SlideShare a Scribd company logo

Network Architecture Review Checklist

Eberly Wilson
Eberly Wilson

The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture

1 of 4
Download to read offline
Sr. No. Review Area Question/Control description Suggested Verification step Evidence/Artificats 1 Documentation Has the design of the network been formally documented? 1)Check if a documented network diagram exists? 2)Check that the design has been through a formal review and sign-off process and that it is now under change control. 1)Network Diagram 2)Version Control 3)Formal review & sign-off 2 Documentation Have the security requirements of the organization been identified and incorporated in the design? 1)Determine if the requirements for the network have been formally documented. 2)Confirm that security requirements are addressed (eg confidentiality of network traffic,encryption) 3)Check if sizing and growth information have been incorporated in the design. 1)Network Design document 2)Network Capacity Planning document 3 Firewall rule Change Management Is the implementation and change of traffic filtering rule sets subject to strict change management procedures? 1)Verify the firewall rules & respective approved change management requests/tickets 2)Ensure all changes are formally documented and include at minimum the date of the change, the name of person making the change and the reason. 1)Change management requests/tickets 2)Firewall change management procedure. 4 Firewall rule Review Periodic review of Firewall rules 1)Check if periodic review of firewall rules is carried out? 2)Check if not used/expired firewall rules are removed/disabled? 1)Firewall rule review 2)Firewall rules 5 Intrusion Detection/Preventi on Are Intrusion detection system sensors placed in the correct location to detect attempts to penetrate the network? 1)Check if IDS/IPS sensors are placed in a position to detect attempts to penetrate.(eg before or after firewalls or all points of entry and exit in a network). 2) Check if the critical & sensitive systems are protected by IDS/IPS 1)Network Diagram 2)Discussion with Network Admin/Architect 6 Network Addressing Does network addressing scheme that is specified in the design make the network scalable,optimal & manageable? 1) Are the network address ranges contiguous and facilitate a hierarchical approach to network? 2)Is the private address ranges being used facilitate easy diagnosis of network problems. 3)Does it make the networks more difficult to extend? 1) Network Addressing Scheme 2)Router/Switch configuration 3)Discussion with Network Admin/Architect 7 Network Design Does the design of the network incorporate coherent standards/Regulations? 1)Check if the design of the network complies with relevant & applicable standards & regulations (e,g RBI guidelines,PCI-DSS,Data Privacy) 1) Verify compliance against relevant applicable standards
8 Network Design Is consistent naming standards included in the design 1)Check if the design incorporates consistent naming standard for the various components in the network. 1) Veify for naming standards in the design document 9 Network Filtering Are network filtering devices configured to filter specific types of traffic (eg IP address, port), block or restrict particular types or sources of traffic, and limit the use of communications that are prone to abuse? 1) Check firewall rules are configured with default-deny stance 2) Check firewall rules for traffic filtering ports by IP address & ports and not ANY ANY. 1)Firewall rules 10 Network Routing Are the routing methods used in the design making the network vulnerable to errors or latency? 1)Are both static and dynamic routing being used? 2)Review the routing table and verify that the route followed is optimal for dynamic routing? 1)Router configuration 2)Routing table 11 Network Segregation Does the design of the network include distinct sub- networks, protected by rule based traffic filtering? 1) Check if network is divided into sub-networks based on criticality 2) Check if the traffic between the sub-networks are protected by a network filtering device (e,g firewall,core switch with FWSM). 1) Network diagram 2) Firewall rules/ACL's 12 Network Segregation Does the network make use of VLAN's? 1) Confirm if VLAN's are being used and check if networks are segregated based on criticality. 1)Network Diagram 2)VLAN configuration 3)Core Switch configuration 13 Network Segregation Is Inter VLAN routing enabled? 1) Check if inter VLAN routing is enabled? 2) Review the Core Switch ACL's 1) Switch Configuration 2)VLAN config details 14 Network Segregation Verify if appropriate segregation is implemented between wired and wireless networks? 1) Check if the wired & wireless networks are segregated by a firewall. 1)Network Diagram 2)Discussion with Network Admin/Architect 15 Network Segregation Public facing devices placed in DMZ 1) Are all public facing devices placed in DMZ 2)Are all public facing systems placed on different DMZ's based on criticality & functionality of the system. 