SlideShare une entreprise Scribd logo

Review of network diagram

Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

This Document describes How to review a Network Architecture in context of Information security . It helps to identify the starting point for reviewing the components of network with respect to best practices. A Network Architecture Review is a review and analysis of relevant network artifacts (e.g. network diagrams, security requirements, technology inventory, DMZ).

Formation
1  sur  3
Télécharger pour lire hors ligne
1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.

Recommandé

Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
Eberly Wilson
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
LAN Security
LAN Security LAN Security
LAN Security
Syed Ubaid Ali Jafri
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 

Recommandé

Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
Eberly Wilson
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
LAN Security
LAN Security LAN Security
LAN Security
Syed Ubaid Ali Jafri
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
Maganathin Veeraragaloo
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
Piyush Jain
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
Jose Palanco
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
Saurabh Kheni
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
Syed Ubaid Ali Jafri
 

Contenu connexe

Tendances

Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 

Tendances (20)

Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
OT Security - h-c0n 2020
OT Security - h-c0n 2020OT Security - h-c0n 2020
OT Security - h-c0n 2020
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Information security
Information securityInformation security
Information security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 

En vedette

Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
Kent Haubein
 
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
Ather Nawaz
 
Cultural differences in the structure of categories among users of wedding pi...
Cultural differences in the structure of categories among users of wedding pi...Cultural differences in the structure of categories among users of wedding pi...
Cultural differences in the structure of categories among users of wedding pi...
Ather Nawaz
 
CONTEXTUAL ARCHITECTURE: An Indian Perspective
CONTEXTUAL ARCHITECTURE: An Indian PerspectiveCONTEXTUAL ARCHITECTURE: An Indian Perspective
CONTEXTUAL ARCHITECTURE: An Indian Perspective
Sarbjit Bahga
 
DCC2014 - Conversation and Critique within the Architectural Design Process: ...
DCC2014 - Conversation and Critique within the Architectural Design Process: ...DCC2014 - Conversation and Critique within the Architectural Design Process: ...
DCC2014 - Conversation and Critique within the Architectural Design Process: ...
Pieter Pauwels
 

En vedette (20)

Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
u10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubeinu10a1 Network and Security Architecture _FINAL - Kent Haubein
u10a1 Network and Security Architecture _FINAL - Kent Haubein
 
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
 
Beyond Findability: Context
Beyond Findability: ContextBeyond Findability: Context
Beyond Findability: Context
 
Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People
 
Cultural differences in the structure of categories among users of wedding pi...
Cultural differences in the structure of categories among users of wedding pi...Cultural differences in the structure of categories among users of wedding pi...
Cultural differences in the structure of categories among users of wedding pi...
 
Research Seminar
Research SeminarResearch Seminar
Research Seminar
 
Context oriented architecture - Put the boundary in the right place
Context oriented architecture - Put the boundary in the right placeContext oriented architecture - Put the boundary in the right place
Context oriented architecture - Put the boundary in the right place
 
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat LandscapeSecureWorld St. Louis: Survival in an Evolving Threat Landscape
SecureWorld St. Louis: Survival in an Evolving Threat Landscape
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2
 
10 Legal+Compliance+Investigation
10 Legal+Compliance+Investigation10 Legal+Compliance+Investigation
10 Legal+Compliance+Investigation
 
CONTEXTUAL ARCHITECTURE: An Indian Perspective
CONTEXTUAL ARCHITECTURE: An Indian PerspectiveCONTEXTUAL ARCHITECTURE: An Indian Perspective
CONTEXTUAL ARCHITECTURE: An Indian Perspective
 
DCC2014 - Conversation and Critique within the Architectural Design Process: ...
DCC2014 - Conversation and Critique within the Architectural Design Process: ...DCC2014 - Conversation and Critique within the Architectural Design Process: ...
DCC2014 - Conversation and Critique within the Architectural Design Process: ...
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6"Lost Stars" - Why Operators Switch Off IPv6
"Lost Stars" - Why Operators Switch Off IPv6
 
Oscp preparation
Oscp preparationOscp preparation
Oscp preparation
 

Similaire à Review of network diagram

apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
jibinsh
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
ams1ams11
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
Muhammad FAHAD
 

Similaire à Review of network diagram (20)

Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
 
Day4
Day4Day4
Day4
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved Security
 
Firewall ppt.pptx
Firewall ppt.pptxFirewall ppt.pptx
Firewall ppt.pptx
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 

Plus de Syed Ubaid Ali Jafri

Plus de Syed Ubaid Ali Jafri (15)

Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Data calling from web to C#
Data calling from web to C#Data calling from web to C#
Data calling from web to C#
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography)
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography Techniques
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology
 
Storage area network
Storage area networkStorage area network
Storage area network
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
 
Network security over ethernet
Network security over ethernetNetwork security over ethernet
Network security over ethernet
 

Dernier

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 

Review of network diagram

  • 1. 1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
  • 2. 2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
  • 3. 3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.