Home / Blogs

Security and Reliability: A Deeper Dive into Network Assessments

As noted in the first part of this series, Security and Reliability encompasses holistic network assessments, vulnerability assessments, and penetration testing. In this post I’d like to go deeper into network assessments. I stated last time that the phrase “network assessment” is broad. Assessments may be categorized as “internal” (behind the firewall, corporate infrastructure) or “external” (outside the firewall, Internet infrastructure). Regardless of the scope and areas of technology assessed, the goals are to assess the current state of your infrastructure with respect to industry best practices, to provide a gap analysis that shows where best practices are not met, and finally to provide remediation steps to fill those gaps.

Internal network assessments may be highly customized and should evaluate a wide range of network infrastructure or specific areas of technology, including but not limited to:

  • Network switching/routing
  • Firewall and IDS/IPS
  • Wireless (Wi-Fi, microwave, satellite, etc.)
  • VoIP
  • Server infrastructure
    • Application
  • Client/desktop

    • System builds
    • Anti-virus/anti-malware
  • Physical security

External network assessments may also be customized and should examine areas including but not limited to:

  • IP address registration and routing policy
  • DNS and domain name registration
  • Electronic Mail
  • Internet gateways (border router, access controls, filtering, firewalls, etc)
  • VPN access to corporate network
  • Site-Site interconnections

You may also wish to assess information security policies and procedures, access controls (logical or physical), readiness for SSAE16, ISO 27000 series, or PCI compliance, and disaster recovery procedures, or business continuity plans for both internal and external assessments.

The benefits of a network assessment include documentation to help you understand your current security and reliability posture in terms of best practices, and steps to remediate gaps in best practices. This type of assessment can form the basis for system-wide documentation and further policy development if needed. In addition, once you remediate any gaps in the assessment, you can begin to document best practices with respect to network/system architecture, security, change management, disaster recovery and business continuity.

The next logical steps to enhancing your security and reliability posture are to execute periodic vulnerability assessments and penetration testing, which I will delve into in the following posts.

By Brett Watson, Senior Manager, Professional Services at Neustar

Brett’s experience spans large-scale IP networking, optical networking, network/system administration and design, and security architecture including high level security policy and architecture, as well as vulnerability assessments and penetration testing.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign