Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Digital collaboration with Microsoft 365 as extension of Drupal
Review of network diagram
1. 1 | P a g e
Review of
NETWORK ARCHITECTURE
In Context of Information Security
BY
Syed Ubaid Ali Jafri
Information Security Expert
2. 2 | P a g e
Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors,
Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look
like, it shows the interaction between the servers, nodes, network components, security components.
Network Architecture Checklist
S. No Control(s) Name Control(s) Description Recommendation(s)
1 Current Security Practice in Place
Identify What security mechanism
is define for Servers, Firewall, IDS,
DMZ, Internal Network.
It is recommended that DMZ controls
should be separately defined,
Perimeter Controls should be
separately defined and Internal
Network Controls should be
separately defined.
2 Identify the LDOS
(Last Day of Support) Devices
Identify the core network as well
as internal network to ensure
what devices has passed or about
to pass the LDOS
It is recommended that Hardware
devices who’s LDOS is near or has
ended up should be replaced with the
upgraded model immediately.
3 Redundancy Across the Devices
Check the redundant mechanism
is in place between the network
devices e.g. (Firewall, Core Switch,
Core Router, VPN Gateway)
It is necessary to install a redundant
device if organization is running
medium, large business and should be
able to work parallel with the other
devices.
4 Layer Based approach Applied
Evaluated that organization is
using a layered approach
architecture or it is using the signal
layer architecture
Devices should be placed as per
layered based architecture. For
example (Port Security/MAC Binding
Should be applied on L2) Firewall
should be placed up to Layer 4 and
Application layer Firewall should be
placed over Layer 7.
5 Intrusion Detection / Prevention
System
Identify that organization has
installed intrusion detection and
prevention system.
It is recommended that organization
should installed IDS/IPS over external
and internal network.
6 Perimeter Security
Have all entry/exit network points
are clearly identified in the
network diagram.
Ensure that all the Entry/ Exit points
are protected by appropriate filtering
using firewall or UTM.
7 Network Segregation
Identify whether Inter-VLAN
routing is enabled
If not, It is recommended that Inter-
VLAN routing should be enabled on
L2, L3 Switch level.
8 Remote User Access
Identify whether Employee access
core system through remote
access mechanism.
If yes, then ensure that properly
remote access logging has been made
on the servers, logs of user access are
being generated.
9 Network Resilience
Identify network and devices have
the capability to provide services
in case of any fault occurred in the
network.
Ensure that network has an ability to
provide and maintain an acceptable
level of service in the face of faults
and challenges.
10 Sniffing / Interception / MITM Identify whether network is prone
to handle the
sniffing/MITM/Interception attack.
It is recommended that Packet Filter
mechanism should be in place,
further Anti ARP spoofing must be
enabled on devices interfaces.
3. 3 | P a g e
S. No Control(s) Name Control(s) Description Recommendation(s)
11 Placement of Firewall / IDS-IPS Identify what are the current
placement of Network Security
devices
It is recommended that IDS/IPS
should be at 1st
Barrier, Firewall
Should be a 2nd
Barrier, and other
Monitoring Software should be at 3rd
Barrier.
12 Server Farm
When considering server Farm
identify whether server(s) farm
contain Internal firewall or not.
It is recommended that an internal
firewall should be in place before the
Server farm(s).
13 Positive Feedbacks
Identify what positive feedbacks
were given previously by the
vendor
You are an information Security
consultant not an auditor, It is
recommended to put some positive
comments on the network diagram.
14 Third Party Connections
Identify what mechanism currently
in place to identify the third party
connections to the network
It is recommended that access should
be restricted to all the network and
should be allowed to only certain
parts of the networks.
15 Network Logging Identify appropriate logging and
review is in place
It is recommended that Network
logging should be kept for each
device place in the core/perimeter
network.