Master Checklists

General Network Equipment Audit Steps

These controls should be evaluated in addition to performing the specific steps in the following checklists as they apply. For example, if you were to audit a switch, router, or firewall, you would perform the steps in the following checklist and then additionally perform the steps under the appropriate checklist for switches, routers, or firewalls.

Checklist for Auditing Network Equipment

1. qReview controls around developing and maintaining configurations.

2. qEnsure that appropriate controls are in place for any vulnerabilities associated with the current software version. These controls might include software updates, configuration changes, or other compensating controls.

3. qVerify that all unnecessary services are disabled.

4. qEnsure that good SNMP management practices are followed.

5. qReview and evaluate procedures for creating user accounts and ensuring that accounts are created only when there's a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change.

6. qEnsure that appropriate password controls are used.

7. qVerify that secure management protocols are used where possible.

8. qEnsure that current backups exist for configuration files if applicable.

9. qVerify that logging is enabled and sent to a centralized system.

10. qEvaluate use of the Network Time Protocol (NTP).

11. qVerify that a banner is configured to make all connecting users aware of the company's policy for use and monitoring.

12. qEnsure that access controls are applied to the console port.

13. qEnsure that all network equipment is stored in a secure location.

14. qEnsure that a standard naming convention is used for all devices.

15. qVerify that standard, documented processes exist for building network devices.

Auditing Layer 2 Devices-Additional Controls for Switches

These controls should be evaluated in addition to performing the general steps for auditing network equipment.

Checklist for Auditing Layer 2 Devices: Additional Controls for Switches

1. qVerify that administrators avoid using VLAN 1.

2. qEvaluate the use of trunk autonegotiation.

3. qVerify that Spanning-Tree Protocol attack mitigation is enabled (BPDU Guard, Root Guard).

4. qEvaluate the use of VLANs on the network.

5. qDisable all unused ports, and put them in an unused VLAN.

6. qEvaluate use of the VLAN Trunking Protocol (VTP) in the environment.

7. qVerify that thresholds exist that limit broadcast/multicast traffic on ports.

Auditing Layer 3 Devices-Additional Controls for Routers

These controls should be evaluated in addition to performing the general steps for auditing network equipment.

Checklist for Auditing Layer 3 Devices: Additional Controls for Routers

1. qVerify that inactive interfaces on the router are disabled.

2. qEnsure that the router is configured to save all core dumps.

3. qVerify that all routing updates are authenticated.

4. qVerify that IP source routing and IP directed broadcasts are disabled.

Auditing Firewalls-Additional Controls

These controls should be evaluated in addition to performing the general steps for auditing network equipment.

Checklist for Auditing Firewalls: Additional Controls

1. qVerify that all packets are denied by default.

2. qEnsure that inappropriate internal and external IP addresses are filtered.