment and prepare a series of reports. The following is a brief overview of the reports that should be included.

Security Risk Report 

Risk Score and chart shows the relative health of the network security, along with a summary of the number of computers with issues. This report includes outbound protocols, system control protocols, user access controls, external vulnerabilities summary, and dark web password and credential breaches. 

Security Management Plan 

Helps prioritize remediation based on the issue risk score. A listing of all security related risks are provided along with recommended actions. 

Computer Security Report Card 

The Computer Security Report Card assesses individual computers based on security criteria. Devices discovered on the network are assigned an overall score, as well as a specific score for each of the assessment categories detailed in the report card. 

Anomalous Login Report 

Identify anomalous user logins with this report that methodically analyzes login history from the security event logs. The report uses mathematical modeling and proprietary pattern recognition to highlight potential unauthorized users who log into machines they normally do not access and at times they normally do not log in. 

External Vulnerabilities Scan Report 

A comprehensive output including security holes and warnings, informational items that can help make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports. 

Outbound Security Report 

Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility. 

Security Policy Assessment Report 

A detailed overview of the security policies which are in place on both a domain wide and local machine basis. 

Share Permission Reports 

Share Permission Report by Computer lists all network “shares” by computer, detailing which users and groups have access to which devices and files, and what level of access they have.  

Share Permission Report by User Organizes permissions by user, showing all shared computers and files to which they have access. 

User Behavior Analysis Report 

Shows all logins, successful and failure, by user. Report allows you to find service accounts which are not properly configured (and thus failing to login) as well as users who may be attempting (and possibly succeeding) in accessing resources (computers) which they should not be. 

Login History by Computer Report 

Same data as User Behavior but inverted to show you by computer. Quite useful, in particular, for looking at a commonly accessed machines (file server, domain controller, etc.) – or a particularly sensitive machine for failed login attempts. An example would be CEO’s laptop – or the accounting computer where you want to be extra diligent in checking for users trying to get in. 

Login Failures by Computer Report 

Report identifies users who have succeeded in logging in to another machine. Great for auditing/logging purposes to know of all attempts. 

Data Breach Liability Report 

Identifies specific and detailed instances of personal identifiable information (PII) and cardholder data throughout a computer network that could be the target of hackers and malicious insiders. It also calculates the potential monetary liability and exposure based upon industry published research. 

RSOP Settings Reports 

RSOP Computer Settings Report 

This report analyzes the various Resulting Sets of Policy (RSOP) based on computer policy settings on computers in the environment and can be used to assess how many variants of settings exist in a network.  Small variants might be a result of misconfiguration of misapplication of Group Policies at the computer level. Use this report to demonstrate how you might be able to create consistent policies or avoid one-off settings and misconfigurations that lead to inconsistent security policy application. 

RSOP User Settings Report 

This report analyzes the various Resulting Sets of Policy (RSOP) based on user policy settings on computers in the environment and can be used to assess how many variants of settings exist in a network.  Small variants might be a result of misconfiguration of misapplication of Group Policies at the user level. Use this report to demonstrate how you might be able to create consistent policies or avoid one-off settings and misconfigurations that lead to inconsistent security policy application. 

Total
0
Shares
Leave a Reply

Your email address will not be published.

Related Posts