SlideShare a Scribd company logo

Review of network diagram

Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

This Document describes How to review a Network Architecture in context of Information security . It helps to identify the starting point for reviewing the components of network with respect to best practices. A Network Architecture Review is a review and analysis of relevant network artifacts (e.g. network diagrams, security requirements, technology inventory, DMZ).

Related slideshows

Information security
Information securityInformation security
Information security
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
1 of 3
Download to read offline
1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.

More Related Content

Review of network diagram

  • 1. 1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
  • 2. 2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
  • 3. 3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.