SlideShare ist ein Scribd-Unternehmen logo

Review of network diagram

Syed Ubaid Ali Jafri
Syed Ubaid Ali Jafri

Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.

Präsentationen & Vorträge
1 von 3
Downloaden Sie, um offline zu lesen
1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.

Empfohlen

Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
Eberly Wilson
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
AAA Best Practices
AAA Best PracticesAAA Best Practices
AAA Best Practices
Sagar Gor
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 

Empfohlen

Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
Eberly Wilson
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain
 
AAA Best Practices
AAA Best PracticesAAA Best Practices
AAA Best Practices
Sagar Gor
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
IPMAX s.r.l.
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
Bharat Jindal
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE - ATT&CKcon
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
Sirris
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Priyanshu Ratnakar
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Tools kali
Tools kaliTools kali
Tools kali
ketban0702
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
Mostafa El Lathy
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
SalmenHAJJI1
 
Firewall
FirewallFirewall
Firewall
trilokchandra prakash
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
Amare Kassa
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 

Weitere ähnliche Inhalte

Was ist angesagt?

NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 

Was ist angesagt? (20)

FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Tools kali
Tools kaliTools kali
Tools kali
 
Incident response
Incident responseIncident response
Incident response
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
13 palo alto url web filtering concept
13 palo alto url web filtering concept13 palo alto url web filtering concept
13 palo alto url web filtering concept
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1
 
Firewall
FirewallFirewall
Firewall
 

Ähnlich wie Review of network diagram

apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
jibinsh
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
ams1ams11
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
Muhammad FAHAD
 

Ähnlich wie Review of network diagram (20)

Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
 
Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02Firewallpresentation 100826052003-phpapp02
Firewallpresentation 100826052003-phpapp02
 
Day4
Day4Day4
Day4
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
Deploying Network Taps for Improved Security
Deploying Network Taps for Improved SecurityDeploying Network Taps for Improved Security
Deploying Network Taps for Improved Security
 
Firewall ppt.pptx
Firewall ppt.pptxFirewall ppt.pptx
Firewall ppt.pptx
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 

Mehr von Syed Ubaid Ali Jafri

Mehr von Syed Ubaid Ali Jafri (17)

Requirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing LabRequirement for creating a Penetration Testing Lab
Requirement for creating a Penetration Testing Lab
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
OSI Layered based attacks
OSI Layered based attacksOSI Layered based attacks
OSI Layered based attacks
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Data calling from web to C#
Data calling from web to C#Data calling from web to C#
Data calling from web to C#
 
Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable Android 2.0 - 4.0 HTML Vulnerable
Android 2.0 - 4.0 HTML Vulnerable
 
Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography) Data Hiding (An Approach towards Stegnography)
Data Hiding (An Approach towards Stegnography)
 
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali JafriFinal Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
Final Year Projects (Computer Science 2013) - Syed Ubaid Ali Jafri
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
 
Syed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography TechniquesSyed Ubaid Ali Jafri - Cryptography Techniques
Syed Ubaid Ali Jafri - Cryptography Techniques
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology Syed Ubaid Ali Jafri Lecture on Information Technology
Syed Ubaid Ali Jafri Lecture on Information Technology
 
Storage area network
Storage area networkStorage area network
Storage area network
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
IP Security over VPN
IP Security over VPNIP Security over VPN
IP Security over VPN
 
Network security over ethernet
Network security over ethernetNetwork security over ethernet
Network security over ethernet
 
LAN Security
LAN Security LAN Security
LAN Security
 

Kürzlich hochgeladen

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
ZurliaSoop
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Hung Le
 

Kürzlich hochgeladen (17)

ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 

Review of network diagram

  • 1. 1 | P a g e Review of NETWORK ARCHITECTURE In Context of Information Security BY Syed Ubaid Ali Jafri Information Security Expert
  • 2. 2 | P a g e Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors, Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look like, it shows the interaction between the servers, nodes, network components, security components. Network Architecture Checklist S. No Control(s) Name Control(s) Description Recommendation(s) 1 Current Security Practice in Place Identify What security mechanism is define for Servers, Firewall, IDS, DMZ, Internal Network. It is recommended that DMZ controls should be separately defined, Perimeter Controls should be separately defined and Internal Network Controls should be separately defined. 2 Identify the LDOS (Last Day of Support) Devices Identify the core network as well as internal network to ensure what devices has passed or about to pass the LDOS It is recommended that Hardware devices who’s LDOS is near or has ended up should be replaced with the upgraded model immediately. 3 Redundancy Across the Devices Check the redundant mechanism is in place between the network devices e.g. (Firewall, Core Switch, Core Router, VPN Gateway) It is necessary to install a redundant device if organization is running medium, large business and should be able to work parallel with the other devices. 4 Layer Based approach Applied Evaluated that organization is using a layered approach architecture or it is using the signal layer architecture Devices should be placed as per layered based architecture. For example (Port Security/MAC Binding Should be applied on L2) Firewall should be placed up to Layer 4 and Application layer Firewall should be placed over Layer 7. 5 Intrusion Detection / Prevention System Identify that organization has installed intrusion detection and prevention system. It is recommended that organization should installed IDS/IPS over external and internal network. 6 Perimeter Security Have all entry/exit network points are clearly identified in the network diagram. Ensure that all the Entry/ Exit points are protected by appropriate filtering using firewall or UTM. 7 Network Segregation Identify whether Inter-VLAN routing is enabled If not, It is recommended that Inter- VLAN routing should be enabled on L2, L3 Switch level. 8 Remote User Access Identify whether Employee access core system through remote access mechanism. If yes, then ensure that properly remote access logging has been made on the servers, logs of user access are being generated. 9 Network Resilience Identify network and devices have the capability to provide services in case of any fault occurred in the network. Ensure that network has an ability to provide and maintain an acceptable level of service in the face of faults and challenges. 10 Sniffing / Interception / MITM Identify whether network is prone to handle the sniffing/MITM/Interception attack. It is recommended that Packet Filter mechanism should be in place, further Anti ARP spoofing must be enabled on devices interfaces.
  • 3. 3 | P a g e S. No Control(s) Name Control(s) Description Recommendation(s) 11 Placement of Firewall / IDS-IPS Identify what are the current placement of Network Security devices It is recommended that IDS/IPS should be at 1st Barrier, Firewall Should be a 2nd Barrier, and other Monitoring Software should be at 3rd Barrier. 12 Server Farm When considering server Farm identify whether server(s) farm contain Internal firewall or not. It is recommended that an internal firewall should be in place before the Server farm(s). 13 Positive Feedbacks Identify what positive feedbacks were given previously by the vendor You are an information Security consultant not an auditor, It is recommended to put some positive comments on the network diagram. 14 Third Party Connections Identify what mechanism currently in place to identify the third party connections to the network It is recommended that access should be restricted to all the network and should be allowed to only certain parts of the networks. 15 Network Logging Identify appropriate logging and review is in place It is recommended that Network logging should be kept for each device place in the core/perimeter network.