1)Network Diagram 2)Discussion with Network Admin/Architect 16 Perimeter Security Have all entry/exit network points are clearly identified in the network design. 1)Confirm that all entry / exit points are clearly identified in the network design. 2)Check that all entry / exit points serve a key business purpose. 3) Verify the security requirements for all entry/exit points 1)Network diagram 2)Discuss with the network admin the purose of each entry/exit points 3)Encryption,VPN,access control filtering for each entry/exit point 17 Perimeter Security Have mechanisms been implemented to control all traffic that enters and leaves the network (eg through the use of firewalls/UTM or screening routers)? 1)Check if all entry & exit points are protected by appropriate filtering using firewalls,UTM or screening routers? 1)Network diagram 2)Firewall config 3)Discussion with Network Admin/Architect
18 Third Party Connections Third party connections to the network been identified & secured 1) Have all third party connections identified? 2)Ascertain if access is restricted to only certain parts of the network. 3) Verify if appropriate level of encryption is implemented (i.e VPN) 1)Network diagram 2)Firewall config 3)Discussion with Network Admin/Architect 19 Remote User Access Remote user access protection 1)Request an explanation of how remote users are authenticated. 2)Check that all remote connections are logged. 3)Confirm that remote access logs are reviewed. 4)Confirm user access review is carried out regularly 1)VPN configuration 2)ACS/RSA configuration 3)Discussion with Network Admin 20 Unauthorized connections Regular audit of unauthorized connections 1)Establish if a variety of methods are employed to detect unauthorised connections (eg manual audit, review of telecommunications supplier bills, use of network discovery tools, war-dialling). 2)Determine how often checks are carried out. 3)Check that when external connections are no longer required, they are removed promptly. 4) Regular Wardriving exercises are carried out to locate rogue access points. 1)Network Security Policy 2)Discussion with Network Admin & Information Security Team 21 Authentication Authorization & Accounting AAA systems are in place for network devices 1) Check TACACS or RADIUS is in place for network and security devices 1)TACACS/RADIUS/ACS configuration 22 Network Logging Ensure appropriate logging and review is carried out 1) Ensure all devices events are logged and directed to syslog 2)Verify if log access review is carried out 3) Check the availability of Log correlation tools and effective use of it. 1) Discussion with Network Security Team 2) Check the adherence for Policy interms of logging 23 Time Server All network & security devices are time synchronized 1) Check the availability of NTP server 2) Check if all devices get their time synchronized from this NTP server 1) NTP server configuration
24 Network Resilience To ensure that the network is suppported by a robust & reliable set of hardware & software 1) Have all single point of failures (SPOF) in the network identified? 2)Request information on redundancy measures that have been employed(eg multiple carriers, dual operations centres). 3)Confirm that all critical network devices can be reached via more than one path. 4)Check that network protocols have been implemented that are capable of re- routing traffic in the event of network failure (eg OSPF). 5)Check that resilience arrangements for communication links do not ultimately depend upon common circuits (eg from a common carrier). 6)Check that arrangements to use alternative service providers are adequate (eg by reviewing contractual documentation that exists). 1) BCP/DR documents for Networks 2) Susceptability Analysis reports 3)Network diagram 4)Discussion with Network Admin 25 Network Resilience Network resilience arrangements are tested. 1)Ensure that the fall-back measures specified exist and have been tested to ensure they work correctly. 2)Is there a programme of testing to ensure fall-back mechanisms operate correctly. This testing should simulate, as far as possible, the live operational conditions that will be required (eg similar volumes of traffic). 1)BCP/DR test reports 26 Network Resilience Preventive maintenance is carried out 1)Is preventive maintenance conducted on a regular basis? 2)Are proper records being kept of the equipment type, make, model and its service history? 1) Preventive maintenance reports 2) Network asset register 3) Capacity planning documents Disclaimer All part of this document may be reproduced,stored in a retireval system,or transmitted in any form or by any means, electronic, mechanical ,photocopying ,recording, scanning or otherwise.While the author & G4H have used their best efforts in preparing this work,they make no representation or warranties with respect to the accuracy or completeness of the content of this book.The advice and controls herein may not be usable for your situation, you should cosult a professional where appropriate.Neither G4H or the author shall be liable for any loss of profit or any other commercial damages,including,but not limited to,special,incidental,consequential or other damages.

