Network Infrastructure and Security Audit

Network, don’t let me down!

For service providers, governments, and enterprises that run heavily distributed business platforms reliant on their network infrastructure, the resiliency, availability, and integrity/security of such an infrastructure is of paramount importance. As the network infrastructure acts as a fabric for practically all business applications, its downtime or compromise affects the entire business and can cause excessive business loss.

Due to the complexity of modern IT fabrics and their organic growth over the years, many organizations can’t be confident in their networks’ resistance to failure and intrusion. Even properly designed networks deteriorate with time, and the risks of downtime or security issues increases along with the possibility of major business loss that comes with them.

To avoid that, NIL provides network infrastructure audit services in which our experts identify and prioritize risks in your network, and then they prescribe the optimal solutions. We go beyond best practices to deliver a consulting (and implementation) engagement that is closely tailored to your specific context and requirements.

The right direction to network improvement

With NIL’s network infrastructure audit, you won’t just gain an insight into your network weak points, but we also provide you with actionable suggestions for improvements. Overall, our approach to network auditing has the following benefits:

  • Thorough and non-intrusive: our experts will audit your infrastructure in great details to spot the key areas for improvements, but the procedure does not disrupt your work processes, network performance, or security mechanisms.
  • Actionable insights that lead to quick, yet important improvements: we focus on finding the key risks and design issues in your network infrastructure, areas where you can make the biggest improvement with reasonable efforts.
  • Tailored to your needs: our service consists of various modules that can satisfy the audit requirements of the largest and most complex network environments.
  • Focus on performance and security: we take a holistic view of your network and provide suggestions for improvement for security as well as performance issues in your network.
  • Compliance: audit is not just about finding and understanding potential issues, but you also gain a better understanding of your infrastructure and increase transparency. These are fundamental if you need to satisfy internal or external regulations or compliance requirements.

Network Infrastructure Audit Components

The network infrastructure’s functionality, serviceability, availability, and manageability audit component has multiple solution modules that can be combined in a service package matching basically any network setup.

Solution Module Description
Inventory audit Examines and recommends improvements in the area of inventory management, discovers unknown devices, identifies missing devices.
Physical connectivity audit Examines and recommends improvements in the area of physical network connectivity, discovers unwanted connections, optimizes physical connectivity.
Campus/LAN/SD-LAN network audit Examines and recommends improvements in the area of (typically Ethernet) LANs of various sizes, from a team LAN, to a large enterprise campus.
Datacenter network audit Examines and recommends improvements in the area of datacenter LAN and SAN networking, including overlay networks.
Public and hybrid cloud network audit Examines and recommends improvements in the area of public cloud networking, and the interconnection of on-premises systems with public cloud IaaS networks.
MPLS, VPLS, and MPLS VPN audit Examines and recommends improvements in the area of MPLS-related connectivity, in service provider and enterprise scenarios.
Wireless campus/LAN audit Examines and recommends improvements in the area of campus wireless networking.
Wireless site survey Examines and recommends improvements in the area of wireless coverage on specific sites as well as recommends optimizations and performance upgrades.
Wireless WAN/P2P audit Examines and recommends improvements in the area of wireless point-to-point inter-site connectivity, and the use of wireless technologies in WAN scenarios.
IPv4 routing audit Examines and recommends improvements in the area of IPv4 routing processes, from internal routing design and implementation audits, to Internet-related eBGP routing analysis.
IPv6 routing audit Examines and recommends improvements in the area of IPv6 routing processes, from internal routing design and implementation audits, to Internet-related eBGP routing analysis.
WAN and SD-WAN audit Examines and recommends improvements in the area of WAN protocols, architectures, design and implementation, and programmability.
Availability audit Examines and recommends improvements in the area of network availability, to achieve the desired levels of uptime in any networking scenario (LAN, WAN, DC, cloud…).
Performance audit Examines and recommends improvements in the area of network performance, quality-of-service, and SLA measurement, to achieve the desired levels of performance in any networking scenario (LAN, WAN, DC, cloud…).
Serviceability, supportability, and lifecycle audit Examines and recommends improvements in the area of network lifecycle management related to individual network elements; discovers EOS and EOL devices and software, legacy management protocols, etc.
Network management elements and protocols audit Examines and recommends improvements in the area of network management protocols and device support.
Network management systems audit Examines and recommends improvements in the area of backend management systems and workstations, and their integration with external subsystems (for example, billing).
Network management process audit Examines and recommends improvements in the area of network management processes, such as asset management, change management, problem management, and lifecycle management.
Compliance/policy audit Examines and recommends improvements in the area of specific customer compliance requirements in any of the aforementioned areas.
Read more
Read less

Network Infrastructure Security Audit Components

The network infrastructure security audit component also has multiple solution modules, which can be combined in a custom service package.

