Network Configuration Audit

Use this Network Configuration Audit checklist to review network settings from password to LAN security ensuring compliance with organizational standards.

Network Configuration Audit



General

1. Is there a written Network Security Policy that lists the rights and responsibilities of all staff, employees, and consultants?


Photo Comment

2. Has security training been provided to all users regarding the use of the network environment and data sharing outside the company?


Photo Comment

3. Have users been trained on the proper sharing of information via email and the Internet?


Photo Comment

4. Do all outside vendors and contractors sign a security agreement while they are working in your environment?


Photo Comment

5. Are contingency plans in place for handling data breaches or security breaches?


Photo Comment
Password Security

1. Is there a written password policy in place?


Photo Comment

2. Have all authorized users received Password Training to ensure they understand the risks of using passwords insecurely?


Photo Comment

3. Are workstations inspected for written passwords in user or server areas?


Photo Comment

4. Is password requirements documentation kept in a safe place?


Photo Comment
LAN Security

1. Are servers on the internal network hardened by removing unnecessary services and applications?


Photo Comment

2. Are unnecessary files kept off of servers?


Photo Comment

3. Are server permissions set appropriately for users?


Photo Comment

4. Are anonymous users prohibited from accessing the network?


Photo Comment

5. Are the functions of server administration shared between multiple administrators?


Photo Comment

6. Is there a Remote Administration policy in place?


Photo Comment

7. Is Remote Administration disabled where it isn't needed?


Photo Comment

8. Is there a Remote Access Security policy, and is it implemented effectively?


Photo Comment

9. Has the Administrator Account been renamed?


Photo Comment

10. Is auditing enabled for Administrator login attempts?


Photo Comment

11. Are extra-strong passwords created for Administrator accounts?


Photo Comment

12. Are passwords for server administration accounts different from workstation user accounts for the same users?


Photo Comment

13. Is the Guest Account disabled?


Photo Comment

14. Is access to the "Everyone" group restricted?


Photo Comment

15. Are appropriate user and group accounts created?


Photo Comment

16. Are group access permissions set appropriately?


Photo Comment

17. Are audit logs configured to track unauthorized access to files, systems, folders, or accounts?


Photo Comment

18. Is patch management or scheduled downloading and application of the operating system and security patches in place?


Photo Comment

19. Is Wireless Network security configured properly, including the use of wireless security protocols?


Photo Comment
Workstation Logons

1. Are screen locks enabled on all computers?


Photo Comment

2. Are passwords required on all computers, including for screen lock recovery?


Photo Comment

3. Has two-factor authentication been considered for workstation logons?


Photo Comment

4. Are workstations hardened by removing unnecessary applications and programs?


Photo Comment

5. Is anti-virus software installed, and is circumnavigation of it disabled?


Photo Comment

6. Are anti-virus updates occurring regularly?


Photo Comment

7. Are software updates occurring regularly?


Photo Comment

8. Are operating system and security patches applied regularly?


Photo Comment

9. Are pop-up blockers enabled on workstations?


Photo Comment
Mobile Devices

1. Is there an IT security policy or BYOD (Bring Your Own Device) policy in place for mobile devices used on the network?


Photo Comment

2. Is the enforcement of mobile device policies decided upon and actively enforced?


Photo Comment

3. Are wireless access points secure?


Photo Comment
Network Equipment Security

1. Are audit logs configured to monitor access to network equipment?


Photo Comment

2. Are configuration settings documented in case of failure?


Photo Comment

3. Are user accounts and passwords for accessing network devices documented and stored securely?


Photo Comment

4. Is firmware updated regularly for network equipment?


Photo Comment
Router/Firewall Security

1. Is a firewall in place, and are all public-facing services on a separate network segment or DMZ (e.g. email, FTP, web) for intrusion prevention?


Photo Comment

2. Are all externally sourced IP addresses blocked from accessing the internal LAN, allowing access only to the DMZ?


Photo Comment

3. Are firewall policies configured to deny inbound access to unused ports?


Photo Comment

4. Are firewall policies reviewed regularly for potential security risks?


Photo Comment

5. Is network address translation (NAT) implemented where possible?


Photo Comment

6. Is stateful packet inspection used on the firewall to prevent IP address spoofing and DOS attacks?


Photo Comment

7. Are the router and firewall software updated regularly?


Photo Comment

8. Are the router and firewall firmware updated regularly?


Photo Comment

9. Has penetration testing been considered to identify further weaknesses?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists