I want to develop a workflow to test all of the vulnerabilities for my friends business of about 15 users.
Here is what I’m thinking so far:
Start obviously with information gathering, acquiring public IP addresses, emails, domain names, physical address, and phone numbers all tied to his business.
Then nmap scans of all devices on the network including their routers and switches. Also run Dmitry on public facing IPs to gather whois info and double check for possible subdomains.
Next, credential testing usernames/passwords for admin, service, and guest users. Test password strength for all employees using one of the many online tools available on the interwebs like dehashed.
Then I think I would look at the results of my Nmap scans and patch outdated firmware for the modem/ router and switch, and upgrade outdated anti-virus subscriptions on individual hosts.
I think my next step would be to take company emails and see what subscriptions they’re using. Any subscriptions to stores or services that have been breached would require a password reset, or a purge of that service entirely.
Next, I would run Wireshark on the entire network and search specifically for telnet, http, or excessive RDP connections.
Last, would obviously be educating users on appropriate behaviors online. Im writing up an acceptable use policy for the business.
Can anyone help me see my blind spots? My buddy runs a trucking business that just moved most of its records to digital and is using an Att 1Gb circuit for internet service. They do not have a firewall in place yet, but that will most likely be phase 2 after I evaluate existing issues. They also don’t have VoIP. There server room is also locked by pin and fingerprint biometrics. What else can I do for a small business to assess their risks, remediate these issues, and better protect them moving forward?