Tip

Step 2: Get input and information from others

Unless you have the smallest of small Windows networks, odds are you don't know everything about every system that may need to be tested for security flaws. I'm talking about systems like Exchange, IIS, SharePoint, SQL Server and so on. What do other people affected by your security testing (both the process and the outcomes) know about the systems they manage daily that can make your assessments easier? They may be able to help you narrow or broaden your scope and determine exactly what needs to be tested and when. Ask your DBAs, developers and desktop support people what they think are critical areas to test. Dare I say, talk to your marketing and business development folks and see what questions (and demands) they are hearing from clients and business partners. This input can point you down the right path.

Also, what technical information do you need from these people to help you with your testing? Information like IP addresses, specific production servers, Windows user accounts and passwords, and locations are necessary items to have. They may also be able to tell you which systems are critical for production and may be sensitive to the wear and tear of security testing. Bonus: When you get others involved in this capacity, they're more likely to help you when trouble arises.


Setting your Windows security assessment expectations

 Home: Introduction
 Step 1: Determine the business goals
 Step 2: Get input and information from others
 Step 3: Let everyone know that problems will likely occur
 Step 4: Let your testing be known and keep people in the loop
 Step 5: Report what happened

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments involving compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He also created the Security On Wheels series of audiobooks. Kevin can be reached at kbeaver@principlelogic.com.

 

This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.