Tech Support For Dummies

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 11 January 2011

Beware the "network assessment"

Posted on 09:07 by Unknown

There are many IT services firms - including some run by friends and colleagues of mine - who perform something called "network assessments". The outcome of these assessments - which are usually aimed at SMBs - is to determine the overall health of your network and computing environment, supposedly including security.

First, let me be clear that these are legitimate services to see where your network stands. That's fine and dandy - a useful service indeed. The problem is that these network assessments are being pushed/sold under the guise of security assessments. I was recently on a friend of mine's website and saw how they can check the security environment of a network. I looked at the Web site of another colleague of mine and his business claims to offer a service that ensures your sensitive data remains protected. In our discussions, neither of these people have ever claimed to be security experts. I don't believe "in-depth security assessments" are their intent either.

But what about all the other network services firms/consultants out there like them...?

My point is to be careful. Don't assume that just because a network engineer checks your systems, recommends some software updates or network design changes, and ultimately installs some new security products in your environment that your information is truly secure. A solid and effective information security program is much grander beast.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in network analysis, scary stuff, security assessments, stupid security | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Reactive security, eh? How’s that workin' for ya?
    Every time I browse the Chronology of Data Breaches and read the headlines coming out from Dark Reading, threatpost, and the like, I can...
  • My new material on Web application & website security
    Here are several new pieces I've written on Web site/application security. Lots of angles and considerations: There’s more to web securi...
  • The compliance crutch mentality rides on
    I believe it was my colleague Kevin Bocek who once said: "Security done right will yield compliance for free. Compliance for complianc...
  • It's hard being human
    Cavett Robert once said something about character that resonates within information security - especially regarding ongoing management and l...
  • Reaver Pro: a simple tool for cracking WPA on a LOT of wireless networks
    If wireless security testing is on your radar, you need to get Reaver Pro . As I outlined in this Hacking For Dummies, 4th edition chapter ,...
  • Talk is cheap: Time to rethink your data retention strategy (or lack thereof)?
    Here's a fascinating story about a court case involving data retention you need to read. And pass it along to your management as well. ...
  • Good Web application security resource
    In typical monster corporation style, Hewlett-Packard's Web site is painfully difficult to browse around, much less find what you're...
  • Wooo...HIPAA audits are coming & the irony of KPMG's involvement
    I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing ...
  • "Top Blogs" list & some home security considerations
    I think I may have found the first sign that my blog is growing and gaining some traction. I've made it to the Top 20 Home Security Blog...
  • My articles & webcasts on hacking, incident response, compliance & IAM
    I wanted to share with you a few new pieces I've written for TechTarget and Cygnus on incident response, compliance for systems integrat...

