Audit of computer networks. IT infrastructure audit - how to be a beginner Report document audit of a local network

The active development of technologies in the field of data transmission, the entry into the market of new business applications and the integration of IT infrastructure with security systems are increasingly causing the failure of IT systems in small and medium-sized businesses. At times when it is possible to earn even more due to the opening opportunities, business owners are faced with the need to modernize their IT infrastructure. Sometimes the purchase of new equipment can provide an improvement in the operation of the corporate network, and sometimes a change in the network topology helps. In both cases, it is recommended that you first conduct a professional audit of your IT infrastructure. As practice shows, an audit of a corporate network is quite often requested by a business owner in order to check the activities of his IT service or system administrator.

What is a technical audit of an IT infrastructure?

A technical audit of a corporate network is a comprehensive check with the issuance of an opinion on the quality of the IT infrastructure. The conclusion contains detailed information about the parameters of the network, information about the identified problems and bottlenecks where modernization is needed. It ends with specific recommendations for improving the quality of the corporate network.

THOSE. the business owner receives an objective assessment of the state of the IT infrastructure and can approach the issue of further investments in a more constructive manner.

During the audit, it is possible to obtain answers to the following questions and tasks:

• Carrying out an audit of computer equipment;
• Evaluation of the actions of employees of the IT service and other departments;
• Identifying the reasons for the growth in traffic costs on the Internet;
• Detection of network security problems;
• Testing the bandwidth of the corporate local network.

During the audit, the operation of the structured cabling system is checked and the local network is surveyed along with active network and computer equipment.

Let's take a closer look at the composition of the surveyed equipment. The audit checks:

In the course of checking the SCS, the correctness of the cable laying, the quality of the crimping of the connectors, the temperature in the server rooms, etc. are assessed. In parallel with this, auditors assess the activities of the staff IT service for professionalism in their actions. The level of information security of servers and Wi-Fi networks is monitored, and the topology of the corporate network is also determined.

What are the stages of an audit of a corporate LAN?

A technical audit consists of three main stages: preparation, examination and issuance of recommendations to the Customer.
Let's take a look at how the preparation process works. After concluding an agreement and making an advance payment, the area of ​​the survey is determined (a list of objects under study is compiled). In cooperation with the management of the Customer, the data required for the survey is collected (design documentation for SCS, understanding of the network structure, etc.). Preparation is being completed after drawing up a program of upcoming works.

• Interviewing or questioning employees of the organization who are involved in the work of IT subsystems;
• With the help of special software that is installed on workstations and servers, a structural diagram of the corporate network is drawn up. Along the way, data is collected on the configuration of computers, servers and network equipment. In fact, an inventory of computer equipment is being carried out;
• Research of system event logs on servers and workstations;
• Monitoring of the operation and status of active network equipment is carried out;
• Network security research is conducted and the level of protection against intrusions from the Internet is determined;
• The prospects for the development of IT infrastructure in the company are assessed.

Based on the data obtained during the survey, a summary table of the parameters of the workstations is formed. In addition to it, a layout and operation of network equipment is created, which describes in detail the operation of each port.
Thus, the analysis consists of a set of software tests and assessments of IT infrastructure by auditors.

Network infrastructure audit is a set of measures aimed at clarifying the current state of affairs in the network infrastructure of an enterprise, searching and identifying bottlenecks. Based on the results of the audit, a report is prepared describing the current state of affairs and containing recommendations for further modification or operation of the network infrastructure.

When (in what cases) is this service in demand?

It is advisable to conduct a network audit in the following cases:

• Before upgrading networks so that a new network can be designed based on objective data rather than on the basis of "subjective feelings".
• After upgrading the network to ensure that the network has been adequately implemented to meet the needs of the business.
• To establish the truth where one party claims the network is to blame and the other party claims the application software is to blame
• To assess the quality of service... For example, to make sure that the Internet provider fulfills its obligations on the quality of the service provided (channel bandwidth, latency, channel availability, etc.)
• When transferring administrative functions local network to another person or organization

What are the advantages of this service to the customer?

