These controls should be evaluated in addition to performing the specific steps in the following checklists as they apply. For example, if you were to audit a switch, router, or firewall, you would perform the steps in the following checklist and then additionally perform the steps under the appropriate checklist for switches, routers, or firewalls.
Checklist for Auditing Network Equipment
qReview controls around developing and maintaining configurations.
qEnsure that appropriate controls are in place for any vulnerabilities associated with the current software version. These controls might include software updates, configuration changes, or other compensating controls.
qVerify that all unnecessary services are disabled.
qEnsure that good SNMP management practices are followed.
qReview and evaluate procedures for creating user accounts and ensuring that accounts are created only when there's a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.
qEnsure that appropriate password controls are used.
qVerify that secure management protocols are used where possible.
qEnsure that current backups exist for configuration files if applicable.
qVerify that logging is enabled and sent to a centralized system.
qEvaluate use of the Network Time Protocol (NTP).
qVerify that a banner is configured to make all connecting users aware of the company's policy for use and monitoring.
qEnsure that access controls are applied to the console port.
qEnsure that all network equipment is stored in a secure location.
qEnsure that a standard naming convention is used for all devices.
qVerify that standard, documented processes exist for building network devices.
These controls should be evaluated in addition to performing the general steps for auditing network equipment.
Checklist for Auditing Layer 2 Devices: Additional Controls for Switches
qVerify that administrators avoid using VLAN 1.
qEvaluate the use of trunk autonegotiation.
qVerify that Spanning-Tree Protocol attack mitigation is enabled (BPDU Guard, Root Guard).
qEvaluate the use of VLANs on the network.
qDisable all unused ports, and put them in an unused VLAN.
qEvaluate use of the VLAN Trunking Protocol (VTP) in the environment.
qVerify that thresholds exist that limit broadcast/multicast traffic on ports.
These controls should be evaluated in addition to performing the general steps for auditing network equipment.
Checklist for Auditing Layer 3 Devices: Additional Controls for Routers
qVerify that inactive interfaces on the router are disabled.
qEnsure that the router is configured to save all core dumps.
qVerify that all routing updates are authenticated.
qVerify that IP source routing and IP directed broadcasts are disabled.
These controls should be evaluated in addition to performing the general steps for auditing network equipment.
Checklist for Auditing Firewalls: Additional Controls
qVerify that all packets are denied by default.
qEnsure that inappropriate internal and external IP addresses are filtered.