Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Audit example


Published on

Audit example

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Audit example

  1. 1. NETWORK AUDIT 8-20-2017
  2. 2. Review servers and think about buying a single virtual server replacement, or a cloud server infrastructure for these applications. Both servers have expired warranties, battery backup and security issues. Both servers could run easily on a newer generation Dell server and keep costs low, while getting everything back under warranty and an opportunity to reconfigure the network / server settings with security in mind fixing a lot of the issues expressed here today. In general, the network is neglected. There is no maintenance schedule in place for the updates, and security review of the servers. While it’s true the hack attempts were resolved, it was only found under a third-party review. There should be multiple layers of security which doesn’t exist now. Security isn’t a priority on the network. Check recommended action items at the end of the document.
  3. 3. Network is running on a Dell Power Connect 5548, which is a great switch for this environment. Firmware is outdated on the firmware, but isn’t a critical issue. Firewall is a Fortinet 90D with wireless. Recommend replacing old firewall with a next generation firewall with advanced threat detection – SonicWALL for example. Utilize VPN connections where necessary, and remote all external access to servers except from authorized people. Firmware on the firewall is expired and should be renewed or replaced. Multiple firewall policies exist that shouldn’t allow traffic into the network. There are legacy items on the firewall that should be removed to tightened security. It doesn’t look like the administrator has full understanding of the features and functions of the firewall. There is a lack of technical policy understanding on the firewall. Some policies exist that shouldn’t, allowing traffic into the network. This is what caused the hack attempts into the network. There is no way to tell for sure without a forensic audit of the servers if there was an actual breech of data. We have the ability today to geo-limit people based on location, and payloads. Implement security, HIPPA and remote access with the sensitive materials (pictures) and names of people would be a popular target for hackers.
  4. 4. Two physical servers are on the network, a T410, and an R520. Both of which have expired warranties. We recommend keeping any server in production under warranty. For the cost of a single failed drive this server could be warrantied. I will attach a quote to renew the warranty. Server SQL: Server hasn’t been updated since 2/11/2017, see screenshot below. Servers store critical data, and are susceptible to virus just like any other machines. This server needs a maintenance schedule implemented, and updates installed. Firewall is disabled, and should be enabled. See screenshot.
  5. 5. This server is running Small Business Server 2008, which is almost 10 years old now. The product has been in part end-of-lifed from Microsoft. Server is not updating, and last attempts at updating failed, see screenshot. Last update was in January. Java is out of date. Java, and Adobe are the two critical entry points for hackers. Keep them both up to date, and uninstall them on servers if they’re not required. Server firewall is disabled, and should be enabled with specific ports allowed through, just like the main Fortinet firewall, and the network services that NextTech needed. See screenshot. SERVER 01
  6. 6. SERVER 01
  7. 7. • Web Root is up to date, and managed on the network. • Check license and expiration, and validate it’s not expiring. • No access to the console of the Anti-Virus program.
  8. 8. Speed tests are slow, check local internet options for faster internet. LIVE Consulting has a master agreement that we have a little bit of leverage to help get deals done on internet. We can run the address if you would like to see what’s available.
  9. 9. No software audit done. Check licenses for systems in use. Server and server CALs. Microsoft has said they will audit every small business for licenses.
  10. 10. Physical security of the server is behind a locked door, although the door isn’t locked most days.
  11. 11. No software monitoring installed. Recommend a software package to watch for failed updates, backups, event log errors, security events, and other type of agent monitoring solutions for proactive maintenance.
  12. 12. SQL Server – backups are running as they should locally, no offsite data existing. A job is created to copy all data offsite, but the job is running into a timeout and failing. See Screenshot below. This means if there was a fire, theft of the server, or failure of the server room for any reason no backups are recoverable of the most critical data. Live Consulting recommends a 3-2-1 backup system. 3 copies of the data, in 2 locations, 1 of them being offsite. You have 2 copies now, production, and local, but offsite is imperative. With cloud options as cheap as they are, this is recommended.
  13. 13. No power backup exists for the network or for one of the servers. There is a battery backup system in place, but the battery is dead, and is working just as a power strip right now. This was proved when the power went out and the servers rebooted. Recommendation would be to get a battery that can support the network, and the servers. Also, install the backups software to do soft shutdowns of the machines so the servers don’t hard power down which could cause data corruption.
  14. 14. The domain is registered for another 4+ years, and is set to expire in 2022. Google does give a slight increase in search ranking based on longevity of registration. Its only $8/year, so registering the domain to the maximum allowed time would be beneficial. The issue here is that COMPANY doesn’t own the domain in the eyes of the internet. The registrant is registered to *****. It is always recommended to keep the domain on an e-mail address of the business and give access to 3rd parties as needed. For example, in this case you can set up IT@*********and send it to both Kim, and to the IT company. This gives them full access that they need, but at the same time keeps Kim up to date with changes and needs of the domain, while keeping it owned by the company. This is the same as lending someone your car and signing over the title to your car while they borrow it. They don’t need to own it to manage it.
  15. 15. Spam filtering is hosted by ********, which is a great service.
  16. 16. Replace servers with single server. User VMware to utilize a larger server and decommission both existing servers. Replace existing battery in backup, or replace with a larger unit that can support firewall, network, and servers. • Implement a soft shutdown on power outages (happened 3 times while I was there, data corruption will happen) • Fix offsite backups so they’re working, would prefer a replacement to an enterprise grade backup solution at a lower cost. • Upgrade all server OS, and implement a maintenance schedule. • Get a current copy of all documentation including account numbers, username and passwords. COMPANY should own and have access to all software and services you are or have paid for. • Check available internet options. It’s possible there is faster internet available now.