Review of

NETWORK ARCHITECTURE
In Context of Information Security

BY
Syed Ubaid Ali Jafri
Information Security Expert

1|Page

Network Diagram Network Diagram is just like an architect having the map of the building that contains all the Floors,
Stairs, Wall, Windows, Roof, and Dimension involves in it. Network diagram typically visualize how a network structure is look
like, it shows the interaction between the servers, nodes, network components, security components.

Network Architecture Checklist

S. No

Control(s) Name

Current Security Practice in Place

Identify the LDOS

(Last Day of Support) Devices

Redundancy Across the Devices

Layer Based approach Applied

Intrusion Detection / Prevention

System

Perimeter Security

Network Segregation

Remote User Access

Network Resilience

10

Sniffing / Interception / MITM

2|Page

Control(s) Description
Identify What security mechanism
is define for Servers, Firewall, IDS,
DMZ, Internal Network.

Identify the core network as well

as internal network to ensure
what devices has passed or about
to pass the LDOS
Check the redundant mechanism
is in place between the network
devices e.g. (Firewall, Core Switch,
Core Router, VPN Gateway)
Evaluated that organization is
using a layered approach
architecture or it is using the signal
layer architecture

Identify that organization has

installed intrusion detection and
prevention system.
Have all entry/exit network points
are clearly identified in the
network diagram.
Identify whether Inter-VLAN
routing is enabled
Identify whether Employee access
core system through remote
access mechanism.
Identify network and devices have
the capability to provide services
in case of any fault occurred in the
network.
Identify whether network is prone
to handle the
sniffing/MITM/Interception attack.

Recommendation(s)
It is recommended that DMZ controls
should be separately defined,
Perimeter Controls should be
separately defined and Internal
Network
Controls
should
be
separately defined.
It is recommended that Hardware
devices whos LDOS is near or has
ended up should be replaced with the
upgraded model immediately.
It is necessary to install a redundant
device if organization is running
medium, large business and should be
able to work parallel with the other
devices.
Devices should be placed as per
layered based architecture. For
example (Port Security/MAC Binding
Should be applied on L2) Firewall
should be placed up to Layer 4 and
Application layer Firewall should be
placed over Layer 7.
It is recommended that organization
should installed IDS/IPS over external
and internal network.
Ensure that all the Entry/ Exit points
are protected by appropriate filtering
using firewall or UTM.
If not, It is recommended that InterVLAN routing should be enabled on
L2, L3 Switch level.
If yes, then ensure that properly
remote access logging has been made
on the servers, logs of user access are
being generated.
Ensure that network has an ability to
provide and maintain an acceptable
level of service in the face of faults
and challenges.
It is recommended that Packet Filter
mechanism should be in place,
further Anti ARP spoofing must be
enabled on devices interfaces.

S. No

Control(s) Name

11

Placement of Firewall / IDS-IPS

12

Server Farm

13

Positive Feedbacks

14

Third Party Connections

15

Network Logging

3|Page

Control(s) Description
Identify what are the current
placement of Network Security
devices
When considering server Farm
identify whether server(s) farm
contain Internal firewall or not.
Identify what positive feedbacks
were given previously by the
vendor
Identify what mechanism currently
in place to identify the third party
connections to the network
Identify appropriate logging and
review is in place

Recommendation(s)
It is recommended that IDS/IPS
should be at 1st Barrier, Firewall
Should be a 2nd Barrier, and other
Monitoring Software should be at 3rd
Barrier.
It is recommended that an internal
firewall should be in place before the
Server farm(s).
You are an information Security
consultant not an auditor, It is
recommended to put some positive
comments on the network diagram.
It is recommended that access should
be restricted to all the network and
should be allowed to only certain
parts of the networks.
It is recommended that Network
logging should be kept for each
device place in the core/perimeter
network.