Control Environment - Part 3 - Inventory

2 minute read

On the surface having an inventory sounds like a check box audit exercise, onerous and quite frankly a little bit boring. From an attackers point of view carrying out an inventory of potential targets can be one of the most exciting parts. It’s not uncommon for me to find interesting and easy to compromise assets in the early phases of a penetration test.

The key concept of having an inventory is knowing what you have so you can assess the risk and make sure it’s managed. If this is your first iteration you’ll find devices that you probably meant to decommission, but either didn’t get round to or forgot about. Looking a little deeper you’ll probably find services available which were installed by default or you don’t really need.

Network inventory

So quite quickly we can see that just by decommissioning things we are reducing risk by creating a smaller and leaner estate to manage. An inventory can also identify assets of importance that need a little be of TLC. Do your servers need patching? Does that Windows 2003 server running your core financial app (which you forgot about whilst focusing on running your business) need upgrading?

I’m a big believer in the 80/20 rule, so let’s not procrastinate and get something started rather than nothing at all. A pen and paper review or a good look around your comms room may be a good starting place to know what you have. Equally using nmap can be a simple, but effective way of finding out what’s on your network.

C:\Users\mark>nmap insecure.nmap.org

Starting Nmap 7.10 ( https://nmap.org ) at 2016-06-09 12:00 GMT Daylight Time
Nmap scan report for insecure.nmap.org (45.33.49.119)
Host is up (0.15s latency).

Other addresses for insecure.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe98:ff4e
Not shown: 993 filtered ports
PORT      STATE  SERVICE
22/tcp    open   ssh
25/tcp    open   smtp
70/tcp    closed gopher
80/tcp    open   http
113/tcp   closed ident
443/tcp   open   https
31337/tcp closed Elite
Nmap done: 1 IP address (1 host up) scanned in 13.22 seconds
C:\Users\mark>

Not everything you find will have the same impact on your business, so prioritise the devices of high business impact and resolve any issues with those first.

Inventory and audit are two uninspiring words which can stop you in your tracks before taking those first vital steps in really securing your network. As we’ve explored above find out what’s on your network or Internet perimeter, turn off any old kit and make a plan to show your important assets some love.

Subscribe

To keep up to date on all our posts in the series and others go to www.rminfosec.co.uk/subscribe today.