|Lesson 7 ||Testing and evaluating |
|Objective|| Test and evaluate your network for security problems.|
Testing and Evaluating your Network for Security
Testing systems should be central to any security implementation plan. Below are some simple steps for testing existing and new systems.
Testing existing systems
Test your network with the same types of tools, methods, and techniques that hackers use. Numerous automated testing tools can also
assist you with this.
Consult server logs
Compare logs to determine how actual conduct confirms to the stated security policy. Note any deviations from the policy, then use
this information to improve user compliance.
Implementing New System
To implement a new system or test a new security setting, follow the steps below.
- Implement the policy on systems whose configurations are identical to those of normal systems.
- Place the system or systems on a different subnet.
- Simulate, as far as possible, conditions normal to the network.
- As with existing systems, test the new system against common hacker techniques.
Establish logging on all systems, and check the logs regularly. Configure your log files so that they will not become security
threats. Remain aware that existing policy will develop gaps as new hacker techniques develop. What might be secure today will
develop problems later, due to a hardware change, an operating system upgrade, or a bug in an application.