Assessing your Organization’s Network Perimeter (pt. 2)

Step 1:
The best starting point for identifying network endpoints are detailed network diagrams which you should be able to obtain from your network architect. Working with your network architects you should be able to identify all of your endpoints and establish their specific type. Create a spreadsheet for each endpoint listing the endpoint and the basic form on the spreadsheet with a brief description.

Step 2:
Once you have identified all of the endpoints you should now identify the hardware within the Demilitarized Zone (DMZ) for each endpoint. The DMZ refers to the no mans land between your network and the outside word typically the DMZ begins with a firewall used to buffer your internal network from the outside link and ends with a either another firewall or router that directly interfaces with the external abyss.

Again a good source for this information is a detailed network diagram and a network architect. Some of the types of hardware you are looking for are routers, modems, switches, firewall servers, monitoring servers, mail servers, proxy servers, remote access servers, Load balancers, application servers, etc. Please also note there are many devices that are sold as appliances, these devices must be included as well. In this step you should also capture the type of communication link used at this endpoint i.e T1, T3, Frame, ISDN, PBX, etc..

Update the spreadsheet you created in step 1 with the information accumulated in this step. You should also create a subset of your network diagram depicting each perimeter endpoint. This diagram is a good visual for analysis as well as reporting

In addition to the devices within the DMZ you must also include the other servers that are related to the function and purpose of the endpoint that reside on the internal network i.e. database servers and application servers etc. as the majority of functionality for externally facing services is placed on internal segments for security reasons.

Step 3:
Once you have listed all the devices you must identify all of the software related to each. The first piece of software that must be identified is the operating system of the device. Every device will have some type of operating system including the telecommunication devices and appliances. Using the spreadsheet first created in step 1 update it to reflect the operating system for each device.

After you have completed capturing the operating system information you should then capture any other application running on each device and capture that information on the spreadsheet as well.

One Comment

  1. Rene w/ NCP Jun 17, 2008 at 2:44 pm | Permalink

    What should be mentioned as (one of the many) details would be that users within a company using WLAN although physically within the confines of the building are to be treated as remote access users. Someone outside on the street with a laptop and a malicious intent should be able to detect and possibly participate within the WLAN if not secured enough, as if they’re within the building and as one of the users. It’s therefore imperative to realize that physical and virtual perimeters do not necessarily coincide!

    Another point would be how far do I want to ‘extend the perimeter’ and use the right ‘technology’ to fulfill the requirements:

    Incidental access to internal resources can best be facilitated with SSL-VPN access. This allows for a limited access to internal resources by those that need it; such as suppliers/consultants/contractors and so on. This doesn’t require the user to install a ‘client’, but merely downloads the code within the browser and uses the browser to access the internal resources, and this access can be carefully controlled centrally on the SSL-VPN gateway.

    Conversely a full time employee may require to have access to the ‘regular’ resources he would normally have at his desk, while he’s on the road. An ‘full access’ or ‘LAN emulation’ (working remotely as if one is sitting at one’s desk) VPN solution would be a better suited option. This would imply that the latter’s work platform is secured; not only the communication between the two points, but the remote user’s device has become an extension to the corporate network perimeter; and thus should be protected accordingly. Why attack the corporate ‘perimeter’ firewall, when one can attack and possibly use a remote access user’s machine as a stepping stone into the corporate network?!

Post a Comment

Your email is never published nor shared. Required fields are marked *