Do you know every device that is on your network?
Many organizations will say they have a good idea.
But do they really?
On penetration tests, we regularly find devices that the organization being tested wasn’t aware were present.
Here are 5 IT asset management best practices that you should follow to reduce your attack surface.

  1. Create an IT Asset Inventory
  2. Develop IT Asset Life Cycle Management Plan
  3. Automate processes to discover new assets
  4. Prevent un-approved items from joining the network
  5. Regularly audit and update asset inventory

Create an IT asset inventory

Here’s the bottom line when it comes to IT Assets:
You can’t secure what you don’t know exists.
It is paramount for your organization’s security program to know exactly what devices, software, and solutions are being used.
Here’s how you can create a complete asset inventory

Step 1: Discovering Assets

Use an asset scanner/discovery solution like NMAP to find all of the devices that are connected to your network.
Note: NMAP is a command line tool, but you can use the GUI version – ZenMap – if you aren’t that great with command line. You can download the tool here.

Zenmap demo scan. Zenmap is the GUI for the free cybersecurity tool nmap.

In Zenmap, you will need to perform a scan of your network’s subnets.
There are many operators that you can use to improve the results you get.
For example, you can use the -O flag to tell it to try to determine the operating system of the device.
If you are new to NMAP, here’s a great tutorial to get started.

Step 2: Document the devices you’ve discovered

In Zenmap, you can’t export your network findings to a CSV file directly.
But there are some tools that can help you easily convert to an Excel sheet if you want to track your assets that way.
Here’s one tool that can help.
NMAP Scan To CSV Tool
Alternatively, you can use an IT Asset Management Solution tool to track your assets.
These tools usually make it very simple to sort, filter, and export assets and asset details.

Step 3: Add an agent for automatically inventorying software

You can perform a manual software asset inventory, but that will get SUPER tedious and painful for your IT team – I promise.
Instead, I would recommend starting with an automated solution.
Qualys is a free option that works really well.

Whenever you deploy a new device, add the Qualys agent.
It will automatically report all of the software installed on each device and the version info and any vulnerabilities that may exist.
This is a cloud-based solution.
If you aren’t comfortable with cloud-based solutions, Spiceworks has an on-premise version that works decently well.

Bonus Tip:

Here are some things that you may want to consider adding to your asset inventory

  • Drivers
  • Firmware
  • Graphics and Audio
  • Hard Drives
  • Hosted Virtual Machines
  • Logical Volumes
  • Memory
  • Network Interfaces
  • Operating System
  • Updates Applied
  • Out of Band Management
  • Peripherals
  • Ports and USB Controllers
  • Processors
  • Removable Media
  • Software Inventory
  • Storage Controllers
  • System Information
  • OS Update Information

Develop IT Asset Life Cycle Management Plan

So once you have a complete asset inventory in place, you will need to move on to the next asset management best practice.
Turning your asset inventory list into a complete asset life cycle management plan.
While this part isn’t nearly as tedious as the initial phase, it is equally important.
Here’s how you can create a plan for managing IT assets during their entire lifecycle.

Create policies and procedures

Your organization needs to have policies and procures in place that dictate how staff will handle each phase of asset’s life cycle.
Here are some policies or procedures that you should look into standardizing:

Device request policy

Create a standard form or method that ALL individuals within the company must follow when requesting new devices.
The complexity or sophisticaiton of this will vary greatly depending on your organization.
For a large organization, this could include request forms with components request and management approval.
Smaller organizations, on the other hand, might simply have a form to document the request made.

Asset request approval policy

The party(s) who approve request for new devices should have procedures in place for documenting them.
Should an investigation come up later, you want to be able to go back and know who made a request and who approved it.

IT asset procurement policy

Another important part of the asset lifecycle that you’ll want to create standard procedures for is purchasing.
This becomes especially important for managing warranties.

Asset deployment policy

It is important that assets in your environment be deployed in a standardized way.
This is quite important for security.
Hopefully, you have already created a standard computer build.
This build will have been checked for security vulnerabilities and have all of the common software in your environment.
Then, each time a new computer needs to be deployed, it will basically be a clone of the “golden image.”
Again, this is super important for security; it will be much easier to secure and maintain standardized devices in your environment.

