• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
ISO 27001 Router Security Audit Chec
Questions YesNoRouter Policy
Is a router security policy in place?A.5.1.1A.11.4.1
Disable Unneeded Services
Are unused interfaces disabled?A.11.4.4A.11.5.4A.12.6.1A.12.6.1A.11.4.4A.12.6.1.A.11.4.4A.11.5.4A.12.6.1A.11.4.4A.11.5.4A.12.6.1A.12.6.1{applicable before Cisco IOS 11.3}
FindingsISO27001Control
Is DNS lookups for the router turnedoff?Is TCP small servers and UDP smallservers service disabled on the router?{applicable before Cisco IOS 11.3}Is Cisco Discovery Protocol disabled onthe router?Is the finger service disabled on therouter? {applicable before Cisco IOS11.3}Is Bootp server disabled on the routers?Is directed broadcast disabled on allinterfaces?
 
A.12.6.1Is Proxy ARP disabled on the router? A.12.6.1A.12.6.1
Password Encryption
A.11.5.3
Authentication Settings
A.11.5.3A.11.5.3A.11.5.1Is source routing disabled on therouter?Is ICMP redirects disabled on therouter?Do passwords appear in encrypted formwhen viewed at the configuration file?Is enable secret used for the routerenable mode?Does the enable secret passwordmatch any other username password;enable password, or the enable secretpassword of another router in thenetwork?Is a Message of the Day (MOTD) bannerdefined?
 
A.11.5.1A.11.3.1Is the aux port disabled?A.11.4.4Is the following defined on the vty lines:A.11.5.1A.11.3.1A.11.4.3A.11.5.3A.11.3.1Is SSH used for the vty lines?A.12.3.1Is the following defined on the consoleport:1.
 
Exec-timeout2.
 
Password1.
 
Exec-timeout (Yes/No)2.
 
PasswordIs the vty lines restricted to certain IPAddresses only?According to policy, how often do routerpasswords (telnet, username, enable)have to be changed?Do the router passwords meet with therequired complexity as defined by thepolicy?
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...