In 2005, Openflows performed a network security audit for the English Radio division of the Canadian Broadcasting Corporation (CBC) in Toronto. This project involved a comprehensive vulnerability assessment of workstations, servers, and routers; a critical analysis of the network architecture; and a review of organizational policies and practices related to network usage. After working closely with the CBC to understand their specific needs, we provided them with a detailed report of potential security risks, as well as recommended solutions.
As part of the vulnerability assessment, we scanned the network for viruses, known security holes, and unpatched software. The dangers of these threats were assessed by conducting probes, as well as simulating attacks. By scaling the level of our intrusions, we were able to perform the audit without overwhelming or damaging the network.
Our assessment also involved an investigation of the network architecture. After mapping out the network structure, we identified the critical servers and gateways that required enhanced security. Using industry-standard tools based on NSA guidelines, we then surveyed the network’s Cisco routers to ensure optimal configuration.
While the technical aspects of network security are the most obvious, it is also important to look at organizational factors. Accordingly, we conducted an enterprise assessment to discover how the CBC employees actually use and interact with the network. This process involved interviews with a random sampling of 35 individuals at all levels, from part-time contractors to senior management.
By discovering the actual organizational use of technology, we were able to assess the real risks present and the subsequent opportunities to address them, within the context of network security and stability. This allowed us to develop creative solutions that were tailored specifically to their needs and organizational mission.
By synthesizing these three aspects into a comprehensive report, Openflows was able to deliver a detailed analysis of current network state and user practices to CBC English Radio management. Additionally, Openflows engaged this department in their own debriefing, as well as aiding with presentation of this report by English Radio to other departments involved with these networks. This project has resulted in a significant increase in awareness for these operational units within the CBC, helping generate coherent new mandates to upgrade security and educate users.