Network and Data Flow Diagrams
Documentation is one of the least favorite activities in IT. It always seems to get prioritized down in lieu of other more critical and current activities. However, in the process of establishing a strong cybersecurity posture, one of the key documents that should be created and maintained is a Network and Data Flow Diagram.
Why is this important?
The Network and Data Flow Diagram assists in the identification of information assets, potential threats, vulnerabilities, established controls, and the exposure of sensitive information. Additionally, the Network and Data Flow Diagram shows the storage and flow of that sensitive information within the network and what may be exposed outside of the network. Does this sound familiar? It should because it is the foundation for a Risk Analysis.
Additionally, the Network and Data Flow Diagrams illustrate the flow of information from each asset. Given that some of your assets may reside both inside and outside of the firewall, this is a key step in protecting sensitive information.
In looking at the history of security incidents and breaches, there are multiple occurrences of events where sensitive information was available on a publicly accessible server. In other words, a server accessible to the public on the web provided a path to access other sensitive information that should have not been exposed.
How do I start?
The first step is to understand the layout of the network infrastructure. This should include network devices that sit inside and outside of the firewall. Clearly diagram these devices and use arrows to illustrate how data flows in and out of each device. Second, begin to populate the diagram with servers, workstations, databases, and other devices to illustrate the origination and destination of the data. Also, the Internet should be included on the diagram as a “location”, or a place where data can be stored and transmitted to and from.
How often should I update my diagrams?
The Network and Data Flow Diagram should be reviewed and updated annually or whenever a change in network configuration takes place.