Network Security Audit ChecklistPublished August 4, 2020 by Tricia Scherer • 6 min read
Every company that uses computers and the Internet should be concerned about information security and particularly, network security. The number of threats each company faces is growing every day.
Whether it’s SPAM, malware, spyware, phishing or virus threats or users who walk out the door with proprietary information or sensitive data, the threat and risks are potentially damaging and costly for that company. To prevent issues from occurring, regular network security checks should be performed, no less than once a year.
The more complex a network is, the more complicated the security audit will be, but regardless, it’s extremely important whether you’re a large or a small company. A network security checklist helps to facilitate that.
What Is A Network Security Audit?
A Network Security Audit is an audit of all your network systems to make sure that potential security risks are eliminated or minimized. Servers, routers, workstations, gateways, must all be checked to make sure they are secure and safe and aren’t sharing any sensitive information. Also, because users are connected to the network, there are personnel considerations to consider. Quite often, whether intentionally or unintentionally, users tend to be the biggest threat to a network’s security.
A Network Security Audit has many things to consider and it is often easy to forget or miss steps. Therefore, it’s important to not only have regular Network Security Audits but also to have a Network Security Audit Checklist to ensure that all the steps for Network Security are covered, every time you perform an Audit.
Difference Between Cybersecurity and Network Security Audits
Network Security is a subset of CyberSecurity which is concerned with the overall security of an organization, including physical data security.
Network Security covers all the data that is on the network itself, including anything that connects to the internet. Humans walking out with data on a memory stick or sharing proprietary information with a social engineering hacker falls under Cybersecurity, whereas network security, being a subset, covers what that user does on the network itself.
Who Performs a Network Security Audit?
A Network Security Audit can be performed by internal or external auditors, depending on the size of the company and whether a company has IT Staff or not. There are also good reasons for having an external audit, even if you do have IT Staff.
- An extra set of hands and eyes looking at the network will ensure that your network is secure and safe.
- Often external auditors will be more thorough and objective, whereas an internal auditor is so familiar with the network, they may forget a step or assume that some steps aren’t needed.
- An internal auditor might have personal reasons for skipping a step or two to continue providing whatever network advantages they need. For example, in the past, administrators have created backdoor apps to give themselves access in the event of a termination. Or simply creating an additional user with administrative rights without telling anybody. They also might have less innocuous reasons for opening network security to provide easier and sometimes less secure remote access to the network so they can easily resolve issues from home.
Regardless of who performs the security audit, having a checklist will provide consistency and make sure that patches or other changes in the network since you last performed the audit haven’t created security issues.
Where Can One Find a Network Security Audit Checklist?
There are many sources for a Network Security Audit Checklist available on the Internet. Consulting companies have created them to give back to the community as well as to get your business. Some organizations want to make the Internet and your networks more secure, such as the Center for Internet Security and the National Cyber Security Alliance.
Regardless of where you find your checklist, you’ll most likely want to add or remove items to it, using it as a baseline for your environment. You may even want to download several of them and create a single master checklist from them. Most checklists are thorough but accommodating every piece of network device and software in the world is a challenge.
One checklist may not be enough to cover all the network software and devices in your company. Developing a checklist that covers everything in your network is crucial to ensure you are secure. For example, once you’ve registered with the Center for Internet Security, they give you access to many PDFs that cover detailed security settings for specific OS environments, such as the many flavors of LINUX, Windows, and Apple machines. They also give detailed security settings for applications such as Google Chrome and Internet Explorer and benchmark settings for cloud-based environments such as Azure and Amazon Cloud Services.
What Categories Should I Include in a Network Security Audit Checklist?
There are many categories of items that should be included in a Network Security Audit Checklist. Some of them are obvious to most administrators and consultants and others are not as obvious. Here is our list, and as mentioned above, not all checklists will cover every network device and software in your environment, so be careful using a single source for your checklist.
Suggested Network Security Audit Checklist
- A written Network Security Policy that lists the rights and responsibilities of all staff, employees, and consultants.
