Network Architecture Review

Pre-requisites

• Conduct discussion with the identified stakeholders to get an initial understanding of the IT landscape.
• Obtain the network architecture and IT network diagrams.
• Obtain details of the network products, security products and technologies deployed.
• Obtain details on current segregation of networks and flow of data between networks.

Study & Analyze

• Study network layout and its design.
• Understand and analyse the ‘correctness’ of the placement of such components.

Review

• Review the overall IT landscape for appropriate network segmentation, placement of point security devices and appropriateness of trust relationships / domain membership.
• Review controls implemented related to remote connectivity for work from home scenario
• Review the rule base of the filtering devices / applications (firewalls, host-based filters, wrappers etc) that segregate the various network segments.
• Review the extent of physical segregation of specific IT infrastructure components that has a history of security flaws based on the provided architecture.
• Review the management architecture for the entire IT landscape and its segregation from less trusted user LANs.
• Review the existing third-party access provisions for providing technical support.
• Review the extent of redundancy built into the architecture to identify potential single points of failure that may impact the availability of the network.

Deliverables

Network Architecture Review Report with details about the observation, risk, severity, business impact and recommendation.