The Importance of Auditing your IT systems
The need for good security around our IT systems is well known at this point, but one aspect that often goes unmentioned is the importance of auditing those systems to find holes in your defenses. If you employ good change management procedures, the need for frequent IT systems audits may not be as important, but even still, it’s not uncommon for things to fall through the cracks. Building standard operating procedures around auditing IT systems can make all the difference. We’re going to cover some of the more basic things you might include on an IT systems Audit below.
Administrative accounts have the highest level of access on your network, so it’s always good to review the top-level security groups such as Domain Admin and Enterprise Admin to make sure that only the accounts that absolutely need that level of access have it. It’s also recommended that no end-user ever be given admin access on their common account. Still admin level accounts should be dedicated accounts that are used only for administrative level use.
This also applies to cloud services such as Office 365. Any ordinary user can be given the global admin role. If that users account is compromised, the attacker essentially has the keys to the city. Frequent reviews of both on-premises and cloud administrators is key.
One of the easiest and most beneficial things to audit on a network is active user accounts. When an employee is terminated, do you have a standard procedure for disabling access? More often than not the answer is no, and even in cases where there are procedures, sometimes things fall through the cracks. Someone may need access to something that only the terminated users account had, so the account is left open and forgotten about. By auditing active accounts, you can find those lingering accounts and close them.
VPN’s (Virtual Private Networks) and other remote access solutions, such as Microsoft Remote Desktop Services, are great ways to allow a distributed workforce to operate just as they would from inside the office. But with this convenience comes another potential attack vector and another thing that can fall through the cracks. Depending on the type of remote access solution you employ, you may have an entirely different set of accounts and security to manage. How often are you checking to confirm which accounts have remote access and how often they’re being used?
Shared items and guest access on cloud services
Cloud services such as Office 365 and drop box are great ways for businesses to share information such as documents or team sites, but the ease with which users can share content with outsiders can leave big potential gaps in your data access. Perhaps a user gave guest access to an outsider, but now that folder is being used for something else, maybe sensitive information. Fortunately, Office 365 has a way to audit this type of shared/guest access so that you can shore up these holes.
Firewalls – Open ports and externally accessible applications
If you have an on-premises hosted web server or some other application that is made available externally, without a VPN, chances are you’re opening ports in your firewall to facilitate this connectivity. This is a great convenience but can also be a potential security risk if you’re not keeping up with what ports are opened and what applications are being served through them. Frequent reviews of firewall rules can significantly limit your exposed surface area.
The above list comprises only a small portion of the things you might include on an IT Systems audit, but even these basics can make a huge difference in your ability to be compromised by a malicious attacker.
We hope you’ve found this information helpful and if you’d like more information on conducting a systems audit, Abel Solutions is here to help.
This tip written by Abel Solutions IT Services Manager, Jason Casteel.