by Carl Anctil
Network validation is an important step or tool for designing or hardening a network. Something else that’s just as important to have is a valid, accurate and up-to-date network diagram. The act of correlating a network diagram against the actual network wiring is network validation.
Why bother with validating a network? The short answer is: to make sure that a network is wired according to how the network diagram says it is. This is important. Why is this important? A network diagram is exactly like a blueprint for a building. When architects create a blueprint for a new building, they do so following construction laws, regulations, standards, etc. These laws and regulations are required to make sure that our buildings are built according to proven and safe standards. They are there to protect us and make us safe. The result we get for following these rules is that they provide for us a reasonable expectation that our buildings are safe and secure. Sound familiar?
What does validating a network mean? For starters, it means that a network diagram should be designed before any actual wiring begins. Many networks are built without a network diagram to follow. This simply opens the door for costly and unnecessary mistakes or network flaws. If someone is responsible for a network without a network diagram, one is still required. It also means that the person in charge of a network should be able to validate every physical connection to that network in 10 minutes or less. This validation process should also be performed on a regular schedule.
Many organizations do have network diagrams, but how accurate are they? The importance of keeping a network diagram accurate is crucial. This is often one of the first thing that will be sought for investigations or for the prevention and detection of network breaches. Remember that without this key piece of information, where does one start?
Do you know how the firewall is connected to the network? Do you know if someone temporarily hooked up the database server to the DMZ? Why is the proxy server unplugged? or plugged in the wrong switch? Do you know how the network connects to the internet?
The answer to these common questions can only be reliably answered by conducting a complete network validation using an accurate and up-to-date network diagram. It’s a pretty simple concept to understand. However, somehow, this remains overlooked by many organizations. These organizations cannot reliably answer, or they do not know how to answer, these simple questions.
So please, validate your networks and keep accurate and up-to-date network diagrams. It’s rule number one.
About carl.anctil
Good rule to keep but I have rarely seen it adhered to by anyone. Auditors tend to make their own network diagrams based in intake sessions and interviews with technical personnel anyway. I would simply request a copy but it will probably be inaccurate and have omissions.
Today’s networks are changing so fast how does one really keep up?
The network diagrams are more like GPS road-maps, inaccurate but more or less cover the major roadways.
How often is your building under construction on the other hand, to use your analogy? Once built little renovation occurs and therefore much easier to maintain accurate detailed diagrams. But the modern network has continuous changes.
People often try to make comparisons with computing or computers but such comparisons in reality lack the utility they are suggesting.