Categories

  • active directory
  • application firewalls
  • APTs
  • aslr
  • atm security
  • audio programs
  • audit logging
  • automated scanner oversights
  • back to basics
  • backups
  • big brother
  • bitlocker
  • budget
  • business case for security
  • business continuity
  • BYOD
  • car hacking
  • careers
  • certifications
  • change management
  • checklist audits
  • cissp
  • clear wireless
  • cloud computing
  • communication
  • compliance
  • computer glitch
  • conferences
  • consulting
  • content filtering
  • cool products
  • cool sites
  • cross-site request forgery
  • cross-site scripting
  • csrf
  • customer no service
  • cybersecurity bill
  • data at rest
  • data breach laws
  • data breaches
  • data centers
  • data destruction
  • data leakage
  • data protection
  • data retention
  • database security
  • degrees
  • desktop management
  • disaster recovery
  • disk imaging
  • disposal
  • dns
  • document security
  • domino
  • DoS attacks
  • drive encryption
  • e-discovery
  • ediscovery
  • employee monitoring
  • encrypting data in transit
  • encryption
  • end point security
  • ethical hacking
  • exchange
  • experience
  • expert witness
  • exploits
  • facebook
  • FERPA
  • file integrity monitoring
  • firewalls
  • forensics
  • full disk encryption
  • global warming
  • goal setting
  • good blogs
  • government intrusion
  • government regulations
  • great quotes
  • hacking
  • hardware
  • hipaa
  • hitech
  • hitech act
  • home security
  • humor
  • identity access management
  • identity theft
  • IIS
  • incident response
  • information classification
  • information security quotes
  • intel
  • intellectual property
  • internal threat
  • java
  • Kevin's books
  • Kevin's interviews
  • Kevin's keynotes
  • kevin's panels
  • kevin's quotes
  • Kevin's security content
  • Kevin's seminars
  • Kevin's videos
  • laptop encryption
  • laptop security
  • legal
  • Linux
  • locking screens
  • low-hanging fruit
  • malware
  • marketing hype
  • message from Kevin
  • messaging security
  • metasploit
  • metrics
  • mobile apps
  • mobile security
  • motivation
  • multi-factor authentication
  • network analysis
  • network complexities
  • network protocols
  • network security
  • networking essentials
  • Novell
  • office
  • online backup
  • online safety
  • open source security
  • owasp
  • p2p
  • passwords
  • patch management
  • patching
  • pci 6.6
  • pci dss
  • PCNAA
  • penetration testing
  • people problems
  • personal responsibility
  • phishing
  • physical security
  • pii
  • podcasts
  • policy enforcement
  • politics
  • presentations
  • privacy
  • quality assurance
  • recommended books
  • recommended magazines
  • recycling
  • remote access security
  • ridiculous password requirements
  • risk analysis
  • risk management
  • rogue insiders
  • ROI
  • RSA 2012
  • running a business
  • saas
  • salary
  • scary stuff
  • sccm
  • sdlc
  • security assessments
  • security audits
  • security awareness
  • security committees
  • security leadership
  • security management
  • security operations
  • security policies
  • security policy
  • security scans
  • security standards
  • security statistics
  • security technologies
  • security testing tools
  • security tools
  • selling security
  • sharepoint
  • small business
  • smartphone security
  • SMBs
  • social media
  • software development
  • source code
  • source code analysis
  • special offer
  • SQL injection
  • sql server
  • ssl
  • storage security
  • student information systems
  • stupid security
  • success
  • telecommuting
  • testimonials
  • thinking long term
  • third-party applications
  • threat modeling
  • time management
  • training
  • twitter
  • uncool products
  • unstructured information
  • unstructured infromation
  • user awareness
  • vendors
  • virtual machine security
  • visibility
  • voip
  • vulnerability assessments
  • web 2.0
  • web application security
  • web browser security
  • web server security
  • webcasts
  • WebInspect
  • whitelisting
  • whitepapers
  • Windows
  • Windows 7
  • windows 8
  • windows 8.1
  • Windows Mobile
  • windows security
  • Windows Vista
  • wireless
  • wireless security
  • zero tolerance

Blog Archive

  • ►  2013 (35)
    • ►  November (3)
    • ►  October (3)
    • ►  September (1)
    • ►  August (2)
    • ►  July (3)
    • ►  June (1)
    • ►  May (4)
    • ►  April (4)
    • ►  March (4)
    • ►  February (5)
    • ►  January (5)
  • ►  2012 (77)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (3)
    • ►  August (3)
    • ►  July (4)
    • ►  June (5)
    • ►  May (9)
    • ►  April (5)
    • ►  March (10)
    • ►  February (14)
    • ►  January (16)
  • ▼  2011 (163)
    • ►  December (15)
    • ►  November (11)
    • ►  October (9)
    • ►  September (16)
    • ►  August (13)
    • ►  July (8)
    • ►  June (13)
    • ►  May (18)
    • ►  April (16)
    • ►  March (13)
    • ►  February (13)
    • ▼  January (18)
      • The Egyptian uprising tie-in with the U.S. Interne...
      • It's hard being human
      • Take patch management out of IT's hands completely?
      • Web application security testing: how much is enough?
      • My book Hacking For Dummies is now in 3 languages
      • Cybersecurity schmybersecurity
      • Skill to do comes of doing
      • Good bits to share about computer disposal
      • More on the Ponemon Lost Laptop Survey
      • My "new" book on ethical hacking turns 1
      • Tidbits on MS security, MBSA vs. the competition &...
      • Beware the "network assessment"
      • What's holding you back?
      • Great quote on information security choices
      • Speaking of supererogation, here's a great quote
      • My message to Republicans on this critical day in ...
      • Supererogation helps infosec
      • Security complacency & leadership - focus on both ...
  • ►  2010 (170)
    • ►  December (10)
    • ►  November (14)
    • ►  October (7)
    • ►  September (27)
    • ►  August (20)
    • ►  July (8)
    • ►  June (15)
    • ►  May (4)
    • ►  April (23)
    • ►  March (21)
    • ►  February (11)
    • ►  January (10)
  • ►  2009 (55)
    • ►  December (5)
    • ►  November (10)
    • ►  October (21)
    • ►  September (19)
Powered by Blogger.

About Me

Unknown
View my complete profile