Identify Existing Assets and Security Controls

Identifying Hardware and Software Assets and Security Controls summary

According to the CIS Controls, there are multiple options for you to identify assets and devices on your network

• You can use active or passive discovery tools to identify devices on the organization’s network.

• Active tools like the NMAP application can query a network range for all IP addresses.
• Passive tools like Windows DHCP (Dynamic Host Control Protocol) automatically distributes IP addresses when a device attaches to a network.
• Many organizations also have a manual list of organizational assets in a database or spreadsheet.
• An option on a network is port-level access control that controls which devices can authenticate to the network.

The CIS Controls has direction for identifying and controlling software programs as well.

• Many organizations maintain a list of organizational assets in a database, a commercial software inventory tool, or Windows Server Update Services.
• Restrict who has administrative authority.
• Application whitelisting is a list of what’s allowed on your systems. Anything that’s not on the list is automatically denied from being installed or used.

Once you have an inventory, all organizations should address any unauthorized hardware or software assets on the network.

NMAP walkthrough

Nmap

Nmap, short for network mapper, is a commonly used tool to query network devices. It’s been around for over 20 years and has both a command line and GUI interface.

Further research

• More information on this topic is available from the Center for Internet Security (CIS) Controls framework.
• Nmap is a common application used to map networks. It is free and an open-source for network discovery and security auditing. https://nmap.org/