2

I am learning about network documentation for the first time and have come across the following statement:

Undocumented networks might not be protected and can be used to support insider attacks.

According to this website, network documentation is a way of representing the organisation of your network.
Why then might an undocumented network be unprotected and more susceptible to insider attacks?
I would have thought that, since a documented network represents the organisation of the network, it would be easier to attack a documented network.

I would appreciate help understanding the statement above.

StackzOfZtuff
  • 17,783
  • 1
  • 50
  • 86
Caleb Owusu-Yianoma
  • 143
  • 6
  • 1
    Think of your network like you would think about a network of water pipes around your house. If you know where the pipes are(documented), when you'll see some water you'll know where water is coming from. If you don't know where the pipes are (undocumented) you won't have an easy time fixing the leak. – sir_k Jul 14 '15 at 12:12

2 Answers2

5

If your network is undocumented, then you don't know what all the parts are, how they are set up, or how they interoperate. That in turn means you can't reliably do any of these crucial things:

  • do a full risk assessment
  • identify required controls
  • implement those controls fully
  • measure the controls to confirm they are working
  • monitor the network so you can detect attacks

Let's do an example. Opening ISO 27002:2013 at random, we find 12.4.3, "System administrator and operator activities should be logged and the logs protected and regularly reviewed".

If you don't have the network documented, you may have appliances in operation that you don't know about. So you have no way of knowing if they have logs that need monitoring, you have no way of reviewing those logs, no way of auditing that you are reviewing the logs, etc. etc.

Graham Hill
  • 15,394
  • 37
  • 62
1

This might be best explained by an example: patching of servers. In any decently sized network you're likely to have a myriad of servers. Some running applications, others serving as network infrastructure such as firewalls, routers and so on. All of these run a lot of software. This software is bound to have bugs from time to time. If you don't know which services you are running, there is no way you'll be able to patch these security holes.

An attacker, however, can quite easily get a fairly good overview even over your undocumented network, for example by using a network scanner (a tool that automatically identifies servers in a network). The attacker can then exploit known bugs in the unpatched software you're running, and thereby take control over servers in your network.

lillesand
  • 131
  • 1
  • 7