AUDIT PROGRAM The Physical Organization (Cabling Technologies, Topologies, Network Devices, Network Technologies/Architectures) Contributed by Mick Neshem,

Co-founder of ESSI CABLING TECHNOLOGIES (physical connections between devices) AUDIT OBJECTIVE: Evaluate security and assess strengths and weaknesses of cabling Cabling Technologies (physical connections between devices): Evaluate physical security Review physical wiring diagram; determine Type of cabling used (coaxial, fiber, twisted pair) Locations Diagram current Revisions recorded date made and person responsible Inspect cabling closet Secured Logging mechanism used to track those entering Cabling labeled and identifiable Review wiring hubs and concentrators Located in secure areas Accessible only by network support personnel Compare physical hub connection labeling to wiring diagrams Evaluate physical connections Connections authorized Connections documented between hubs and closets Evaluate cabling used against known deficiencies Coaxial high maintenance; easy to eavesdrop; physical limitation (distance, number of systems supported) Twisted Pair easy to eavesdrop; high maintenance; proned to noise interference; most common used; low cost Fiber hard to eavesdrop; reliable; expensive; expensive Cabling meet specifications (Cat 5, etc.) and certified Evaluate workstation wiring Workstation wiring diagrams accurate Transmission quality degraded or interference from other systems due to wiring

AUDIT PROGRAM The Physical Organization (Cabling Technologies, Topologies, Network Devices, Network Technologies/Architectures) TOPOLOGIES (methods of putting cables together) AUDIT OBJECTIVE: Determine appropriateness of existing topologies Topologies Determine topologies used Review physical wiring diagram Observations Inquiries Evaluate appropriateness of topology Bus flat network; PC to server Hierarchical Bus Network devices (hubs, etc.) used to expand on Bus Everybody sees everything Star Connections made at central point via router, hub or switch Ring Data flows one way

AUDIT PROGRAM The Physical Organization (Cabling Technologies, Topologies, Network Devices, Network Technologies/Architectures) NETWORK DEVICES (Bridge, Repeater, Hub, Gateway, Router, Switch) AUDIT OBJECTIVE: Evaluate network diagrams and devices for appropriateness, security and management control NETWORK DIAGRAMS Evaluate appropriateness Diagrams include all local area networks, significant nodes (routers, firewalls, gateways, file servers, host processing systems) Diagrams include network and node IP addresses and link transmission methods (Ethernet, token ring, etc.) NETWORK DEVICES - BRIDGE (Link layer device connecting network segments) Evaluate appropriateness Susceptible to broadcast storms (information sent out to everybody) Slow performance and response time Poor congestion control (focuses only on MAC addresses) Cannot implement private 10Mbps or 100Mbps technologies to servers or clients Cannot improve aggregate forwarding rates Generally, limited to two bridges on one segment Evaluate security Need for bridge security filtering on link addresses Protection of confidential portions of the network NETWORK DEVICES REPEATER (Physical layer device interconnecting cable segments) Evaluate appropriateness No sophisticated filtering capabilities Generally, no more than three repeaters on one line

NETWORK DEVICES HUB (essentially a repeater) Evaluate appropriateness No filtering all traffic is seen on all hub ports Repeats to all stations Can be connected to other Hubs NETWORK DEVICES GATEWAY (translates information) Evaluate appropriateness Translates information so can be recognized by recipient Translates IPX to IP Can listen to protocol on one end, translate and send it out in different protocol Positioned between PC and mainframe Some intelligence built in NETWORK DEVICES ROUTER (Interconnects networks; operates on Network layer) Evaluate appropriateness Lot of security issues First line of defense before firewall; hackers attack routers and servers Critical devices intelligence built in; single point of failure Supports many protocols and network architectures Isolates and controls traffic flow; can prioritize traffic Not well-suited to time-sensitive data video, voice Cannot guarantee quality of service to end systems Router table maintenance issues Work on Layers 1, 2 and 3 Physical, Data Link, Network Default passwords built into routers when shipped Evaluate adequacy of router management Access controls Review printout of configuration files for routers connecting to external networks Router files used to segment server networks from user networks Router managed by another organization with routers connecting host systems and server networks to user networks Evaluate router connections Obtain printouts of network configuration files access lists, packet filtering, etc.

 Identify and evaluate routers connecting to external networks and third party networks Identify and evaluate routers connecting the host systems and server networks to user networks and external networks Check routers using Ping command and Trace Route command Evaluate routing tables Determine routing table update packets are filtered and dropped Determine ICMP and other hazardous packets are filtered and dropped Determine updates are deactivated Determine accurate static routing tables are maintained and duplicated Evaluate routers with static paths Determine routers with dedicated static paths (to vendors, etc.) allow traffic to pass only on a specified router on the connected external network Review router configuration Ensure router ignores ICMP Ping redirect messages which could modify OSPF (Open Shortest Path First) routes Filter rule implemented (router configuration changed) to detect IP Address Spoofing (packets on external interface that can spoof network by broadcasting addresses claiming to have originated on internal network) Router port number filters set to read status flag on packets Port number filters blocking packets trying to initiate connection from external network Configuration backed up, secured and tested NETWORK DEVICES SWITCH (enables complex networks to be separated into multiple collision domains) Evaluate appropriateness Dont route: IP network can be addressed without Layer 3 routing; switches know hardware number Dedicates path for each end system Frame (switches packets) and cell switching (more deterministic) can be combined into mixed speed networks Implementing can require change-out of entire wiring closet LAN switches can result in traffic exceeding backbone transmission capacity Central point of failure Cannot provide end system quality of service Cannot integrate and distribute data, video, voice over single wiring infrastructure with single adapter set

 Fully switched environment more secure but more expensive than router

AUDIT PROGRAM The Physical Organization (Cabling Technologies, Topologies, Network Devices, Network Technologies/Architectures) NETWORK TECHNOLOGIES/ARCHITECTURES (communicating on the internet) AUDIT OBJECTIVE: Assess appropriateness of network technology being used Network Technologies/Architectures Determine network architecture used Ethernet Token Ring ATM FDDI Assess appropriateness of Ethernet Share same wire CSMA/CD carrier sense multiple access with collision detection Timing of response indicates if collision occurred Most popular method used Easy to deploy Assess appropriateness of Token Ring Only one person can talk at a time person with token (token is bit pattern passed around the internet) Token passes one way on ring

Token passes onto next station if possessor has no data to transmit When data sent, token pattern altered and information appended Deterministic protocol Guarantees delivery and no collisions Maximum 250 workstations per ring

Assess appropriateness of ATM (Asynchronous Transfer Mode) New technology High speed Switching technology uses fixed cell size to provide deterministic performance Provides Quality of Service Bandwidth provided on demand Dedicated channel set up for each session Handles all types of network traffic (data, voice, video, graphics, multimedia) Works in LAN and WAN environments Cost effective alternative to shared media LANs through scaleable switching Supports existing solutions (SNA/APPN, TCP/IP, IPX) Highly scaleable Lower level of firewall capability relative to router environment Standards still in flux Requires new hardware Cat 5 cable required High initial cost of equipment Coding (LANE, PNNI, MPOA) inefficient relative to IP switching Port and adapter marginal costs significantly higher than LAN switching solutions Assess appropriateness of FDDI (Fiber Distributed Data Interface) Fiber optic cable High speed Secure, reliable Expensive Long distances