Network Architecture

When someone mentions network architecture, the first thing that pops in most people’s minds is IT. Schools have designed advanced degrees around the topic of IT and how best to use and secure network architectures within organizations. Certainly, this would seem to be a likely path for most penetration testers; however, based on personal experience, this does not seem to be the case–most come from the field of information systems, which is unfortunate.
Penetration testers with a network architecture background can identify deficiencies in a large variety of network designs, as well as the placement of elements within those designs. Deficiencies can involve different communication protocols used within the network as well as devices used to deliver and protect the communication traffic. Recently, there has been a greater need for penetration testers familiar with networks. Now that companies have finally recognized the value of information security (okay, maybe I’m exhibiting Pollyannaism by saying that), processes are in place to analyze applications and systems regularly,
including corporate scanning and third-party audits. However, the networks have been neglected, often because of the misplaced belief that has been around for years that firewalls and intrusion detection systems (IDSes) are effective tools, simply because of their presence in the network. The reality is that these network appliances are simply“speed bumps,”and network devices and communication protocols are just as easy, if not easier, to exploit as applications and operating systems, depending on the skill of the network administrators. Like anything in information security, an appliance’s security is directly related to the knowledge possessed and effort put forth by those who configure and maintain the appliances.
By specializing in network architectures, a penetration tester has a variety of options available. There are multiple certifications, organizations, and local groups that specialize in designing, operating, and securing networks. Because of the large support network and demand in the marketplace for firewall and IDS experts, many information security experts end up working with just that – firewalls and IDSes. This knowledge would certainly help a penetration tester; but because there are a lot of jobs available as administrators and managers of these systems, it makes it difficult to transfer out into a penetration testing position later.
Regardless, make sure that you understand as many different facets of network architecture as you can if you want to become a PenTest engineer. Learn about the communication protocols, VoIP, routers, switches, IDS, firewall, wireless, Transmission Control Protocol (TCP), and anything else you can think of. I have personally had to learn all this and more. It is to my disadvantage that I did not start out in this field –especially considering I do more network assessments (evaluating a network design for potential security weaknesses) and penetration tests than I do system or application attacks. I believe this is the trend of the future as well.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s