Solution Module Description
Device physical security Examines and recommends security improvements in the area of network device and management system physical security (both location and device tampering).
Link physical security Examines and recommends security improvements in the area of network link physical security.
Layer 2 security Examines and recommends security improvements in the area of the integrity of OSI Layer 2 frame forwarding, and the trustworthiness of MAC addressing information (i.e. MAC spoofing, CAM flooding, etc.).
Switching protocol security Examines and recommends security improvements in the area of OSI Layer 2 switching protocols (STP, etc.)
Layer 2-3 security Examines and recommends security improvements in the area of the trust of OSI Layer 2-3 bindings (ARP, etc.)
Layer 3 security Examines and recommends security improvements in the area of the integrity of OSI Layer 3 packet forwarding, and the trustworthiness of IP addressing information (i.e. IP spoofing).
Routing protocol security Examines and recommends security improvements in the area of routing protocol security (authenticity, integrity, border filtering, segmentation).
Availability protocol security Examines and recommends security improvements in the area of availability protocol security (authenticity, integrity, scope).
User edge access services Examines and recommends security improvements in the area of user edge control (802.1x, NAC, BYOD, guest access, etc.)
Software and hardware vulnerability assessment Examines and recommends security improvements in the area of device software and hardware vulnerabilities, software management, and security lifecycle.
Device hardening Examines and recommends security improvements in the area of network device hardening (minimal services, filtering, secure startup, secure defaults…).
Secure management protocols Examines and recommends security improvements in the area of the use of secure management protocols for device provisioning, device monitoring, and other intramanagement transactions.
AAA infrastructure Examines and recommends security improvements in the area of authentication, authorization, and accounting (AAA) for network devices and backend infrastructure.
Logging and auditing infrastructure Examines and recommends security improvements in the area of device logging, resource monitoring, and administrator auditing, and its backend infrastructure.
Secure time infrastructure Examines and recommends security improvements in the area of providing secure time information.
Transmission security Examines and recommends security improvements in the area of transmission security (MACsec, IPsec, SSL VPN…).
Network segmentation and micro-segmentation Examines and recommends security improvements in the area of network segmentation and micro-segmentation for network separation.
Infrastructure traffic filtering Examines and recommends security improvements in the area of traffic filtering within the network infrastructure (BGP sinkholes, ACLs, IPS, NGIPS…).
Performance and DDoS protection Examines and recommends security improvements in the area of the protection of network performance for devices and links, including DDoS protection.
WLAN authentication and transmission security Examines and recommends security improvements specific to the WLAN context, including user authentication, transmission protection, and availability.
Read more
Read less

Engagement process

NIL follows a managed engagement process that involves our project management office and a dedicated project manager. Our engagement process typically consists of the following sequence of events:

  1. Kickoff workshop and the creation of a Customer Requirements Document.
  2. Detailed analysis of all the available customer network infrastructure (architecture, implementation, testing, compliance, policy) documentation.
  3. Detailed scoping of the custom-tailored solution.
  4. Gathering of information from the target infrastructure. This step is typically highly automated, non-intrusive, and does not impact network performance.
  5. Analysis of the gathered data, execution of specific tests, and deeper inquiries (if required).
  6. Compilation of prioritized recommendations in both an executive and a technical report.
  7. Presentation of the findings and suggestions for their remediation.

Why NIL?

 
Our key competitive advantages are:

  • Expertise and experience: proven track of record in auditing as well as designing and operating large, complex networks
  • Field proven approach: Our methodology is based on tens of years of experience executing network infrastructure audits for large service provider, government, and enterprise networks.
  • Flexibility: We do not work just on a best practice template; we tailor each engagement to a specific customer risk environment.
  • Speed: Our library of ready-made discovery tools speeds up most audit projects considerably.
  • Cost effectiveness: non-intrusive, actionable, and with attention to detail, our service is highly cost effective.