Network Architecture Reviews

Vulnerability Assessment
Incident Response
Intrusion/ Penetration Testing
ISO 27001 / ISO 17799 / BS 7799
Information Technology Risk Assessment
Security Policy Review and Formulation
Telecommunications Audit
Code Audit
Network Architecture Reviews
Firewall Rule Set Audit
Security Log Analysis
Expert Witness
Disaster Recovery Planning & Plan Reviews
Security Auditing
Security Awareness Programs

Systems are almost always changed after initial designs are accepted, with the result that the very architecture of the evolved network of computers may contain "holes" or vulnerable points. The causes are many, but software developers and systems administrators sometimes take shortcuts while completing their new systems, at times creating vulnerabilities where none existed before. A review of the architecture design, accompanied by an as-built review of the system, can identify these unexpected vulnerabilities and suggest to ESTec reviewers the changes necessary to fix the network architecture and restore the desired level of security to the system.

Sample Case

Customer: A Small Southeast US Bank
Services: Network Architecture Review
Problem: The bank had recently purchased an Internet banking application, which then was installed by the application's developer. Management wanted a third-party assurance that the architecture was secure after this change to the system.
Solution: An ESTec consultant reviewed the design for the internet domain and visited the site and reviewed the as-built architecture, preparing recommendations for changing the system to achieve the required information safety throughout the operation. E.g., while the software vendor recommended a connection directly between the Internet Banking computer in the Demilitarized zone and the bank mainframe, ESTec noted that this was not proper practice and recommended additional mainframe controls to ensure that the connection was adequately controlled. A review of the as-built system revealed that the connection was not to the mainframe, but to the internal network (which connected to the mainframe). Because the as-built conditions did not match the specified architecture, additional vulnerabilities had been created. ESTec removed the new vulnerabilities by producing a properly configured VPN that went through the firewall to the mainframe.
Results: The bank's original policies and security levels were restored quickly to the final architecture of the network, and the new system worked without any deterioration in security or performance.


	About Us \| Products & Services \| Newsroom \| Education \| Careers \| Contact Us \| Privacy Commitment \| Terms of Use ©2002 ESTec Systems Corporation. All rights reserved.