- Acceptable Use Policy (AUP) for all staff and patrons
- Security Training for all users regarding the use of the Network Environment and sharing data outside the company as well as allowing anybody to access their systems.
- All outside vendors and contractors need to sign a security agreement while they are working in your environment
- Make sure users have been trained regarding the sharing of information by email and the Internet.
- Have contingency plans in place for if and when there is a data breach or security breach.
- Password Security
- Written password policy
- Password Training for all authorized users to ensure they understand the potential risks of using passwords in an insecure way.
- Inspect Workstations for written passwords in the user or server areas
- Keep password requirements documentation in a safe place
- LAN Security
- Hardening of servers on the internal network, removing unnecessary services and applications
- Keeping unnecessary files off of servers
- Server permissions set appropriately for users
- No anonymous users allowed
- Unauthorized login attempt policies
- Share the functions of server administration between administrators
- Limit remote administration
- Remote Access Security policy and implementation
- Disable Remote Administration where it isn’t needed
- Rename Administrator Account
- Enable auditing of Administrator login attempts
- Create extra-strong passwords for Administrator accounts
- Passwords for server administration accounts should be different than workstation user accounts for the same users
- Disable Guest Account
- Restrict Access to the Everyone Group
- Create appropriate user and group accounts
- Set appropriate group access permissions
- Configure audit logs to track unauthorized access of files/systems/folders/accounts
- Configure patch management or scheduled download and application of the operating system and security patches
- Ensure Wireless Network security is configured properly, including the use of WEP, WPA2 or other wireless security protocols
- Workstation Logons
- Screen Locks on all computers
- Require passwords on all computers, including screen lock recovery
- Consider using two-factor authentication
- Harden workstations, removing unnecessary applications and programs
- Anti-virus software installed and disable circumnavigating
- Ensure anti-virus updates are occurring regularly
- Ensure software updates are occurring regularly
- Ensure the operating system and security patches are occurring regularly
- Pop-up blockers enabled
- Mobile Devices
- An IT security policy or BYOD policy (Bring Your Own Device) needs to be in place for mobile devices that are used on the network
- Enforcement of the mobile device policies needs to be decided on and enforced
- Wireless access points need to be secure
- Network Equipment Security
- Configure audit logs to monitor access
- Document configuration working configuration settings in case of failure
- Document user accounts/passwords for accessing these devices and put them in a safe place
- Make sure that firmware upgrades occur regularly
- Router/Firewall Security
- Use a firewall and make sure that all public-facing services are on a separate network segment or DMZ (email, FTP, web, for example) for intrusion prevention.
- Make sure that all externally sourced IP addresses are not allowed inside the LAN, but only to the DMZ
- Configure firewall policies to deny inbound access to unused ports
- Review all firewall policies for potential security risks
- Implement network address translation (NAT) where possible
- Use stateful packet inspection on the firewall, preventing IP address spoofing and DOS attacks.
- Make sure the router and firewall software is updated regularly
- Make sure the router and firewall firmware is updated regularly
- Consider having penetration testing performed for further weakness exposure
All the items above are areas of concern when performing a Network Security Audit, but none of the items go very deep. There are many items, for example, in implementing a Security Policy, both for your company, as well as for each of your servers and computers. There are hundreds of items on a workstation security policy that require planning and implementation.
You probably want to implement your workstation security policy on a single image and make sure that this image is rolled out to all your workstations to ensure they are all configured the same way or have software that would do this for you. You would also want to make sure that any new security policies get rolled out to all workstations
This article has been an introduction to Network Security Audit Checklists and as stated, just an example of what a potential checklist might have. Be sure you do your own research or hire someone who can do this for you. You really shouldn’t be cutting corners when it comes to security measures on your network.
Millions of dollars are lost every year because of security threats, both in down networks and computers as well as stolen data. Making sure your network and data are secure should be one of your top priorities. Having a Network Security Audit Checklist is just one of the ways that help you do that.