Securing Network Architecture - Part 2

By Arif Faiz ·

The Methodology

The methodology of securing any network architecture should include, but not be limited to, the network topology, security assets, device features and security device configurations. Security technology policies for remote access, network segmentation, server protection, and authentication and firewall design should also be evaluated. In addition, the assessment should evaluate the overall security architecture for scalability, performance and manageability.

Based on the analysis, the report should provide a detailed set of recommendations with milestones on how to mitigate the identified security risks, including device mis-configurations and improvements to overall network topology. Recommendations should be direct and concise and not anecdotal. They should provide security migration plans with documentation to assist the organization in the growth and support plans of the infrastructure. In addition, the recommendations should measure the alignment of the assessed network with reference to proven industry network security best practices.

Some of the goals of the network assessment methodology should include the following:

  • Identify all technology assets pertinent to securing the network
  • Understand business drivers and objectives
  • Identify mandates, regulations and compliancy requirements
  • Establish that security assets meet business requirements
  • Attain an overall evaluation of the security controls on the network infrastructure
  • Provide a detailed assessment of the network design and architecture, including a review of redundancy, segmentation, access and management tools
  • Identify and document general strengths and weaknesses in the network security architecture
  • Identify specific steps to make improvements on the network architecture design and security
  • Review, optimize or recommend changes for the existing network device configuration, associated management platforms and operational management tools
  • Produce a gap analysis mapped to device security configurations, business requirements and best practices with recommendations for improvements within the network infrastructure

It should be reiterated that throughout the entire assessment, the business requirements should be the driving force behind all of the strategies and recommendations developed and presented in the final gap analysis report. The final assessment report documents should show the areas of the architecture that could be improved, while also providing a roadmap with the actionable tasks to achieve those goals.

Conclusion

Network Security Architecture assessment is an important step to proactively identify and mitigate the risks to an organization’s network architecture. It allows security managers to analyze a network and establish gaps and risks posed to that network. The analysis allows an organization to strengthen its network security infrastructure by providing multilayer network protection, avoiding unexpected costs and reducing compliance exposures. This service also identifies network vulnerabilities and recommends improvements to better align the security architecture with industry standards, industry best practices and an organization’s security policy.