The audit can be carried out both by staff (internal audit) and by engaging independent specialists (external audit). The value of an external audit to potential clients is as follows:

• The third-party contractor has no direct interest in the audit results, therefore the objectivity of its conclusions is higher.
• The contractor's specialists do not have any prior knowledge of the customer's network and are forced to obtain information about it by interviewing personnel, analyzing the documents provided by the customer, and studying the device configuration. Thus, they get an up-to-date view of the state of the network.
• The customer's specialists operating the network may have an inadequate idea of ​​it without realizing it, and, accordingly, may not check some information, considering it obvious.
• The contractor constantly interacts with various customers, therefore he has more experience and gained higher qualifications.
• The contractor has a well-developed technology, as well as extensive experience in performing similar projects, so the audit will be carried out faster, of better quality, and the costs may be even lower.
• Involving their own specialists distracts them from their main activities. This affects both the quality of their work and the quality of the audit results.

Description of the service

Regardless of the object of the survey, the audit includes three main stages:

1. Data collection

Statement of the problem and clarification of the scope of work

At this stage, organizational measures are taken to prepare the audit:

• The goals and objectives of the audit are specified
• Terms of reference (TOR) for the audit is being prepared and agreed upon

Sometimes an audit requires access to information that the customer considers confidential. In this case, in parallel with the TK, a confidentiality agreement is developed and interaction with the customer's security service is organized.

Data collection. Network inventory.

At this stage, network inventory is usually combined with interviewing the customer's personnel, inspecting active and passive equipment, collecting configuration and operational information, and measuring various network parameters.

Data collection may include the following typical work:

• interviewing customer personnel
• documentary examination (analysis of submitted documents)
• visual inspection of infrastructure, network inventory
• instrumental examination (instrument measurements):
  • load (stress) testing of the local network.
  • load testing of distributed network communication channels.
  • monitoring the "health" of the network and network services.
  • assessment of the quality of the communication channel with the Internet.
• collection of configuration and operational information

A detailed list of the work performed is usually determined in the terms of reference for the audit.

Data analysis and report preparation

These works are also determined by the TOR. When they are carried out, the collected data are checked for completeness and correctness, the information received is analyzed, conclusions and recommendations are drawn up, the results are formalized and presented. During the analysis, a decision may be made to collect additional data.

The stage of data analysis and presentation of results may include the following typical work:

• verification and analysis of collected data
• network structure analysis
• analysis of configuration files
• preparation of operational documentation
• preparation of an audit report

The stage ends with the transfer of the developed documents to the customer.

Result

The result of the audit is the creation of a package of documents containing detailed data on the network infrastructure, as well as recommendations for improving the quality of work and increasing the efficiency of the network.

The main reporting document is the audit report. Its structure, as a rule, is agreed upon at the stage of development of the TK. It includes a description of the current state of the network, conclusions about the correspondence of the network infrastructure to the tasks being solved, recommendations for modernization and development.

Moscow city

This Privacy Policy for personal data (hereinafter referred to as the Privacy Policy) applies to all information that the site "Sorex Group" located on the domain name www..sorex.group can receive about the User while using the site, programs and products of Sorex LLC ".

1. DEFINITION OF TERMS

1.1. The following terms are used in this Privacy Policy:
1.1.1. "Administration of the Sorex Group website (hereinafter referred to as the Administration)" - employees authorized to manage the site and the application, acting on behalf of Sorex LLC, who organize and (or) process personal data, and also determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
1.1.2. "Personal data" - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data): personal data, geolocation data, photos and audio files created through the Sorex Group website.
1.1.3. "Processing of personal data" - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.4. "Confidentiality of personal data" is a mandatory requirement for the Operator or other person who has gained access to personal data to prevent their dissemination without the consent of the subject of personal data or other legal grounds.
1.1.5. "User of the site or site of the Sorex Group (hereinafter referred to as the User)" - a person who has access to the Site or the Application via the Internet.
1.1.7. "IP-address" is a unique network address of a node in a computer network built using the IP protocol.

2. GENERAL PROVISIONS

2.1. The User's use of the Sorex Group website constitutes acceptance of this Privacy Policy and the terms of processing the User's personal data.
2.2. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Sorex Group website.
2.3. This Privacy Policy applies only to the Sorex Group website.
2.4. The administration does not verify the accuracy of the personal data provided by the Sorex Group User.

3. SUBJECT OF THE PRIVACY POLICY

3.1. This Privacy Policy establishes the obligations of the Site Administration to not disclose and provide a regime for protecting the confidentiality of personal data that the User provides at the request of the Site Administration.
3.2. Personal data permitted for processing under this Privacy Policy is provided by the User by filling out the registration form on the Sorex Group website and
include the following information:
3.2.1. surname, first name of the User;
3.2.2. User's contact phone number;
3.2.3. e-mail address (e-mail) of the User;
3.3. The administration protects the Data provided by the user.
3.4. Any other personal information not specified above is subject to reliable storage and non-proliferation, with the exception of the cases provided for in cl. 5.2. and 5.3. of this Privacy Policy.

