You’re the new IT security ‘guru’ hired by a corporation to keep their websites from getting ‘hacked’. In day one you ask around for network diagrams, and/or threat profiles, and you get blank stares.
Note: this article is written to help non-technical people as well. If you are non-technical, all you need to do is get a resource to do the following.
Analyzing Internet Protocol (IP) Layer 3 Flows
If you look at all the layer three IP flows that go through your gateways then you can building a picture. You can do this through just exporting the flows manually such as netflow, or using syslog, or using a packet capture. If you don’t have the technical ability do to this yourself you need to find somebody who does: hire them or get somebody from your service provider.
Routing Tables and Address Resolution Protocol Tables
You get access to your routers and then manually look at their routing tables to find out where the routes go and also look at their ARP tables and associated switches.
Spanning A Switch To Collect All Data
If you span a switch port – this means you’re snooping all the data on that switch port – then you can import this into a graphical interface that will show you all your IP flows.
Setup meetings with as many relevant employees as you can and talk to them. They may be a good source of information. Get the data and build a picture.