Recommended

Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 

Recommended

Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
Ivanti
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
Alfred Ouyang
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
shyedshahriar
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Amazon Web Services
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklistRam Srivastava
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
Christopher Willard
 

More Related Content

What's hot

What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
Kellep Charles
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
shyedshahriar
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
InnoTech
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Amazon Web Services
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 

What's hot (20)

What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 

Viewers also liked

Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklistRam Srivastava
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
Christopher Willard
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2
Alfred Ouyang
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Network architecture
Network architectureNetwork architecture
Network architecture
Online
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
Ahmad Tariq Bhatti
 
Contract audit
Contract auditContract audit
Contract audit
EMAC Consulting Group
 
Audit of contracts version 2
Audit of contracts version 2Audit of contracts version 2
Audit of contracts version 2
EMAC Consulting Group
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
Sam Van Loon
 
SDLC
SDLCSDLC
SDLC
jamzak
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information security
Vijay Sekar
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Anton Chuvakin
 
Voice & data assessment presentation 8.2013
Voice & data assessment presentation 8.2013Voice & data assessment presentation 8.2013
Voice & data assessment presentation 8.2013c3telecom
 
Mergers & Acquisitions It Implications
Mergers & Acquisitions It ImplicationsMergers & Acquisitions It Implications
Mergers & Acquisitions It Implications
llangin
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
Alfred Ouyang
 
Beyond Findability: Context
Beyond Findability: ContextBeyond Findability: Context
Beyond Findability: Context
Andrew Hinton
 
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...Ather Nawaz
 
Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People
Ather Nawaz
 

Viewers also liked (20)

Project audit & review checklist
Project audit & review checklistProject audit & review checklist
Project audit & review checklist
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
 
Checklist
ChecklistChecklist
Checklist
 
3 Telecom+Network Part2
3 Telecom+Network Part23 Telecom+Network Part2
3 Telecom+Network Part2
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Network architecture
Network architectureNetwork architecture
Network architecture
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 
Contract audit
Contract auditContract audit
Contract audit
 
Audit of contracts version 2
Audit of contracts version 2Audit of contracts version 2
Audit of contracts version 2
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
 
Network security
Network securityNetwork security
Network security
 
SDLC
SDLCSDLC
SDLC
 
Hipaa checklist - information security
Hipaa checklist - information securityHipaa checklist - information security
Hipaa checklist - information security
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
Voice & data assessment presentation 8.2013
Voice & data assessment presentation 8.2013Voice & data assessment presentation 8.2013
Voice & data assessment presentation 8.2013
 
Mergers & Acquisitions It Implications
Mergers & Acquisitions It ImplicationsMergers & Acquisitions It Implications
Mergers & Acquisitions It Implications
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
Beyond Findability: Context
Beyond Findability: ContextBeyond Findability: Context
Beyond Findability: Context
 
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
THE ROLE OF CULTURE IN THE STRUCTURE OF CATEGORIES OF APPLICATION BETWEEN DEN...
 
Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People Designing Smart Home Technology for Fall Prevention in Older People
Designing Smart Home Technology for Fall Prevention in Older People
 

Similar to Network Architecture Review Checklist

Performance management strategy
Performance management strategyPerformance management strategy
Performance management strategy
katharine300
 
Automatic Analyzing System for Packet Testing and Fault Mapping
Automatic Analyzing System for Packet Testing and Fault MappingAutomatic Analyzing System for Packet Testing and Fault Mapping
Automatic Analyzing System for Packet Testing and Fault Mapping
IRJET Journal
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
HOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.comHOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.com
Prof Ansari
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
ahmeddeath6
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
Prep4Audit
 
Network analysis and design unite_-i.ppt
Network analysis and design unite_-i.pptNetwork analysis and design unite_-i.ppt
Network analysis and design unite_-i.ppt
asaijohn
 
CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session
Joseph Holbrook, Chief Learning Officer (CLO)
 
Cloud data management
Cloud data managementCloud data management
Cloud data managementambitlick
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
Mac An
 
Network management aa
Network management aaNetwork management aa
Network management aa
Dhani Ahmad
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
Kristen Wilson
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET Journal
 
Ccna 4 Chapter 4 V4.0 Answers
Ccna 4 Chapter 4 V4.0 AnswersCcna 4 Chapter 4 V4.0 Answers
Ccna 4 Chapter 4 V4.0 Answers
ccna4discovery
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
ICT PRISTINE
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)
ManageEngine, Zoho Corporation
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
Zivaro Inc
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
IJCNCJournal
 

Similar to Network Architecture Review Checklist (20)

Performance management strategy
Performance management strategyPerformance management strategy
Performance management strategy
 
Automatic Analyzing System for Packet Testing and Fault Mapping
Automatic Analyzing System for Packet Testing and Fault MappingAutomatic Analyzing System for Packet Testing and Fault Mapping
Automatic Analyzing System for Packet Testing and Fault Mapping
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
HOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.comHOST AND NETWORK SECURITY by ThesisScientist.com
HOST AND NETWORK SECURITY by ThesisScientist.com
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
 
abstract LNG world
abstract LNG worldabstract LNG world
abstract LNG world
 
Network analysis and design unite_-i.ppt
Network analysis and design unite_-i.pptNetwork analysis and design unite_-i.ppt
Network analysis and design unite_-i.ppt
 
CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session
 
Cloud data management
Cloud data managementCloud data management
Cloud data management
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
Network management aa
Network management aaNetwork management aa
Network management aa
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
 
Ccna 4 Chapter 4 V4.0 Answers
Ccna 4 Chapter 4 V4.0 AnswersCcna 4 Chapter 4 V4.0 Answers
Ccna 4 Chapter 4 V4.0 Answers
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same Coin
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 

Network Architecture Review Checklist

  • 1. Sr. No. Review Area Question/Control description Suggested Verification step Evidence/Artificats 1 Documentation Has the design of the network been formally documented? 1)Check if a documented network diagram exists? 2)Check that the design has been through a formal review and sign-off process and that it is now under change control. 1)Network Diagram 2)Version Control 3)Formal review & sign-off 2 Documentation Have the security requirements of the organization been identified and incorporated in the design? 1)Determine if the requirements for the network have been formally documented. 2)Confirm that security requirements are addressed (eg confidentiality of network traffic,encryption) 3)Check if sizing and growth information have been incorporated in the design. 1)Network Design document 2)Network Capacity Planning document 3 Firewall rule Change Management Is the implementation and change of traffic filtering rule sets subject to strict change management procedures? 1)Verify the firewall rules & respective approved change management requests/tickets 2)Ensure all changes are formally documented and include at minimum the date of the change, the name of person making the change and the reason. 1)Change management requests/tickets 2)Firewall change management procedure. 4 Firewall rule Review Periodic review of Firewall rules 1)Check if periodic review of firewall rules is carried out? 2)Check if not used/expired firewall rules are removed/disabled? 1)Firewall rule review 2)Firewall rules 5 Intrusion Detection/Preventi on Are Intrusion detection system sensors placed in the correct location to detect attempts to penetrate the network? 1)Check if IDS/IPS sensors are placed in a position to detect attempts to penetrate.(eg before or after firewalls or all points of entry and exit in a network). 2) Check if the critical & sensitive systems are protected by IDS/IPS 1)Network Diagram 2)Discussion with Network Admin/Architect 6 Network Addressing Does network addressing scheme that is specified in the design make the network scalable,optimal & manageable? 1) Are the network address ranges contiguous and facilitate a hierarchical approach to network? 2)Is the private address ranges being used facilitate easy diagnosis of network problems. 3)Does it make the networks more difficult to extend? 1) Network Addressing Scheme 2)Router/Switch configuration 3)Discussion with Network Admin/Architect 7 Network Design Does the design of the network incorporate coherent standards/Regulations? 1)Check if the design of the network complies with relevant & applicable standards & regulations (e,g RBI guidelines,PCI-DSS,Data Privacy) 1) Verify compliance against relevant applicable standards
  • 2. 8 Network Design Is consistent naming standards included in the design 1)Check if the design incorporates consistent naming standard for the various components in the network. 1) Veify for naming standards in the design document 9 Network Filtering Are network filtering devices configured to filter specific types of traffic (eg IP address, port), block or restrict particular types or sources of traffic, and limit the use of communications that are prone to abuse? 1) Check firewall rules are configured with default-deny stance 2) Check firewall rules for traffic filtering ports by IP address & ports and not ANY ANY. 1)Firewall rules 10 Network Routing Are the routing methods used in the design making the network vulnerable to errors or latency? 1)Are both static and dynamic routing being used? 2)Review the routing table and verify that the route followed is optimal for dynamic routing? 1)Router configuration 2)Routing table 11 Network Segregation Does the design of the network include distinct sub- networks, protected by rule based traffic filtering? 1) Check if network is divided into sub-networks based on criticality 2) Check if the traffic between the sub-networks are protected by a network filtering device (e,g firewall,core switch with FWSM). 1) Network diagram 2) Firewall rules/ACL's 12 Network Segregation Does the network make use of VLAN's? 1) Confirm if VLAN's are being used and check if networks are segregated based on criticality. 1)Network Diagram 2)VLAN configuration 3)Core Switch configuration 13 Network Segregation Is Inter VLAN routing enabled? 1) Check if inter VLAN routing is enabled? 2) Review the Core Switch ACL's 1) Switch Configuration 2)VLAN config details 14 Network Segregation Verify if appropriate segregation is implemented between wired and wireless networks? 1) Check if the wired & wireless networks are segregated by a firewall. 