Map Your Network For Better Protection and Incident Response

Written by on Tuesday, March 4, 2008 5:02 - 0 Comments

It is difficult to protect devices that you don’t even know exist. In larger enterprises it is very easy to lose track of the asset inventory which leads to complacency about rogue devices. In order to effectively protect the network and to respond to incidents efficiently, an updated asset inventory and network map should always be handy.

In an enterprise network with thousands or even tens of thousands of devices, it seems like assets are constantly coming and going. When a site or department administrator sees a new device they are likely to be complacent and simply assume that it belongs to someone else in the enterprise rather than being suspicious of the rogue device.

Rogue or unknown devices that are added to the network are often missed in patch and security update deployments and they can be a constant source of headaches when it comes to trying to proactively protect and defend a large enterprise network.

If a security incident does occur, an updated and logically organized asset inventory, combined with a current and accurate network map will make response and forensic investigation that much simpler. If a 3rd-party or law enforcement agencies are involved they will need an overview of the network architecture and environment in order to conduct an investigation.

Policies should be written to define how new assets are added to the inventory and the steps that must be taken to include them on the asset inventory and network map prior to joining the network. But, no matter how foolproof that policy may be, it is virtually inevitable that new, rogue devices will eventually appear on the network.

To detect the rogue devices and fight to enforce the policy and ward off complacency, you can run periodic scans of the network using any of a wide variety of tools that can scan and report back information regarding the network and the devices attached. Many of the tools will report the IP address, MAC address, type of device or operating system and more. Below are a few tools you can consider for network mapping:

LANSurveyor from Neon Software
Visio from Microsoft
What’s Up Gold from Ipswitch
SuperScan from Foundstone

Article written by

Leave a Reply

You must be logged in to post a comment.

2003 server - Sep 30, 2008 22:34 - 0 Comments

instant messaging srv records

More In Computers & PC

Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments

Outlook: Duplicates in Mailbox

More In Computers & PC