4. PURPOSES OF COLLECTING PERSONAL USER INFORMATION

4.1. The User's personal data may be used by the Site Administration for the following purposes:
4.1.1. Identification of the User registered in the application.
4.1.2. Establishing feedback with the User, including sending notifications, requests regarding the use of the Site, the provision of services, processing requests and applications from the User.
4.1.5. Confirmation of the accuracy and completeness of personal data provided by the User.
4.1.6. Notifications of the User of the Sorex Group website about new events.
4.1.7. Providing the User with effective customer and technical support in case of problems related to the use of the Sorex Group website.

5. METHODS AND TERMS OF PROCESSING PERSONAL INFORMATION

5.1. The processing of the User's personal data is carried out without any time limit, in any legal way, including in personal data information systems using automation tools or without using such tools.
5.2. The User agrees that the Administration has the right to transfer personal data to third parties as part of the workflow - the issuance of prizes or gifts to the User.
5.3. The User's personal data can be transferred to the authorized bodies of state power of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
5.4. In case of loss or disclosure of personal data, the Administration informs the User about the loss or disclosure of personal data.
5.5. The administration takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.6. The Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.

6. OBLIGATIONS OF THE PARTIES

6.1. The user is obliged:
6.1.1. Provide information about personal data necessary for using the Sorex Group website.
6.1.2. Update, supplement the provided information about personal data in case of changes in this information.
6.2. The administration is obliged:
6.2.1. Use the information received solely for the purposes specified in clause 4 of this Privacy Policy.
6.2.2. Ensure the storage of confidential information in secret, do not disclose without the prior written permission of the User, and also do not sell, exchange, publish, or disclose in other possible ways the transferred personal data of the User, with the exception of cl. 5.2. and 5.3. of this Privacy Policy.
6.2.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure usually used to protect this kind of information in existing business transactions.
6.2.4. Block personal data related to the relevant User from the moment the User or his legal representative or the authorized body for the protection of the rights of personal data subjects apply or request for the verification period, in case of revealing inaccurate personal data or illegal actions.

7. LIABILITY OF THE PARTIES

7.1. The administration that has not fulfilled its obligations is liable for losses incurred by the User in connection with the unlawful use of personal data, in accordance with the legislation of the Russian Federation, with the exception of cases provided for in cl. 5.2., 5.3. and 7.2. of this Privacy Policy.
7.2. In case of loss or disclosure of Confidential Information, the Administration is not responsible if this confidential information:
7.2.1. Became public domain before its loss or disclosure.
7.2.2. Was received from a third party before it was received by the Site Administration.
7.2.3. Was disclosed with the consent of the User.

8. DISPUTE RESOLUTION

8.1. Before going to court with a claim for disputes arising from the relationship between the Application User and the Administration, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
8.2 The recipient of the claim, within 30 calendar days from the date of receipt of the claim, notifies the applicant of the claim in writing about the results of the consideration of the claim.
8.3. If an agreement is not reached, the dispute will be referred to a judicial authority in accordance with the current legislation of the Russian Federation.
8.4. The current legislation of the Russian Federation applies to this Privacy Policy and the relationship between the User and the Site Administration.

9. ADDITIONAL TERMS

9.1. The administration has the right to make changes to this Privacy Policy without the consent of the User.
9.2. The new Privacy Policy comes into force from the moment it is posted on the Site www.sorex.group, unless otherwise provided by the new edition of the Privacy Policy.
9.3. All suggestions or questions about this Privacy Policy should be reported via the email indicated on the website.
9.4. The current Privacy Policy is posted on the page at www.sorex.group /politicy.pdf

Logging- This is the collection and accumulation of information about events occurring in the information system in the course of its functioning.

Audit- this is an analysis of the accumulated information, carried out promptly or periodically (for example, once a day).

The implementation of logging and auditing in security systems has the following main goals:

Ensuring accountability of users and administrators;

Providing the ability to reconstruct the sequence of events;

Detection of attempts to breach information security;

Providing information to identify problem analysis.

Principle of operation information security breach detection systems is that network traffic anomalies are monitored. Deviations are in most cases a sign of a network attack. For example, atypical network packet length, incomplete connection establishment procedure - all these criteria are recorded by intrusion detection systems (IDS). This method of detecting attacks had and remains one significant drawback - it deals with events that have already taken place, i.e. with already implemented attacks. Knowing about the unauthorized acts committed can help prevent these actions from happening again.

