Академический Документы
Профессиональный Документы
Культура Документы
NETWORK ARCHITECTURE
In Context of Information Security
BY
Syed Ubaid Ali Jafri
Information Security Expert
1|Page
Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors,
Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look
like, it shows the interaction between the servers, nodes, network components, security components.
Control(s) Name
Perimeter Security
Network Segregation
Network Resilience
10
2|Page
Control(s) Description
Identify What security mechanism
is define for Servers, Firewall, IDS,
DMZ, Internal Network.
Recommendation(s)
It is recommended that DMZ controls
should be separately defined,
Perimeter Controls should be
separately defined and Internal
Network
Controls
should
be
separately defined.
It is recommended that Hardware
devices whos LDOS is near or has
ended up should be replaced with the
upgraded model immediately.
It is necessary to install a redundant
device if organization is running
medium, large business and should be
able to work parallel with the other
devices.
Devices should be placed as per
layered based architecture. For
example (Port Security/MAC Binding
Should be applied on L2) Firewall
should be placed up to Layer 4 and
Application layer Firewall should be
placed over Layer 7.
It is recommended that organization
should installed IDS/IPS over external
and internal network.
Ensure that all the Entry/ Exit points
are protected by appropriate filtering
using firewall or UTM.
If not, It is recommended that InterVLAN routing should be enabled on
L2, L3 Switch level.
If yes, then ensure that properly
remote access logging has been made
on the servers, logs of user access are
being generated.
Ensure that network has an ability to
provide and maintain an acceptable
level of service in the face of faults
and challenges.
It is recommended that Packet Filter
mechanism should be in place,
further Anti ARP spoofing must be
enabled on devices interfaces.
S. No
Control(s) Name
11
12
Server Farm
13
Positive Feedbacks
14
15
Network Logging
3|Page
Control(s) Description
Identify what are the current
placement of Network Security
devices
When considering server Farm
identify whether server(s) farm
contain Internal firewall or not.
Identify what positive feedbacks
were given previously by the
vendor
Identify what mechanism currently
in place to identify the third party
connections to the network
Identify appropriate logging and
review is in place
Recommendation(s)
It is recommended that IDS/IPS
should be at 1st Barrier, Firewall
Should be a 2nd Barrier, and other
Monitoring Software should be at 3rd
Barrier.
It is recommended that an internal
firewall should be in place before the
Server farm(s).
You are an information Security
consultant not an auditor, It is
recommended to put some positive
comments on the network diagram.
It is recommended that access should
be restricted to all the network and
should be allowed to only certain
parts of the networks.
It is recommended that Network
logging should be kept for each
device place in the core/perimeter
network.