Valise Audit Interne

SYLink Technologie
15 Jun 202512:24

Summary

TLDRThis internal audit guide outlines a detailed process for scanning network devices and identifying vulnerabilities. It emphasizes the importance of checking firewalls, device detection methods, and avoiding false positives from security systems. Users can choose between aggressive or slow scanning modes, set exclusion lists, and select IP ranges for scanning. After identifying devices, the script discusses scanning for vulnerabilities, CVEs, and ports, as well as generating reports with detailed risk information. It highlights the critical need to ensure firewall policies and network communications are properly configured for effective scanning and auditing.

Takeaways

  • 😀 Use the internal audit button to start scanning devices on the network.
  • 😀 Ensure there is no firewall blockage preventing access to the target network segment during scans.
  • 😀 Choose between aggressive, medium, or slow scan modes based on how thorough or fast you want the scan to be.
  • 😀 You can exclude specific machines or IP ranges (e.g., 192.168.22) from the scan for better control.
  • 😀 The network scan can be configured with specific IP ranges, subnet masks, and VLANs for more precise results.
  • 😀 The scan process can be done in automatic mode or with manual adjustments to network settings.
  • 😀 Be aware that security systems might treat the scanner as an attacker due to the nature of network scans.
  • 😀 After the scan completes, a map of the network devices and their types will be available for review.
  • 😀 The scan results will display detailed information on the detected devices, including their operating systems and IP addresses.
  • 😀 Conduct port scanning, CVE detection, and vulnerability scans on detected devices for security analysis.
  • 😀 Once scanning is complete, generate a report with detailed findings on vulnerabilities, severity ratings, and risk assessments.

Q & A

  • What is the first step when starting an internal audit on devices?

    -The first step is to click on the 'internal audit' button, which will initiate the device scanning process.

  • Why is it necessary to check the internal firewall during an audit?

    -It is crucial to ensure that the internal firewall does not block access to the targeted network segment, which is necessary for validating the network and avoiding the identification of the audit tool as a malicious actor.

  • How does EDR or antivirus software impact the internal audit process?

    -EDR or antivirus software on client machines may block the recognition of machines, preventing the audit tool from detecting them during the scan.

  • What are the options for scan aggressiveness during the audit?

    -The scan can be set to either a slow mode, which is less aggressive and takes longer, or a more aggressive mode for faster results.

  • How can the scan be customized to exclude specific devices?

    -You can create an exclusion list by specifying IP addresses or network segments (e.g., 192.168.22) that should not be scanned during the audit.

  • What is the significance of the 'automatic mode' in the scan setup?

    -The 'automatic mode' allows users to choose their network card and define an IP range for the scan, making it easier to set up without manual configuration of each individual scan parameter.

  • What is the purpose of adjusting the subnet mask during the audit?

    -Adjusting the subnet mask helps in segmenting the network and determining which IP ranges should be scanned. The mask impacts the number of IP addresses included in the scan.

  • What should be ensured regarding firewall policies when scanning a network?

    -Ensure that the firewall does not filter or block critical communication ports (e.g., 22, 80, 443) between the scanning tool and the target devices to avoid disruptions in the scan.

  • What types of scans are available to check for vulnerabilities?

    -The available scan types include a scan of the top 100 or 1000 most commonly used ports, a scan of all TCP/UDP ports, and a CVE (vulnerability) scan to detect risks in the devices.

  • How can users analyze the results after the scan is completed?

    -After the scan, users can view the results in a table, check the severity levels (CVSS scores), and review details about vulnerabilities or risks associated with each IP address detected during the scan.

  • What information is included in the report generated after the scan?

    -The report includes statistics on vulnerabilities, risks associated with specific devices, severity levels of CVEs, and any comments added during the analysis.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Browse More Related Video

Network Enumeration The Ultimate Guide

Audits and Assessments - CompTIA Security+ SY0-701 - 5.5

How to use Nmap and other network scanners | Free Cyber Work Applied series

01 Layout da rede

2.2 Overview of the Audit Process Auditing Planning Knowledge, Analytics, Materiality

Internal Auditor Interview Question 1

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Network SecurityInternal AuditVulnerability ScanningDevice DetectionFirewall ConfigurationIP ScanEDR ProtectionSecurity SystemsCVEs DetectionRisk AnalysisPort Scanning