Architecture audit
Goals
- Check the choice and positioning of software and hardware security devices
- Study their compliance with security needs and state of the art
- Qualify their technical efficiency and coverage
- Check if they are used efficiently within the information system
Steps
- Documentation collection and analysis
Ex: Network diagrams, Business flow matrix - Interview with key collaborators
Ex: Architecture manager, Network administrator, Security engineer - Technical audit by sampling
Ex: extract of filtering rules, network scan from one zone to another
Technical interviews allow employees to present specific points of the architecture audited.
Topics covered during interviews
- Main concepts of the architectural scheme
- Breakdown of security zones
- Positioning of safety equipment
- Implementation of intrusion detection systems
- Architecture resilience to attack
- Legitimate remote administration
- Management of non-encrypted flows
- Zone or server pooling
Some examples of reported vulnerabilities
- Backoffice administration flow available from the DMZ
- Firewalls bypass
- Shorts in the network by pivot attack
- Vlan jumping
- Exposure of unprotected vulnerable services
- Use of unencrypted protocols
- No outgoing trafic filtering
- Permitted tunnel exfiltration methods