Scribd Logo
Upload

Welcome to Scribd!

  • Network Infrastructure Auditing Checklist

    Uploaded by

    olfa0
    60 views2 pages
    zd

    Original Title

    Appendix 7

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    zd

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    60 views2 pages

    Network Infrastructure Auditing Checklist

    Uploaded by

    olfa0
    zd

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Module 4

    7. NETWORK INFRASTRUCTURE AUDITING


    CHECKLIST
    7. Network Infrastructure Auditing Checklist
    The following is a general illustrative checklist for the audit of Network infrastructure.

    Network Server
    Obtain or prepare logical and physical diagrams of the network and attached local and wide
    area networks, including the systems vendor and model description, physical location, and
    applications and data residing and processing on the servers and workstations.
    Using the information obtained in the prior steps, document the server and directory location
    of the significant application programs and data within the network; document the flow of
    transactions between systems and nodes in the network.
    Assess whether the trusted domains are under the same physical and administrative control
    and are logically located within the same sub-network.
    Determine that router filtering is being used to prevent external network nodes from spoofing
    the IP address of a trusted domain.
    Determine that the Administrator/SuperUser and Guest accounts have passwords assigned
    to them (by attempting to log on without providing a password). Also ascertain that the
    Administrator account password is well controlled and used/known by only the system
    administrator and one backup person.
    Review the account properties settings active in each users individual profile, which may
    override the global account policy.
    List out the security permissions for all system directories and significant application programs
    and directories and ensure that they are consistent with security policy
    Review and assess permissions assigned to groups and individual accounts, noting that Full
    Control (all permissions) and Change (Read,
    Write, Execute, and Delete) permissions are restricted to authorized users.
    Review the audit log for suspicious events and follow up on these events with the security
    administrator.
    Router
    Determine the types of accounts that were used to access the routers.
    Determine what users had access to these accounts.
    Were access attempts to the routers logged?
    Determine if all accounts had passwords and determine the strength of the passwords.
    Was simple network management protocol (SNMP) used to configure the network?

    1
    Section 3

    Determine the version of SNMP employed by the Company. (Version one stores passwords
    in clear-text format. Version two adds encryption of passwords.)
    Determine if open shortest path first (OSPF) was defined on the router. Determined the
    authentication mechanism that was employed in the Company's implementation of OSPF.
    Determine whether directed broadcast functionality was enabled on the router. This setting,
    if enabled, could allow a denial-of-service (DoS) attack of the network (Smurf attack).
    Obtain population of routers with modems and obtain the telephone numbers of the routers.
    Determine if users were properly authenticated when remotely accessing the routers.
    Determine how changes to the router environment were made.
    Were there procedures for changing router configurations? If so, were these procedures well-
    documented and consistent with security policy?
    Determine if changes to the router configuration were documented.
    Was there a separation of duties within the change control of the router environment?
    Firewalls
    Obtain background information about the firewall(s), in place, e.g., segment diagrams,
    software, hardware, routers, version levels, host names, IP addresses, connections, any
    specific policies for an overview of the firewall security
    Determine that the firewall components, both logical and physical, agree with the firewall
    strategy.
    Determine whether the firewall components are the latest possible version and security
    patches are current.
    Determine that the root cannot telnet to the system.
    Determine the telnet OS banner and other banners such as FTP banner, etc. has been
    eliminated.
    Ensure that there are no compilers/interpreters on the firewall.
    Ensure that a lockdown rule has been placed at the beginning of the rule base. The lockdown
    rule protects the firewall, ensuring that whatever other rules are put in later, it will not
    inadvertently compromise the firewall.
    Obtain and review the connections table for time out limits and number of connections
    Attempt to test the rule base by scanning secured network segments from other network
    segments
    Identify accessible resources behind the firewall that are to be encrypted and determine the
    connections are encrypted
    Determine if there is a change control process in place for the rule base
    Determine the use of the firewall's automatic notification/alerting features and archiving the
    detail intruder information to a database for future analysis.

    You might also like