To consult is to seek information from, and a consultant is a person whose occupation it is to be consulted for their expertise in a particular field. The modern consultant plays a vital role in today’s business environment, but these consultants are not simply advice givers.
The consultant distinguishes himself from the expert with perspective, experience, and the ability to accomplish realistic goals within the framework of a business’ resources.
An Ever-Advancing World
Advancing technology creates new needs, and new businesses will rise to meet those needs. The network security consultant is one such business.
There has been a revolution of sorts as the business world reacts to both the positive and negative technological changes of the last several decades. Our businesses are more reliant than ever on data, and therefore the equipment that facilitates collecting, analyzing, and storing that information. Businesses were once able to manage security tasks on their own, but that simplicity did not persist long.
Ever-Increasing Threats
Employers used to expect network administrators and other IT professionals to be responsible for a company’s full range of network needs. However, as the threats became more sophisticated, so did the security needs of the modern business.
From today’s perspective, it’s unreasonable to expect a network administrator to be able to keep a business’ network in ideal condition while also remaining current concerning leading edge security measures and fast-evolving threat technology. Rather than being in the domain of a general administrator, businesses now assign security responsibilities to a specialist or even a team of specialists.
However, many businesses, especially small ones, struggle just to afford a single network administrator let alone afford an entire IT department along with the specialists needed. Therefore, the network security consultant rose to meet this newly formed market need. Some businesses leverage this type of consultant without having an IT department while others use them to augment the small IT department that they do have. A small business might not be able to afford a fulltime security expert, but most of them can afford a network security consultant on an as-needed basis.
Network Assessment
The network assessment is the fundamental task that a network security consultant must perform. It is upon the initial assessment that the consultant bases all additional work. It also provides the information upon which the business makes their decisions.
The general intent of the assessment is to identify the assets, determine the threats, and determine the measures that the business must take in order to protect against the threats. In addition, the network security consultant or firm must be able to perform this entire process without disrupting the day-to-day operations of the business they are assisting.
Typical Network Assessment Areas
- External assessment
- Firewall assessment
- Microsoft Windows assessment
- Mobile security assessment
- Network architecture assessment
- Physical security assessment
- Severer configuration assessment
- Social engineering
- UNIX environment assessment
- Virtual Infrastructure Security Assessment (VISA)
- VoIP security assessment
- VPN (Virtual Private Network) assessment
- War dialing
- Wireless security assessment
Whatever the necessary areas and specific needs of the business, the network assessment is comprised of a series of general stages. In order, these are information gathering, footprint analysis, vulnerability scanning, manual vulnerability verification, penetration testing, and vulnerability analysis. Here is an overview of each network assessment phase.
Information Gathering & Footprint Analysis
During the footprint analysis and information gathering phases, the network security consultant gathers information such as equipment inventories, operating systems, domain names, IP network ranges, information about hosts, and much more. This collection of diverse information results in a comprehensive security profile and a detailed blueprint of the company’s network. This will serve as the foundation for all remaining stages.
Vulnerability Scanning
In this phase, the consultant uses all of that data assembled during the information gathering and footprint analysis phase to exploit the network and penetrate vulnerable subsystems. Often using a holistic approach, the consultant will chain multiple low-level vulnerabilities together in order to achieve high-level access to the network. In many cases, this linking of low-level vulnerabilities culminates in the successful pilfering of sensitive data. The consultant will often ask the company to identify “trophies”, their most-prized and sensitive data, ahead of time as the goal of the exercise.
Manual Vulnerability Verification
Once the consultant completes the vulnerability scan, the consultant investigates all of the vulnerabilities manually. The intent of this stage is to identify all false positives, therefore ensuring that the business only expends the resources necessary to deal with real vulnerabilities. Manual verification offering extends beyond vulnerabilities to aspects such as software and equipment identification.
Penetration Testing
Penetration testing takes the work accomplished in the vulnerability scanning stages to the next level by thoroughly challenging internal defenses. The consultant performs again much of the work performed in the other stages, this time from the perspective of an internal attacker. This is a critical phase because, despite common perception, most major network compromises originate internally. The task here is to scrutinize all hosts for weakness, and ensure that an internal attacker cannot disrupt the availability, confidentiality, or integrity of the system.
Vulnerability Analysis
In the final stage of the network security consulting assessment, the consultant performs an in-depth analysis of all the information that they have compiled. The analysis identifies systemic causes, and the consultant uses that analysis to develop their strategic recommendations.
Once the consultant has completed the assessment, the consultant and the business work alongside each other to fix problem areas and improve the network’s infrastructure. Most business will then continue to employ the network security consulting services on a regular basis, like a health check-up for the network.
Network security consulting can be involved in a wide range of other IT facets as well. For instance, businesses will often use these services when designing in-house software, transitioning to new software or operating systems, and when purchasing new equipment.
A Scheduled Network Health Checkup:
- Asset classification and management
- Business continuity management
- Compliance
- Human resources security
- Information security and incident management
- Information systems (acquisitions, development, and maintenance)
- Network security and operations management
- Physical and environmental security
- Security access controls
- Security organization and personnel
- Security policy and process
In today’s business world, the small business requires network security consulting just as much as the larger companies do. For this reason, network security consulting is a diverse field that ranges from large firms able to handle global tasks to independent contractors who focus on the needs of the small business.