Share :
Architecture audit approach
The objective of an architecture audit is to look for weaknesses in the design, in the choice of protocols used or non-compliance with recommended security practices. An architecture audit is based on a documentary analysis to the follow-up of possible interviews with the people in charge of the design, implementation, administration, supervision and operational maintenance of the target information system.
In addition, additional analyses can be conducted on samples of network configuration (e.g. switches, firewalls) to complete this audit.
During such an audit, the following aspects in particular are checked (non-exhaustive list):
- Perimeter Defence
- Defence in Depth
- Partitioning
- Protocol breach
- Flow management
- OLS/MCS, backup, logging policies
- Disaster recovery plan
The methodology is guided, among other things, by the various technical guides and recommendations issued by the ANSSI (Agence nationale de la sécurité des systèmes d’information). At every point in the infrastructure, Synetis auditors focus their attention on meeting the needs of Information Systems Security (ISS), i.e. : Availability, Integrity, Confidentiality and Traceability.
The response to DICT needs is provided in the light of general ISS principles (for example, the principle of least privilege, defense in depth) as well as through the application of guides and standards (notably the ANSSI’s Référentiel Général de Sécurité). Any operational constraints and other business needs in the application of these guides and the associated recommendations are taken into account by Synetis auditors.
Below, by way of illustration, are some of the results of our IS architecture audit work: unsatisfactory partitioning (risk of lateral displacement), no separation between critical services, little or no filtering of incoming and/or outgoing flows, no control of nomadic access, no system hardening, no maintenance policy procedure, no centralization and/or supervision of logs, etc.
