Introduction – why is a network security audit important?
In the digital age, the security of a company’s IT infrastructure is critically important. Often, only a thorough IT network security audit can uncover the hidden flaws that can lead to serious incidents. In this article, we present a real-world case study in which a client asked the Unicorn team to assess the maturity level of their IT network. The investigation conducted as part of the IT audit revealed a configuration error that posed a serious security risk to the client’s business systems. This case highlights the importance of regular network security assessments and shows how an experienced partner like Unicorn can help prevent similar problems in the areas of network security and system integration.
Brief overview of the case
A mid-sized enterprise client approached our team with the request to assess the current state and maturity of their IT network. Unicorn’s experts conducted a comprehensive audit, during which they mapped the network devices, segments, permissions, and security settings.
During the audit, we made a surprising and alarming discovery: in the client’s network, an active device provided by an external VoIP (Voice over IP) provider—essentially an IP telephone exchange device—was operating in a network segment from which the company’s production infrastructure was directly accessible. This means that this third-party device was present on the same network where the company’s most important servers (file server, SAP system, billing system, etc.) were also running. In practice, from the network behind a device owned and managed by a third party, any suitable device or user could freely communicate with the company’s critical systems without any restrictions.
The critical security flaw: Lack of network segmentation
The root of the problem was the complete lack of network segmentation and the direct, firewall-less connection of the two systems’ L2 networks. The client’s network had previously been designed with a “flat” architecture, meaning no separate subnets or zones were created for devices with different functions. Consequently, there was no firewall filtering or restriction between the aforementioned VoIP device and the internal servers.
Such a setup carries a serious security risk, because if an attacker compromises the external VoIP device, they can gain direct access to the company’s systems that handle confidential data. It is no coincidence that the National Security Agency (NSA) and CISA have ranked the lack of network segmentation among the ten most common misconfigurations—such a configuration error makes the entire organization vulnerable.
Why is an unsegmented network dangerous?
Experience and international analyses show that a contiguous, unsegmented network carries numerous dangers. Below, we summarize the main risks:
– Unrestricted Lateral Movement: If there are no internal boundaries in the network (e.g., subnets, VLANs), an attacker can move “laterally” virtually unhindered. In a “flat” network, after compromising a single point, almost all other systems can be accessed, as there are no segmentation barriers in the way. This lateral spread makes it easier to access sensitive data from anywhere on the network.
– A Single Point of Failure Becomes a Full Network Threat: Since all systems are on a common network, the breach of a single workstation or device can escalate into a full-scale attack. For example, if a machine is hit by ransomware, it can easily spread throughout the entire network, paralyzing workstations and servers. The lack of segmentation thus significantly increases the scope of an incident.
– Risk Posed by External Partners: Third-party devices or access points (like the VoIP provider’s device in this case) are particularly dangerous in an unprotected network. A similar incident occurred during the famous Target data breach, where attackers exploited the access of an external partner (the HVAC company). According to investigations, Target did not properly separate the network segment accessed by the partner from the critical payment systems, allowing the attackers to easily advance into the internal network. The lesson: even if a partner’s network access is commercially justified, it must be handled in a strictly isolated, segmented It is no coincidence that international standards—such as the PCI-DSS for bank card data protection—explicitly require network segmentation to protect sensitive data.
– Larger Attack Surface and Difficult Monitoring: Without segmentation, security systems (IDS/IPS, SIEM, etc.) also have a harder time filtering out threats, as all traffic flows in a single medium. In contrast, in a well-segmented network, “internal firewalls” and rules restrict traffic between individual zones, which provides an extra layer of protection and makes it easier to detect anomalies.
Overall, it can be said that without proper segmentation, a company’s attack surface is significantly larger, and a minor security flaw can turn into a much more serious incident. For these reasons, international recommendations also urge the segmentation of networks. For example, when designing VoIP systems, NIST recommends that voice and data traffic be handled on logically separated networks, breaking them down into separate subnets and addressing ranges. Similarly, Cisco also highlights among its best practices that we should segment VoIP traffic using VLANs and separate voice from the data network. These industry guidelines also support the fact that network segmentation is not a luxury, but a fundamental security requirement in today’s complex IT environment.
Immediate intervention: Isolation with a firewall
As soon as Unicorn’s experts discovered that the external VoIP device provided an unprotected route to the internal network, they immediately reported the problem to the client’s responsible personnel. In the case of such a serious vulnerability, one cannot wait for the development of a complete final solution—immediate firefighting is necessary.
As a temporary measure, our team implemented a new firewall rule and network filter that disconnected the dangerous connection from the production infrastructure. In practice, we created a quickly deployable virtual “wall” between the VoIP device and the internal network, thereby minimizing the chance of anyone accessing the file server or business applications from that device. This temporary isolation solution ensured that the previously open door could not be exploited while the final network development steps were being implemented.
It is important to emphasize that this was only a temporary protective measure—a kind of rapid-response firefighting. In parallel, Unicorn’s experts immediately began developing a long-term, strategic network development plan that comprehensively addressed the root of the problem.
Network development plan: Creating secure segments
After the rapid troubleshooting, the deeper planning phase followed, the goal of which was to ensure that the client’s IT network would not be exposed to similar risks in the future. The Unicorn team prepared a comprehensive network development plan that took into account the client’s business processes, existing infrastructure, and future expansion needs.