Sample questions

1. Logging user actions makes it possible to:

Resolve access control issues;

Recover lost information;

Ensure confidentiality of information;

to reconstruct the course of events in the implementation of threats to information security?

2. Network audit includes:

Selective analysis of user actions on the network;

Logging the actions of all users on the network;

Analysis of all actions of users on the network;

Security analysis of each new system (both software and hardware) when it is installed on the network?

Shielding

The screen controls information flows between the nodes of the network. Flow control consists in filtering them with some transformations.

Information flows are filtered firewalls based set of rules, defined by the organization's security policy. Firewalls perform logical analysis of the information received. This takes into account the content of the information, the port through which the network request arrived, etc.

Sample questions

1. Which tool is most effective for protecting against network
attacks:

use of firewalls, or Firewall;

Visiting only "trusted" Internet sites;

Using antivirus software;

Using only certified browser software when accessing the Internet?

2. The fundamental difference between firewalls (ME) and intrusion detection systems (IDS) is that:

There are no fundamental differences between ME and IDS;

ME work only at the network level, and IDS - also at the physical;

ME were developed for active or passive protection, and IDS - for active or passive detection;

ME were designed for active or passive detection, and IDS for active or passive protection?

Encryption

There are two main encryption methods: symmetric and asymmetric. In the first one, the same key (kept secret) is used for both encryption and decryption of data. The second uses two keys. One of them is unclassified (it can be published together with the user's address), is used to encrypt the message, the other, secret (known only to the recipient) - for decryption.

Cryptography is required to implement three security services: encryption; integrity control and authentication.

Example question

Cryptographic transformation of information is:

Access limitation;

Backup;

Using a password system;

encryption?

Electronic signature

Electronic digital signature(EDS) - an electronic document requisite designed to protect this electronic document from counterfeiting, obtained as a result of cryptographic transformation of information using the private key of an electronic digital signature and allowing the owner of the signature key certificate to be identified, as well as to establish the absence of distortion of information in the electronic document.

The signature encryption algorithm should define user's secret key, known only to the owner of the key. The signature verification algorithm should determine the user's public key, known to recipient subscribers. With this approach, only the owner of the key can use the signature, and any subscriber to whom the public key has been transferred can verify its authenticity by decrypting the message with this key.

Example question

1. Electronic digital signature allows:

make sure the sender is true and the integrity of the message;

Recover corrupted messages:

Send a message over a secret channel;

Encrypt the message to keep it secret.

Antivirus protection

Classification of viruses. Computer virus - it is a program capable of independent reproduction and functioning, and has defense mechanisms against detection and destruction. Currently, more than 5000 software viruses are known, which can be classified according to various criteria.

Depending on the environment, viruses are divided into network, file and boot viruses.

Network viruses spread over various computer networks.

File viruses mainly infect executable files with the COM and EXE extensions.

Boot viruses are injected into the boot sector of the disk (Boot sector) or into the sector containing the boot program for the system disk.

By the method of infection, viruses are divided into resident and non-resident.

Resident viruses when a computer is infected, they are placed in RAM. They intercept the operating system's calls to objects of infection (files, boot sectors of disks, etc.) and are embedded in them.

Non-memory resident viruses do not infect computer memory and are active for a limited time.

By the peculiarities of the algorithm, viruses are difficult to classify due to their wide variety, one can only single out the main types:

replicator viruses (worms) spread over computer networks, calculate the addresses of network computers and
write down their copies at these addresses. Worm viruses do not modify the contents of files, but they are very dangerous because
reduce network bandwidth and slow down servers;

invisible viruses (stele viruses) it is very difficult to detect and neutralize, since they intercept the operating system's calls to the affected files and disk sectors and substitute uninfected disk areas instead of their bodies;

mutant viruses contain encryption-decryption algorithms, thanks to which copies of the same virus
do not have any repeating byte strings;

quasi-virus or "Trojan" programs are not capable of self-propagation, but are very dangerous, since, masquerading as
useful program, destroy the boot sector and the file system of disks or collect information on the computer that does not
subject to disclosure.

The main ways viruses enter a computer are removable disks (floppy and laser), as well as computer networks. Infection of the hard disk with viruses can occur when loading a program from a storage medium containing a virus.

