Internal network vulnerabilities: are you at risk?
When it comes to securing your perimeter, you already do a great deal to comply with regulators. You understand the risk of an attack on your network from malicious code on the Internet. You have a firewall with intrusion detection. You have gateway anti-virus and you run vulnerability assessments on your external IP addresses.
But what are you doing to ensure your internal network is secure? You may not realize it, but malicious code can easily bypass your external defenses. Trusted third-party connections, laptops that have been connected to a foreign network, employee software downloads or visits to malicious websites can compromise your internal network. Once on your network, malicious code can:
- Flood your network with traffic, paralyzing your business;
- Read, transmit, modify or delete data;
- Damage or erase operating systems; or
- Supply hackers with information to break through your external defenses.
Proper operating system configuration, website content filtering, local anti-virus and effective patch management are a great start in protecting your network from internal vulnerabilities, but these internal measures need to be tested, too.
There’s a simple way to measure and track the security of your internal network: internal vulnerability assessments. An assessment can detect malicious code, operating system configuration errors, and missing security patches on laptops, desktops, servers and printers not accessible to an external scan. During an on-site visit, a secure laptop will execute a program to detect and scan all devices connected to your internal network.
Internal vulnerability assessments should be part of your standard security program and performed on a regular basis to maintain the highest level of protection. The cost of an assessment will depend on the number of devices on your network, but it’s a quick and efficient tool for analyzing the management of your internal network environment.
—Janet Wilth CISA, CISM, has more than 25 years of experience in the IS industry and is employed with SPC Integrated Solutions, a division of Security Products Company, an ICBM Associate member.
