On the surface having an inventory sounds like a check box audit exercise, onerous and quite frankly a little bit boring. From an attackers point of view carrying out an inventory of potential targets can be one of the most exciting parts. It’s not uncommon for me to find interesting and easy to compromise assets in the early phases of a penetration test.
The key concept of having an inventory is knowing what you have so you can assess the risk and make sure it’s managed. If this is your first iteration you’ll find devices that you probably meant to decommission, but either didn’t get round to or forgot about. Looking a little deeper you’ll probably find services available which were installed by default or you don’t really need.
So quite quickly we can see that just by decommissioning things we are reducing risk by creating a smaller and leaner estate to manage. An inventory can also identify assets of importance that need a little be of TLC. Do your servers need patching? Does that Windows 2003 server running your core financial app (which you forgot about whilst focusing on running your business) need upgrading?
I’m a big believer in the 80/20 rule, so let’s not procrastinate and get something started rather than nothing at all. A pen and paper review or a good look around your comms room may be a good starting place to know what you have. Equally using nmap can be a simple, but effective way of finding out what’s on your network.
Not everything you find will have the same impact on your business, so prioritise the devices of high business impact and resolve any issues with those first.
Inventory and audit are two uninspiring words which can stop you in your tracks before taking those first vital steps in really securing your network. As we’ve explored above find out what’s on your network or Internet perimeter, turn off any old kit and make a plan to show your important assets some love.
To keep up to date on all our posts in the series and others go to www.rminfosec.co.uk/subscribe today.