Mạng lưới Của tổ chức mạng lưới thông thường cung cấp các điểm truy cập dễ dàng nhất để thông tin và kiểm tra mạng lưới, bắt đầu với một sơ đồ mạng, kiểm tra mỗi điểm kết nối | 97 Chapter 7 Information Security Process When conducting an assessment of an organization examine the following areas The organization s network The organization s physical security measures The organization s existing policies and procedures Precautions the organization has put in place Employee awareness of security issues Employees of the organization The workload of the employees The attitude of the employees Employee adherence to existing policies and procedures The business of the organization Network The organization s network normally provides the easiest access points to information and systems. When examining the network begin with a network diagram and examine each point of connectivity. NOTE Network diagrams are very often inaccurate or outdated therefore it is imperative that diagrams are not the only source of information used to identify critical network components. The locations of servers desktop systems Internet access dial-in access and connectivity to remote sites and other organizations should all be shown. From the network diagram and discussions with network administrators gather the following information Types and numbers of systems on the network Operating systems and versions Network topology switched routed bridged and so on Internet access points Internet uses Type number and versions of any firewalls Dial-in access points Type of remote access Wide area network topology Access points at remote sites 98 Network Security A Beginner s Guide Access points to other organizations Locations of Web servers ftp servers and mail gateways Protocols used on the network Who controls the network After the network architecture is defined identify the protection mechanisms within the network including Router access control lists and firewall rules on all Internet access points Authentication mechanisms used for remote access Protection mechanisms on access points to other organizations Encryption mechanism used to transmit and store information .