The most important element of this plan was the proper implementation of network segmentation. Within this framework, we proposed the creation of several zones with different security levels within the network:
– Isolated VoIP network segment: The external VoIP provider’s device and telecommunications equipment, in general, were placed in a dedicated VLAN or subnet. This communication zone operates separated from the company’s internal data network by a firewall. We only allowed the minimum necessary traffic between the VoIP segment and other parts of the network (for example, if the VoIP device needs to access the internet or a specific server, only the necessary ports and protocols for this were opened). This way, even if the VoIP device were compromised, the attacker would not be able to easily move to the company’s critical systems.
– Business applications and servers segment: The production systems (file servers, databases, SAP, billing programs, etc.) were placed in a high-security network zone. This zone is also protected by a firewall, and only highly controlled traffic can access it from the outside. For example, entry from the user network or other segments is only possible through specified protocols and with authentication. Thus, even if a client machine becomes infected in another network segment, it will not be able to freely connect to the critical servers.
– Guest and partner network (DMZ): For devices or partners that require external connectivity (be it guest Wi-Fi, access for external maintenance partners, or other service providers), we created a separate demilitarized zone (DMZ). In this zone, only limited resources are available, and there is no direct access from here to the internal network segments without the connection going through strict firewall rules and checks. This solution guarantees that a third-party partner’s device does not pose a threat to the internal network.
– Client network in a separate segment: The company’s internal client computers were also separated from the server zone and all previously mentioned segments.
– Management and supervisory network: We also created a separate segment for administrative access and management interfaces. Only authorized system administrators can enter here, for example, via VPN, after multi-factor authentication. This prevents the infrastructure’s control systems from being directly accessible from a potentially compromised client machine.
As part of the network development plan, the focus was naturally not only on segmentation. We reviewed the firewall policies, ensured the inclusion of appropriate intrusion detection and prevention systems (IDS/IPS) between the individual segments, and proposed the use of encrypted communication where relevant (e.g., encrypting VoIP traffic, using secure management protocols, etc.).
Additionally, logging and monitoring were emphasized: according to the proposal, the event logs of important network devices and servers should be collected in a central SIEM system and continuously analyzed to identify any suspicious activity in time. We made a separate proposal for the implementation of DNS Security, the primary goal of which is to prevent malicious DNS queries from being resolved from the client’s network, and to monitor which clients are making malicious DNS resolution requests, as these machines have likely become infected with malware. All these measures, in a coordinated manner, increase the security level and maturity of the network.
During the presentation of the final proposal, Unicorn’s experts detailed to the client how the new, segmented network architecture would securely handle the previously problematic VoIP connection. The client’s production infrastructure was now in a protected, closed network zone, which the VoIP device could only access in a predefined, controlled manner (if it needed to access it at all). With this step, the previous serious risk was virtually eliminated. The client’s management received the plan with relief, as it became clear to them that the proposed developments would cause their network’s maturity and security level to increase exponentially.
Unicorn’s expertise and added value
This case study also clearly shows how important it is to involve the right partner in managing network security challenges. The Unicorn team has extensive experience in network security, IT audits, and system integration, which is the key to the success of such projects. We are not only skilled in technological solutions but also understand the business aspects: we know that a development must not hinder the company’s operation, but ideally, should support it. That is why all our recommendations—be it network segmentation, the integration of new security tools, or process development—are tailored to the client’s unique needs.
During the audit, Unicorn’s experts do not just look for obvious errors but also examine the deeper interconnections. In this case, we recognized that the problem was not simply a misconfiguration, but a deficiency in the entire network architecture. In such a situation, a comprehensive solution is needed; it is not enough to replace a single device or patch a hole. Our team’s strength lies in our ability to think at a system level and create an integrated development plan.
Based on feedback from our clients, one of the great advantages of collaborating with Unicorn is our proactive approach. We do not wait for vulnerabilities to turn into real attacks; we strive to uncover and rank all risk factors during the audit phase. Referring back to the case presented in this article: the flaw discovered during the IT audit required immediate intervention, but the real value lay in the subsequent strategic planning and implementation, which the Unicorn team brought to success. We did all this in close collaboration with the client’s IT department to ensure that the solutions are transferable and sustainable in the future.
Finally, it is worth mentioning the importance of documentation and knowledge sharing. After implementing the new network segmentation and security controls, we provided detailed documentation and also held training for the client’s IT team. Thus, the client did not just receive a one-time intervention, but can also benefit in the long term from the knowledge we transferred. Unicorn believes that the most effective collaboration is with an informed and prepared client—as network security is not a static state, but a shared interest that requires continuous attention.
Conclusion: A secure network means a secure business
The case presented clearly highlights how a seemingly minor configuration flaw—in this instance, the omission of network segmentation—can create a serious security breach in an organization’s defense wall. Fortunately, the client acted in time, and with the involvement of Unicorn’s experts, a potential cyberattack or data loss was prevented. Our immediate measures (firewall isolation) and long-term proposals (a reorganized, segmented network) both contributed to the company’s IT infrastructure now being more mature and secure.
This story is also a message to all businesses: it is never too late to review and improve your network security. It is worth having your IT systems regularly audited and turning to experts before attackers find the weak points. The Unicorn team is readily available, whether for a preventive security assessment or for rectifying an existing problem. The energy and resources invested in network security are not a cost, but an investment in the company’s future—because a secure network is ultimately the foundation of a secure business.