Securing Resources   «Prev  Next»

Lesson 7 Testing and evaluating
Objective Test and evaluate your network for security problems.

Testing and Evaluating your Network for Security

Testing systems should be central to any security implementation plan. Below are some simple steps for testing existing and new systems.

Testing existing systems

Test your network with the same types of tools, methods, and techniques that hackers use. Numerous automated testing tools can also assist you with this.

Consult server logs

Compare logs to determine how actual conduct confirms to the stated security policy. Note any deviations from the policy, then use this information to improve user compliance.

Implementing New System

To implement a new system or test a new security setting, follow the steps below.
  1. Implement the policy on systems whose configurations are identical to those of normal systems.
  2. Place the system or systems on a different subnet.
  3. Simulate, as far as possible, conditions normal to the network.
  4. As with existing systems, test the new system against common hacker techniques.
Establish logging on all systems, and check the logs regularly. Configure your log files so that they will not become security threats. Remain aware that existing policy will develop gaps as new hacker techniques develop. What might be secure today will develop problems later, due to a hardware change, an operating system upgrade, or a bug in an application.