Network

  • Understand the CSP security requirements and what the CSP requires of each of their customers.

    • Are the configurations that are managed by the CSC appropriate for their service usage?

  • Understand how a packet traverses from node to node along the CSP and within the CSC environment

  • Understand the connectivity with the cloud and if that traffic is encrypted. What can connect? User devices? VPN? Direct network connections? Are the connections appropriate? Are their limiting security rules to scope connectivity down to the minimum required? Who has access to configure and change VPN settings?

  • Review CSP virtual firewalls implementation, CSP direct connection and VPN configuration for proper implementation of network segmentation and firewall setting for CSP services.

  • Verify they have a procedure for granting remote, Internet or VPN access to employees for CSP Console access as well as remote access to networks and systems.

    • Ask for evidence that there is only one way to provision access and that it hasn’t changed overtime.

  • Review the DDoS layered defense solution running which operates directly on CSP reviewing components which are leveraged as part of a DDoS solution.

    • How did the CSC think about DDoS protection? Did they protect main network traffic routes, or did they cover all possible routes to the virtual network?

    • Can their virtual network resources scale in the event of increased network traffic load?

PreviousData SecurityNextUser Device Management

Last updated