Practical audit advice you can use today.
Mapping, Tracking and Monitoring Network Populations - Part 1
Published: 2011-07-05 (Length: 13:59)
In this episode we take a look at using PBNJ coupled with NMap to build and use network information maps.
One of the key problems with using a network scanner like NMap is scaling the results out to something that you can actually use to produce useful information. In Part 1 of this series we look specifically at using a front end to NMap to drive the scans and automatically insert the data into a database. We also spend time talking about a strategy for making this work in an enterprise, especially with host based firewalls, and how to deal with systems that become unreliable when scanned.
Show notes for this episode can be found at http://it-audit.sans.org/blog/2011/07/05/network-population-management-and-pbnj-show-notes-5
Who else are your clients talking to?
Published: 2011-06-27 (Length: 13:11)
Most IT auditors and security people are aware of the need to find and disconnect unauthorized access points connected to the corporate network. An equally troubling problem that is less often addressed is identifying whether or not your employees are using business assets to connect to access points that are outside of your control. We're not talking about Starbucks or McDonald's; we're talking about wireless access points that are in range from within your own building.
It's not unusual, especially in urban business environments or industrial parks to find that a large number of access points are visible to anyone in the periphery of the building. In these settings, businesses are often somewhat conscious of the need to secure access points with encryption, but unauthorized access points in another business or even private open access point can still mean trouble for you.
Visit the Show Notes for more details and the demonstrated script here: http://it-audit.sans.org/blog/2011/06/27/can-you-hear-me-now-show-notes-4
How secure are we really?
Published: 2011-06-20 (Length: 10:12)
The security of wireless networks remains a widely misunderstood issue in the business community. While most know that WEP should not be considered secure, many believe that running WPA or WPA2 is sufficient to make your network secure.
In this episode we demonstrate how to quickly find an access point and attack the key. While not every network will be this easy to break into, it is very important to note that the entire demonstration was recorded without cut and takes about ten minutes from discovery through key recovery even with the talking!
For more information on these topics, visit http://audit.sans.org
for details! The Show Notes for this episode are here: http://it-audit.sans.org/blog/2011/06/20/auditing-hacking-wpa-wpa2-security-show-notes-3
Finding and examining differences between router or switch startup and running configuration files.
Published: 2011-06-13 (Length: 11:09)
In this episode we round out the discussion from Episode 1 with regard to startup and running configuration files for routers and switches. It is critical that we verify that these files are identical. We will look at several methods for quickly and easily finding the changes and some free tools that can help us along the way!
Show Notes can be found at http://it-audit.sans.org/blog/2011/06/13/do-differences-matter-show-notes-2
Questions to ask and signs of problems with switch and router administration
Published: 2011-06-07 (Length: 16:43)
© 2011, David Hoelzer & EnclaveForensics