Potential security vulnerabilities on computer networks are numerous: unpatched software or firmware, lack of encryption, out of date antivirus, and "back doors" intentionally left in applications (just to name a few).
And if you think of your network as a house, hackers can get in not only through the back door, but through the windows, the chimney, the fire escape, the pet door, or straight through the front door if you don’t secure it properly. Even if you have iron-clad security on 9 out of 10 possible entry points, it’s likely the one you skip over that’ll result in a breach.
Because every IP-connected device on your network is a potential weak point, the proliferation of devices means there are now more ways to break into a network than ever before. Today, IT departments are tasked with keeping tabs not only on desktops and laptops, switches and servers... they have to worry about smartphones, tablets, VoIP phones, and “internet of things” gadgets too.
So you want to create an effective security strategy capable of dealing with modern threats… but don’t even know where to begin. Your first step is to figure out what’s on your network, both in terms of hardware and software. When you know what you have, you know what to protect and where your weaknesses are!
How to find devices on your network
Manually searching for devices on your network can be a pain: slow, inaccurate, and tedious. Tracking everything by hand in a huge Excel sheet, maintaining your own list of IP addresses, or relying on info from Active Directory? It’s often not enough to keep pace with network changes or the addition of any new devices or applications.
Luckily, network inventory software can help automatically discover exactly what devices, OSes, and applications you have.
Basically, a network inventory solution makes it easy to answer the security questions that can keep you up at night. Network inventory software can:
- Help you comply with widely used frameworks such as PCI DSS and SANS Critical Security Controls
- Check to see if antivirus software is installed and up to date
- Discover applications running on your network that might be vulnerable
- Find out what security patches are installed on your endpoints
- Track down machines running unsupported operating systems
- Discover if servers and switches are still set to default configurations (with simple passwords and settings that need to be changed)
- See what hardware might be nearing end of warranty
- Generate reports that help you understand everything you’ve got
Avoiding network security disaster
What are the consequences of not knowing what’s on your network? Here are a few examples:
- A simple improper configuration (the factory default password wasn't altered) once cost the Utah state government millions to remediate a Medicaid records breach. Ouch.
- The 2015 edition of the Verizon Data Breach Investigations Report found that 99.9 per cent of exploited vulnerabilities in 2014 had already been identified the previous year. This clearly speaks to the importance of keeping AV definition files updated.
- Breaches at some of the world’s largest retailers were the result of running out-of-support Windows XP, resulting in over 100 million compromised credit cards.
Knowing your weaknesses = knowing what to secure first
They say a chain is only as strong as its weakest link — the same can be said for network security. But why waste energy and money on the perfectly strong links when you don’t have to? Once you inventory your network, you don’t have to just rely on guesswork.
Network inventory software provides knowledge that can help you make a smart decision and get results quickly.
In summary, computer security threats are real and growing. And as the number of devices and potential threats increase, life isn’t getting easier for IT pros. But network inventory solutions can help simplify your workflows and help you stay ahead of the curve.
Peter Tsai is an IT Analyst at Spiceworks
Image source: Shutterstock/GiDesign