1 / 12

Network Audit

Network Audit. By: Shanna Price, Andrew Remington, Sam Huang, & Jeff Altomare. Background. Money Bank Financial

mateo
Download Presentation

Network Audit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Audit By: Shanna Price, Andrew Remington, Sam Huang, & Jeff Altomare

  2. Background Money Bank Financial Money Bank Financial has been a leading financial institution in the greater Philadelphia area for the past 50 years. Recently the organization has faced financial and reputational losses due to successful attacks against its infrastructure. Since then, Money Bank has hired a new CIO, James Page, in an effort to overhaul the networking infrastructure in order to minimize the risk of further infrastructure-related attacks. James and his team have spent the past year and a half implementing a new network infrastructure at a cost of over 2 million dollars. An internal audit has been requested by upper management to assess the risk of the newly implemented network infrastructure.

  3. Audit Objective • Provide reasonable assurance that the confidentiality, integrity and availability of services is not compromised. • Gain an understanding of the relevant information and design of Money Bank’s network infrastructure • Evaluation of the effectiveness of the internal control structure protecting the network from outside threats • Performance of penetration testing on the firewall and network infrastructure to attest to management's assertion about the protection of the network, or provide recommendations.

  4. Scope The audit will primarily focus on the review of Money Bank’s physical network infrastructure and the installation and configuration of network devices that are required in order for the company to meet their business objectives, and remain legally compliant. All aspects of network-related processes need to be evaluated for risk ratings including: topology, security, and configuration of network devices.

  5. Scope: Business Components • Local site • Supports >1000 workstations – internet and intranet capability, access to databases, and applications • Houses servers and databases • Houses a perimeter network for internet-facing services • Backup site • Remote server connects to local network via VPN • Backup for applications, databases, and web services • Logical network security is similar to that of the local site

  6. Key Risk Areas • Network Topology • Arrangement and installation of components • Device Configuration • Configuration, & compatability • Device Security (Physical/Logical) • Active and inactive devices, and components • Implementation/ Decommissioning of Devices • Procedural techniques and policies • Network Cabling/Wiring • Continuity of services, and any remaining safety issues

  7. Prior Audit Findings A previous audit conducted one year prior found that Money Bank’s network redundancy was inadequate. A failover system could not support enough of the critical business processes needed to continue operations in case of a failure.

  8. Development of On-going Projects Development of VOIP internal communication system within Money Bank • Need of media gateway • Considerations • Hardware used • Placement of Hardware • Configuration of Hardware

  9. Audit Resources Standards and Guidelines of ISACA Tools Utilized • Firewall Analyzer • Wireshark

  10. Key Concerns of Management Previous intrusion attempts have been made by unknown entities • Three attempts • Two successful in penetrating network Management’s concern regarding industry and certified best practices for maintaining system confidentiality.

  11. Audit Time Period Based on constituents of network APM- March 18th Fieldwork- March 23rd Reporting- End of April 2013

  12. Questions? Thank you!

More Related