Network Architecture, I am sure every one of us have heard it and often copied them from Internet for our assignments for network classes. But when it comes to reviewing them, it often becomes a confusing task for the new-comers in auditing.
So here I will share some of the basic tips on how to start with understanding a network architecture.
- You must research about the organization and its business. Try to understand what is critical for their business in terms of CIA (Confidentiality, Integrity and Availability)
- When understanding a network architecture first start with understanding the network diagram. Obtain a copy of the architecture from the client and sit with one of their members to understand what it is all about.
- Draw their architecture in your own system (or notebook). Locate their key areas, their key nodes of business. For eg. Mark their data centre, their disaster recovery centres etc.
- Mark the boundaries and divide them in zones. Eg. If the organization is spread across locations then they must be using the Internet to connect their locations. So each location is a zone, then their boundary is where they connect to internet. Then the Internet is a separate zone. Again their datacentre where all the locations connect is another zone having a boundary with Internet.
- Now that you have to zones. Mark them in terms of Security and service. Eg. The Internet zone will not be a secure zone. The data centre or the LAN zone will be secure and service quality too should be good.
- Analyse the boundary conditions. If any traffic is going from a secure zone to non-secure zone or vice versa is there some control to check the traffic. Any communication link between public and private network should have appropriate security controls. Eg. DMZ boundaries should have firewalls.
- Now analyse the traffic in details. You should have a the basic understanding of the kind of data (and their criticality) will be traversing in the network. You should get this understanding from your own research and from the walk-through you have with the network team. Check the level and security of encryption they provide to the data, ensure they follow the industry best practices. Eg. I was recently auditing a bank, and found that they don’t use IPSec (or anything) in some of the branches to secure the communication!
- Now check the resources in each zone. Ask questions like why is a server is in ‘this’ domain? Check if it can be moved to a more secure zone. Eg. If there is a server in DMZ which is not accessed by the public directly then it can be a recommendation.
- Last but not the least get a list of security incidents, and the service requests raised for networks. Check those issues, try to see if the cause of the issues lie in the architecture. If so address them.
These are basic few steps which, I recommend when performing a network architecture review. However ensure you are very sure and comfortable about the network diagram and understanding. You will face resistance often from the network team of the client, but ensure you work your way to get the right information from them.
Rahul Das
Consultant, Risk Advisory Services
PwC, Mumbai
MS-CLIS, (2011-2013)