Jay Nguyen
asked on
secure architecture diagrams help
I'm going for network engineer/security engineer position with a local company and part of the job is creating secure architecture diagrams, which I don't any experience with and need much information regarding this topic.
I'd like to know what tools are available, both paid and non-paid, utilities. Also, where can I get a crash course on this subject and maybe some type of hands-on soonest? The meat of the position is identifying threats and mitigations, but I would like the position and again, I'm weak on documention skills.
I'd like to know what tools are available, both paid and non-paid, utilities. Also, where can I get a crash course on this subject and maybe some type of hands-on soonest? The meat of the position is identifying threats and mitigations, but I would like the position and again, I'm weak on documention skills.
Another vote for Visio. One of the good things about Visio is that it has VBA, so you can get to do all sorts of things.
E.g. In a previous life I used it to create SAN diagrams and automatically calculate the number of switch ports I required
E.g. In a previous life I used it to create SAN diagrams and automatically calculate the number of switch ports I required
secure architecture is a big term and it need to be put in context to the environment (intranet or internet facing defence, trusted or non-trusted zone separation, multi-perimeter defence, secure remote mobility access, secure hosting data centre, secure key store etc). For a start, you should minimally understand the tier architecture e.g. web, apps and database segregation and there are more segment to host the security services (e.g. Security ops centre monitoring services) and other common infrastructure services like DHCP, DNS, Identity stores, log stores, etc. It can go on to contextualise the general architecture to different layer from physical layer upwards to the network, data and user layer ... May be good to catch
Well-Architected Framework (more than just security but you can catch the latter first)
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
Defence in depth (defend against DDOS attack as example)
https://www.experts-exchange.com/articles/26039/Going-for-effective-DDoS-mitigation-measures.html
Building enhanced cybersecurity blocks in layer defence (scale up the processes)
https://www.experts-exchange.com/articles/33047/Build-up-IT-Security-and-Scale-up-Cybersecurity-posture.html
Well-Architected Framework (more than just security but you can catch the latter first)
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
Defence in depth (defend against DDOS attack as example)
https://www.experts-exchange.com/articles/26039/Going-for-effective-DDoS-mitigation-measures.html
Building enhanced cybersecurity blocks in layer defence (scale up the processes)
https://www.experts-exchange.com/articles/33047/Build-up-IT-Security-and-Scale-up-Cybersecurity-posture.html
Secure architecture requires having secure operating systems, networks (LAN+WAN+Wireless), storage, applications, and devices. For networks and networking, the first step is identifying and creating an inventory of network assets. The inventory record of each information asset should include:
These above will help you understand from a performance and security standpoint how data are transmitted across the network.
https://www.nccoe.nist.gov/library/it-asset-management-nist-sp-1800-5-practice-guide
- Specific identification of the asset
- Location
- VLAN network segmentation
- Network transmission media and techniques, including routers, gateways, switches and other relevant components
- End-to-end network diagram showing all data link protocols and bandwidths as well as all devices in the data path with their models
- LAN/WAN bandwidth utilization
- DMZ zones
- VPN connectivity
- Network application services (insecure and secure protocols) commonly used
- Common routing metrics such as network speed, path reliability, link utilization, MTU, latency, throughput, hop count, Load etc.
- High availability of each device
- Any client-Server or Peer-to-Peer Connectivity
- Security/risk classification such as loss implications and recovery priority (DRP procedure)
- Log management
These above will help you understand from a performance and security standpoint how data are transmitted across the network.
https://www.nccoe.nist.gov/library/it-asset-management-nist-sp-1800-5-practice-guide
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
If you want to get some really good guidance for your drawings, try this link:
http://networkdiagram101.c