Network Security Audit Checklist

This Process Street network security audit checklist is engineered to be used to assist a risk manager or equivalent IT professional in assessing a network for security vulnerabilities.

This specific process is designed for use by large organizations to do their own audits in-house as part of an ongoing risk management strategy. However, the process could also be used by IT consultancy companies or similar in order to provide client services and perform audits externally.

This Process Street network security audit checklist is completely editable allowing you to add or remove steps and the content of steps in order to suit the specific needs of your business.

Throughout the checklist, you will find form fields where you can record your data as you go. All information entered within the form fields on a Process Street checklist is then stored in a drag-and-drop spreadsheet view found within the template overview tab. This spreadsheet allows you to record information over time for future reference or analysis and can also be downloaded as a CSV file.

This security audit is engineered to provide a global overview of the needs of the network, yet you might find that within certain tasks there is space for a further process or need for a process. If you wish to add a further series of steps within a task, you can use our sub-checklist widget to provide a run through of how to tackle a specific overall task. Alternatively, if you require an independent process, you can simply make one within Process Street and link back to it within this template.

If you want a short introduction to network security audits you can watch the video below:

Use the form fields to record the checklist information.

Audit review

Some tasks in this Network Security Audit Checklist need to be reviewed and approved by the relevant personnel in your team. Please fill out the details of the required approver below

Recording internal procedures is crucial. In an audit, you can review these procedures to know how people are interacting with the systems. These procedures can also be analyzed in order to find systematic faults in how a company interacts with its network. 

Make sure you review the internal procedures for their suitability. 

There should be evidence that employees have followed the procedures. There is no point having a procedures manual if no one follows it. 

Review the management system and review the activity logs to see whether procedures have been adequately followed. 

If there is no procedure management system in place, consider looking to implement a SaaS product like Process Street.

All employees should have been trained. Training is the first step to overcoming human error within your organization. 

At a minimum, employees should be able to identify phishing attempts and should have a password management process in place.

Assess the scope and depth of the training processes and make sure they are mandatory for all staff. 

Look at the different software used across the network. 

Make a long list of each one and investigate each.

• What version do you have?
• When did you install your last update?
• What is the current version available from the provider?

Make sure your software is up to date. 

Use the form field below for any notes.

Penetration testing is one of the key methods of locating vulnerability within a network. 

Review the current pen-testing methods and assess the process in which they're employed. 

If you want to build a new penetration testing process, you can start by reviewing our Process Street Penetration Testing checklist. 

Leave notes on the pen-testing below. 

This form of testing employs two strategies often used within a penetration test:

• Static testing
• Dynamic testing

Static tools are more comprehensive and review the code for a program while it is in a non-running state. This gives you a solid overview of any vulnerabilities that might be present. 

Dynamic testing is a more tailored approach which tests the code while the program is active. This can often discover flaws which the static testing struggles to uncover. 

Use the form field to record any notes:

Assess the effectiveness of your firewall by reviewing the rules and permissions you currently have set.

Often, holes in a firewall are intentionally created for a reasonable purpose - people just forget to close them back up again afterward.

Review the rules, permissions, and logs to find any unnecessary holes.

Social security numbers or medical records should be stored in a different location with differing levels of access to other less personal data. 

Make sure access logs are in place for this data and are maintained.

Check the policy determining the methodology for classifying and storing sensitive data is fit for purpose.

You can also consider employing a privileged password management process for highly sensitive data. 

Sensitive data should ideally never be stored on a laptop. However, often laptops are the focus on many people's work lives so it is important to be able to account for them.

Less sensitive data which may be stored on a laptop can be encrypted to provide increased security.

You can review different options available here: Best Encryption Software 2017

It is important to try to use up to date technology to secure your networks, otherwise, you leave them vulnerable. Avoid WEP or WPA and make sure networks are using WPA2.

Make sure all equipment on the network can support WPA2, or upgrade the equipment. 

Use the form field below to record any equipment which may need upgrading.

There may be access points present which differ from what you expect to find. 

For example, when scanning for access points you may be looking at the 2.4 GHz band - the band your corporate WLAN might use. 

However, it is possible that someone could set up access points not on that band. If you scan only the 2.4 GHz band you could miss access points which have been installed on a 5 GHz band. 

It is important to make sure your scan is comprehensive enough to locate all potential access points. 

Use the form fields below to record your findings.

Most problems come as a result of human error. In this case, we need to make sure there is a comprehensive process in place for dealing with the monitoring of event logs. 

One option is to have a regularly occurring process in place which makes sure the logs are checked on a consistent basis.

To help you with this process, it's recommended to use Security Incident and Event Management software. 

You can find a selection of options here: Top 22 Security and Event Management Software 2017.

Or you can watch this video below for an introduction.

Once you have completed your report, you can compile it and use the form fields below to upload the report.

You report then has to be reviwed and approved by the relevant personnel before you can continue and send the report to the relevant stakeholders.

Send your report to the relevant stakeholders using the email widget below.

• The Ultimate Network Security Checklist - TechTalk
• How to Perform a Network Security Audit for Customers - TechTarget
• Network Security Checklist - Cisco
• 6 Things to Include in Your Network Audit Checklist - TTI
• Network Security Checklist - Checklist
• Network Security Management - Process Street

• Privileged Password Management
• Network Administrator Daily Tasks
• Network Security Audit Checklist
• Firewall Audit Checklist
• VPN Configuration
• Apache Server Setup
• Email Server Security
• Penetration Testing
• Inventory Management Process
• Network Security Management
• Client Data Backup Best Practices
• Computer Maintenance Guide
• Server Setup Process
• Virtual Private Server Setup
• IT Support Process
• Helpdesk Management
• Server Maintenance
• Server Security
• Information Security Incident Response
• SQL Server Audit Checklist