Automate Processes To Discover New Assets

Here’s the thing about following IT Asset Management best practices that you have to understand.
It is a continuous process; it’s not at all a one-time project.
That being said, it’s very important that you find ways to automate the required processes.
Again, remember, the focus of your efforts in this entire process is to secure your environment.
And you can’t secure what you don’t know exists.

SpiceWorks IT asset management solution

There are countless IT asset management solutions that you can use, but in this section, we’ll look at one that’s free and works great for SMBs.

Once you have SpiceWorks Asset management setup, you can schedule network scans.
There are a few options for querying detailed information about the assets on your network.
If you use WMI, be sure that you have a service account setup in active directory.
Create security alerts for this account.

Next, create policies and schedules for scanning your network.
In SpiceWorks, set how often you want the scans to be performed and the target networks.

Finally, you can set up automated reports to email network scan findings.
Take note.
While automated tools like SpiceWorks IT asset management are great, you should still perform manual audits.
It’s possible for attackers to hide from these systems.

Prevent unapproved devices from joining your network

This is a critical IT Asset management best practice.
You should definitely implement a solution to prevent unauthorized devices from joining your network
There are numerous ways that you can approach this; let’s discuss a couple.

MAC Filtering

Every network device has a unique identifier — a MAC address.
If you’ve been implementing the IT asset management best practices that we’ve already discussed, you should have the MAC address of each device on your network.
Now, to prevent un-approved devices from joining or traversing your network, you can implement MAC filtering.
Many modern switches, routers, and firewalls have this capability.
Essentially, you will whitelist the MAC addresses that you want to allow on your network.
Everything else will be blocked.

Note: There are various ways that you can add the MACs to the whitelist. You don’t have to do it manually. Check out this article to learn more about it.

Network authentication

Network authentication protocol is another effective way to prevent rouge devices from joining your network.
Traditionally, this would require a completely separate solution.
However, for SMBs, many of the common UTMs and firewalls have this capability baked in.
In the SOPHOS XG firewalls, for example, you can sync the users from Microsoft Active Directory.
Then, you can set that all users have to authenticate with their AD credentials before their traffic can traverse the network

Regularly audit and update asset inventory

Here’s the IT Asset management best practice that often gets overlooked.
You have to keep it up.
If your organization is in a regulated industry, you know that you must be prepared for audits.
However, every organization should keep their security documentation updated.
Performing self-audits is a requisite part of this.

Here’s how you can audit and maintain your asset inventory

Create audit policies – Step 1

You need to have a policy in place that defines how often you will perform the audit as well as what the audit will review.
The policy that you create should include the people who will conduct the audits as well as what tools they will use.

Conduct the audit – Step 2

Exactly how you audit your IT assets will vary greatly depending on the size of your organization and the tools you have.
Here’s what you want to do
Perform another scan of your network and determine the devices present.
Then, compare that scan’s results with the documented results.
Do they align closely?
Are there big gaps?
If so, you should determine what led to those gaps.
Were policies and procedures not followed? Or have rogue devices or software been installed.
Conducting regular audits is important in keeping your environment secure.
You can find rogue systems much more quickly.

Conclusion

Organizations are getting breached constantly.
Many times, it’s the basic security controls that they are missing.
One of the most fundamental security controls is knowing exactly what devices and software are on your network.
If you aren’t following these simple IT asset management best practices, your organization is vulnerable.
Set a goal.
If you don’t have an IT asset management program in place already, create one within the next thirty days.
Will you do it?

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
close-link
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared
close-link
LET'S FIGURE OUT HOW TO HELP YOU BECOME A CYBER HERO + FREE STUFF!

Reasons to Subscribe to the CyberX Email List:

 
CLICK HERE TO SUBSCRIBE

 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 
 

close-link

Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 
 
DOWNLOAD THE FREE GUIDE
close-link

Download the IT Asset Management Checklist

Our checklist to help you effectively manage the devices on your network
DOWNLOAD THE FREE CHECKLIST
close-link

SAVE MY SPOT!