The main signs of viruses are:

Slow computer performance, frequent freezes and crashes;

Disappearance of files and directories or distortion of their contents;

Changing the size, date and time of file modification;

A significant increase in the number of files on disk;

Reducing the size of free RAM;

Displays unexpected messages or sound signals on the screen.

Sample questions

1. Viruses spread:

When reading a file;

when executing an executable file;

When creating a file;

When copying a file?

2. The main route of infection with viruses over the network is:

HTML document;
... SMS;

mail message;

Messages from an instant messenger?

3. Viruses are subdivided according to the method of infection of the habitat:

On raster - vector;

For resident - non-resident;

On physical - logical;

Pa digital - analog?

4. File viruses infect:

Computer hardware;

RAM;

System areas of the computer;

programs on external storage media?

5. Network worms are:

Programs that modify files on disks and are distributed within the computer;

Programs that are distributed only via e-mail over the Internet;

programs that do not modify files on disks, but spread over a computer network, penetrate the computer's operating system, find the addresses of other computers, or
users and send their copies to these addresses;

Malware that works to create AC power outages?

6. The Trojan horse is:

A program that penetrates the user's computer via the Internet;

malicious program that does not reproduce itself, but pretends to be something useful, thereby trying to induce the user to rewrite and install the program on his computer
on one's own;

A program whose malicious action is the removal or modification of computer system files;

A program that infects a computer regardless of user actions?

7. Infection with a computer virus cannot manifest itself as:

vibration of the monitor;

Changing the date and time of file modification;

Slowdown of the computer;

Unintended messages appearing on the screen?

Classification of antivirus programs. Antivirus programs are divided into several types: detectors, doctors (phages), auditors, examiners, filters and vaccines (immunizers).

Programs- detectors allow detecting files infected with one of the known viruses. These programs check files on a user-specified logical drive for the presence of a virus-specific byte pattern. If it is found in any file, a corresponding message is displayed on the screen. Most of the detection programs have modes of disinfection or destruction of infected files. Detection programs, as a rule, are not able to detect "invisible" viruses in the computer's memory.

Auditor programs remember information about the state of the system (before infection), after which, at all subsequent stages of operation, the auditor program compares the characteristics of programs and system areas of disks with the initial state and informs the user about the identified inconsistencies. As a rule, states are compared immediately after the operating system is loaded. The comparison checks the length of the file, the checksum of the file, the date and time of the last modification. Many auditor programs can distinguish between changes to files made by the user and changes made by a virus, since viruses usually make the same changes in different program files.

Doctor programs, or phages- programs that not only detect infected files and system areas of disks, but also "cure" them in case of infection. At the beginning of their work, the phages look for viruses in the RAM, destroy them, and then proceed to "cure" files. Among the phages, one can distinguish polyphages, those. Doctor programs designed to search and destruction of a large number of viruses.

Filters, or "watchmen" are located in the computer's RAM and intercept calls to the operating system, which can be used by viruses to multiply and harm the software environment:

Attempts to correct boot files;

Local area network audit consists in their comprehensive verification with the issuance of a professional opinion. LAN audit allows you to localize problem areas of the network, which characterize the general condition, to assess the quality of service.

When is network auditing required?

The need for an audit arises in the following situations:

1. It is necessary to assess the condition of the networks, inherited when renting premises. A specialist will check their safety and the possibility of using them for solving specific problems;

2. Checking only created networks on a new object. It is important to carry out it if there is no confidence in the professionalism of the installers;

3. It is required to expand the network or upgrade the existing equipment;

4. Networks and communication systems are malfunctioning, with the normal state of the terminal equipment;

Features of the LAN audit

Company networks are linked to numerous networks. In this case, special attention is paid to the confidentiality of the transmitted data. Since the security of information is determined by the reliability of the network, their design and audit becomes in demand. Properly used audit results allow you to increase network security without additional financial investments.

V LAN audit includes:

· Analysis of the characteristics of hardware and software resources;

· Checking information capacities, their resistance to failures;

· Assessment of the possibility of creating backup copies of data;

· Checking the connectivity to the network;

Professional audit includes inspection of network capacities, analysis of network topology, inspection of network infrastructure, testing. Based on the data collected during the check, a table, equipment diagrams, and features of the LAN are compiled. Then a final report is developed with the results and analysis of the information obtained, which recommend methods for improving the IT infrastructure.

Submit an application for calculating the cost of services by filling out an instant feedback form that will appear below after clicking the button. If you have a specification of the equipment you need or a list of services, you can attach your wishes to the letter.