Share:
Architecture audit approach
The objective of an architecture audit is to look for weaknesses in the design, in the choice of protocols used, or for non-compliance with recommended security practices. An architecture audit is based on a documentary analysis followed by interviews with the people in charge of the design, implementation, administration, supervision and maintenance of the target information system.
In addition, further analysis can be conducted on sample network configurations (e.g. switches, firewalls) to complete this audit.
During such an audit, the following aspects are checked in particular (non-exhaustive list):
- Perimeter defense
- Defense in depth
- Partitioning
- Breaking protocol
- Flow management
- MCO/MCS, backup and logging policies
- Disaster recovery plan
The methodology is guided, among other things, by the various guides and technical recommendations of the ANSSI (National Agency for Information Systems Security). At every point of the infrastructure, the attention of Synetis auditors is focused on the coverage of Information Systems Security (ISS) needs, namely: Availability, Integrity, Confidentiality and Traceability.
The response to DICT needs is provided in the light of general principles of IS (for example, the principle of least privilege, defense in depth) as well as through the application of guides and standards (in particular the ANSSI's General Security Standards). Synetis auditors take into account any operational constraints and other business needs in the application of these guides and the associated recommendations.
The following are some of the results of our IS architecture audits: unsatisfactory partitioning (risk of lateral displacement), no separation between critical services, little or no filtering of incoming and/or outgoing flows, no control of mobile access, no system hardening, no maintenance policy procedure, no centralization and/or supervision of logs, etc.
