Scribd
Upload
27 views4 pages

Sample

sedrftgyhu

Uploaded by

javed.rafik.1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views4 pages

Sample

sedrftgyhu

Uploaded by

javed.rafik.1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Network and security assessment focused on firewalls, routers, switches, and access points

(APs), here's a detailed approach for each component:

1. Firewall Assessment

 Inventory and Versioning

o List all firewall devices and document hardware models, OS versions (e.g.,
FortiGate, Cisco ASA, Palo Alto, etc.).
o Ensure all devices are running the latest stable firmware versions.

 Rule Base and Policy Review

o Rule Cleanup: Identify unused, redundant, or overly permissive firewall rules


(rule bloat).
o Least Privilege: Ensure rules are specific to the minimum required access.
o Zone Segmentation: Review traffic segmentation between trust zones (internal,
DMZ, external) and VLANs.
o Logging and Alerts: Ensure that logging is enabled for critical rules and traffic
patterns (e.g., inbound from the internet, lateral movement within internal zones).

 NAT and VPN

o NAT (Network Address Translation): Review static and dynamic NAT rules to
ensure proper exposure of internal services.
o VPN (Virtual Private Network): Verify encryption standards (e.g., IPsec, SSL)
and review the configuration of site-to-site and remote-access VPNs.

 Intrusion Prevention and Application Control

o Assess firewall integration with IPS/IDS features. Ensure that it actively blocks
malicious traffic based on up-to-date threat signatures.
o If application control is enabled, confirm it’s blocking risky or unapproved
applications.

 Security Feature Configuration

o Review advanced security features like Web Filtering, DLP (Data Loss
Prevention), AV scanning, and sandboxing.
o Check that traffic inspection (SSL/TLS) is configured for encrypted traffic.

 Hardening
2. Router Assessment
 Routing Protocols and Configuration

o Verify the use of dynamic routing protocols (e.g., BGP, OSPF, EIGRP) and
review configuration for misconfigurations, loops, or inconsistencies.
o Confirm the implementation of authentication for routing protocol neighbors (e.g.,
MD5 authentication for BGP).

 Access Control

o ACLs (Access Control Lists): Review ACLs for each interface to ensure only
permitted traffic is allowed.
o Routing Security: Ensure filtering (inbound/outbound) is set for external BGP
announcements to avoid route leaks or hijacks.

 Network Redundancy

o Confirm that redundancy protocols like HSRP/VRRP (Hot Standby Router


Protocol / Virtual Router Redundancy Protocol) are correctly implemented for
failover.
o Review routing convergence times and failover mechanisms.

 Secure Router Management


o Review router management practices to ensure access is restricted to trusted
sources using secure methods (e.g., SSH, IP whitelisting).
o Confirm logging is set up for config changes and security events, with logs
forwarded to a central system (e.g., Syslog, SIEM).
 Performance Monitoring
o Analyze CPU and memory utilization, buffer usage, and traffic throughput.
o Identify any routing performance issues or bottlenecks, particularly on high-load
interfaces.
3. Switch Assessment
 VLANs and Network Segmentation
o Review the VLAN configuration and ensure proper segmentation of traffic (guest,
corporate, IoT, etc.).
o Confirm that Inter-VLAN routing is restricted and allowed only where necessary.
o Check for unused VLANs and remove or disable them to reduce attack surfaces.
 Spanning Tree Protocol (STP)
o Review STP (or RSTP, MSTP) configurations to prevent Layer 2 loops.
o Ensure root bridge priorities are correctly configured to prevent unwanted
switches from taking control of network topology.
 Port Security
o Ensure port security is enabled to limit the number of MAC addresses per port
and prevent MAC flooding attacks.
o Confirm unused ports are disabled or administratively shutdown to prevent
unauthorized access.
o Use 802.1X for network access control, ensuring only authorized devices connect
to the network.
 Switch Hardening
o Disable unnecessary services such as CDP (Cisco Discovery Protocol), LLDP
(Link Layer Discovery Protocol), and Telnet. Use SSH for remote management.
o Implement SNMPv3 for secure network management monitoring.
 Performance and Capacity Monitoring
o Monitor switch health (e.g., CPU/memory usage, buffer space).
o Check for any overloaded ports or frequent packet drops and adjust load
balancing or link aggregation settings accordingly.
o Ensure trunk links are optimized and properly handling VLAN traffic.
4. Access Points (APs) Assessment
 RF Coverage and Wireless Design
o Use tools like Ekahau or AirMagnet to assess RF coverage and identify dead
zones, signal interference, or overlapping channels.
o Ensure that APs are optimally placed to provide strong, uninterrupted coverage
while minimizing interference (especially in dense environments).
 Wireless Security Protocols
o Ensure APs are configured with WPA3 (or at least WPA2) encryption, avoiding
legacy WEP or WPA protocols.
o Ensure rogue AP detection and prevention mechanisms are in place to detect
unauthorized access points.
o Use MAC filtering where applicable and limit SSID broadcast when necessary.
 SSID and Network Segmentation
o Ensure corporate, guest, and IoT devices are segregated into separate SSIDs and
VLANs, with appropriate access restrictions.
o Apply bandwidth limitations or traffic shaping to guest and non-critical SSIDs to
avoid performance degradation of corporate networks.
 Authentication and Access Control
o Ensure enterprise-grade authentication (e.g., 802.1X with RADIUS) is in place for
corporate wireless users.
o Assess the NAC integration (e.g., with FortiNAC) to ensure that unauthorized
users or devices are quarantined or blocked.
 Performance and Capacity
o Monitor AP utilization, client association patterns, and traffic volume. Ensure that
APs aren’t overloaded with clients beyond their capacity.
o Review AP firmware versions and ensure they’re updated for security and
performance enhancements.
General Best Practices for Network and Security Assessment:
 Backup and Restore Configurations: Ensure you have automated backups for all
firewalls, routers, switches, and APs, and periodically test the restore process.
 Monitoring and Alerting: Ensure monitoring tools (e.g., SolarWinds, PRTG, or
FortiAnalyzer) are configured to alert on anomalies in traffic patterns, CPU usage, or
security events.
 Incident Response: Review incident response procedures for network devices to ensure
that the team can quickly contain and recover from security incidents.
 Documentation: Document findings in a detailed report covering misconfigurations,
vulnerabilities, and recommendations for performance improvements and security
hardening.

You might also like