1)Network Diagram 2)Discussion with Network Admin/Architect 15 Network Segregation Public facing devices placed in DMZ 1) Are all public facing devices placed in DMZ 2)Are all public facing systems placed on different DMZ's based on criticality & functionality of the system. 1)Network Diagram 2)Discussion with Network Admin/Architect 16 Perimeter Security Have all entry/exit network points are clearly identified in the network design. 1)Confirm that all entry / exit points are clearly identified in the network design. 2)Check that all entry / exit points serve a key business purpose. 3) Verify the security requirements for all entry/exit points 1)Network diagram 2)Discuss with the network admin the purose of each entry/exit points 3)Encryption,VPN,access control filtering for each entry/exit point 17 Perimeter Security Have mechanisms been implemented to control all traffic that enters and leaves the network (eg through the use of firewalls/UTM or screening routers)? 1)Check if all entry & exit points are protected by appropriate filtering using firewalls,UTM or screening routers? 1)Network diagram 2)Firewall config 3)Discussion with Network Admin/Architect
  • 3. 18 Third Party Connections Third party connections to the network been identified & secured 1) Have all third party connections identified? 2)Ascertain if access is restricted to only certain parts of the network. 3) Verify if appropriate level of encryption is implemented (i.e VPN) 1)Network diagram 2)Firewall config 3)Discussion with Network Admin/Architect 19 Remote User Access Remote user access protection 1)Request an explanation of how remote users are authenticated. 2)Check that all remote connections are logged. 3)Confirm that remote access logs are reviewed. 4)Confirm user access review is carried out regularly 1)VPN configuration 2)ACS/RSA configuration 3)Discussion with Network Admin 20 Unauthorized connections Regular audit of unauthorized connections 1)Establish if a variety of methods are employed to detect unauthorised connections (eg manual audit, review of telecommunications supplier bills, use of network discovery tools, war-dialling). 2)Determine how often checks are carried out. 3)Check that when external connections are no longer required, they are removed promptly. 4) Regular Wardriving exercises are carried out to locate rogue access points. 1)Network Security Policy 2)Discussion with Network Admin & Information Security Team 21 Authentication Authorization & Accounting AAA systems are in place for network devices 1) Check TACACS or RADIUS is in place for network and security devices 1)TACACS/RADIUS/ACS configuration 22 Network Logging Ensure appropriate logging and review is carried out 1) Ensure all devices events are logged and directed to syslog 2)Verify if log access review is carried out 3) Check the availability of Log correlation tools and effective use of it. 1) Discussion with Network Security Team 2) Check the adherence for Policy interms of logging 23 Time Server All network & security devices are time synchronized 1) Check the availability of NTP server 2) Check if all devices get their time synchronized from this NTP server 1) NTP server configuration
  • 4. 24 Network Resilience To ensure that the network is suppported by a robust & reliable set of hardware & software 1) Have all single point of failures (SPOF) in the network identified? 2)Request information on redundancy measures that have been employed(eg multiple carriers, dual operations centres). 3)Confirm that all critical network devices can be reached via more than one path. 4)Check that network protocols have been implemented that are capable of re- routing traffic in the event of network failure (eg OSPF). 5)Check that resilience arrangements for communication links do not ultimately depend upon common circuits (eg from a common carrier). 6)Check that arrangements to use alternative service providers are adequate (eg by reviewing contractual documentation that exists). 1) BCP/DR documents for Networks 2) Susceptability Analysis reports 3)Network diagram 4)Discussion with Network Admin 25 Network Resilience Network resilience arrangements are tested. 1)Ensure that the fall-back measures specified exist and have been tested to ensure they work correctly. 2)Is there a programme of testing to ensure fall-back mechanisms operate correctly. This testing should simulate, as far as possible, the live operational conditions that will be required (eg similar volumes of traffic). 1)BCP/DR test reports 26 Network Resilience Preventive maintenance is carried out 1)Is preventive maintenance conducted on a regular basis? 2)Are proper records being kept of the equipment type, make, model and its service history? 1) Preventive maintenance reports 2) Network asset register 3) Capacity planning documents Disclaimer All part of this document may be reproduced,stored in a retireval system,or transmitted in any form or by any means, electronic, mechanical ,photocopying ,recording, scanning or otherwise.While the author & G4H have used their best efforts in preparing this work,they make no representation or warranties with respect to the accuracy or completeness of the content of this book.The advice and controls herein may not be usable for your situation, you should cosult a professional where appropriate.Neither G4H or the author shall be liable for any loss of profit or any other commercial damages,including,but not limited to,special,incidental,consequential or other damages.