Network Device Security Configuration Assessment

Primary Contact:  Carl N. Kriebel CISSP

It is critical to assess risks prevalent within an organization’s core network infrastructure. As technology constantly evolves, core network appliances and other devices are frequently shipped and installed with “out-of-box” settings that lack the hardening required for maximum security.

Schneider Downs has the expertise to identify and assess the risks of single and cumulative vulnerabilities that exist across a wide range of devices, from firewalls to switches and routers. Our Network Device Security and Configuration Assessment is a comprehensive analysis of potential vulnerabilities and misconfigurations on a device.

We perform automated and manual assessments and take a collaborative approach to establishing an action plan to remediate all identified vulnerabilities. We also consider any other security components and mitigating factors in determining the overall risk to the security posture of the organization’s internal network appliances.

Detailed Approach to a Network Device Security and Configuration Assessment

• DEVELOP TECHNICAL UNDERSTANDING Schneider Downs begins by developing an understanding of our client’s network infrastructure through reviewing the network topology, meeting with key technical personnel and understanding any other points of access that may not be indicated within the organization’s technical documentation.
• DETERMINE HIGH RISK DEVICES: From here, we collaborate with the client to determine which high risk devices to incorporate into our assessment.
• AUTOMATED IDENTIFICATION OF VULNERABILITIES FOR HIGH-RISK DEVICES: We then take an automated approach to identify all vulnerabilities or misconfigurations for each device.
• ASSESS VULNERABILITIES CONSIDERING MITIGATING FACTORS: We utilize our deep experience to collaborate with our clients and assess the findings to determine their actual threat and risk exposure to the organization. In doing so, we take care to consider other mitigating factors—such as superseding rule sets, access levels, isolation within the network and other security devices—that will impact risk.
• PROVIDE DETAILED VULNERABILITY REPORT: We will provide a comprehensive vulnerability report with the following data points for each vulnerability or misconfiguration uncovered during the assessment: findings, rating, impact, ease of exploit, recommendations and ease of fix.
• CLIENT DISCUSSION: We meet with the client to discuss our fully vetted findings to ensure that the risks posed for each vulnerability or misconfiguration, along with our recommendations for remediation, are fully understood.