Introduction to Network Security Audit Checklist:

Network Security Audit Checklist - Process Street

This Process Street network security audit checklist is engineered to be used to assist a risk manager or equivalent IT professional in assessing a network for security vulnerabilities.

This specific process is designed for use by large organizations to do their own audits in-house as part of an ongoing risk management strategy. However, the process could also be used by IT consultancy companies or similar in order to provide client services and perform audits externally.

This Process Street network security audit checklist is completely editable allowing you to add or remove steps and the content of steps in order to suit the specific needs of your business.

Throughout the checklist, you will find form fields where you can record your data as you go. All information entered within the form fields on a Process Street checklist is then stored in a drag-and-drop spreadsheet view found within the template overview tab. This spreadsheet allows you to record information over time for future reference or analysis and can also be downloaded as a CSV file.

This security audit is engineered to provide a global overview of the needs of the network, yet you might find that within certain tasks there is space for a further process or need for a process. If you wish to add a further series of steps within a task, you can use our sub-checklist widget to provide a run through of how to tackle a specific overall task. Alternatively, if you require an independent process, you can simply make one within Process Street and link back to it within this template.

If you want a short introduction to network security audits you can watch the video below:

What is an IT Security Audit - Connect4 Growth

Record the audit details

Use the form fields to record the checklist information.

Make sure all procedures are well documented

Recording internal procedures is crucial. In an audit, you can review these procedures to know how people are interacting with the systems. These procedures can also be analyzed in order to find systematic faults in how a company interacts with its network. 

Make sure you review the internal procedures for their suitability. 

Review the procedure management system

There should be evidence that employees have followed the procedures. There is no point having a procedures manual if no one follows it. 

Review the management system and review the activity logs to see whether procedures have been adequately followed. 

If there is no procedure management system in place, consider looking to implement a SaaS product like Process Street.

Assess training logs and processes

All employees should have been trained. Training is the first step to overcoming human error within your organization. 

At a minimum, employees should be able to identify phishing attempts and should have a password management process in place.

Assess the scope and depth of the training processes and make sure they are mandatory for all staff. 

Review security patches for software used on the network

Look at the different software used across the network. 

Make a long list of each one and investigate each.

  • What version do you have?
  • When did you install your last update?
  • What is the current version available from the provider?

Make sure your software is up to date. 

Use the form field below for any notes.

Check the penetration testing process and policy

Penetration testing is one of the key methods of locating vulnerability within a network. 

Review the current pen-testing methods and assess the process in which they're employed. 

If you want to build a new penetration testing process, you can start by reviewing our Process Street Penetration Testing checklist. 

Leave notes on the pen-testing below. 

Test software which deals with sensitive information

This form of testing employs two strategies often used within a penetration test:

  • Static testing
  • Dynamic testing

Static tools are more comprehensive and review the code for a program while it is in a non-running state. This gives you a solid overview of any vulnerabilities that might be present. 

Dynamic testing is a more tailored approach which tests the code while the program is active. This can often discover flaws which the static testing struggles to uncover. 

Use the form field to record any notes:

Look for holes in the firewall or intrusion prevention systems

Assess the effectiveness of your firewall by reviewing the rules and permissions you currently have set.

Often, holes in a firewall are intentionally created for a reasonable purpose - people just forget to close them back up again afterward.

Review the rules, permissions, and logs to find any unnecessary holes.

Make sure sensitive data is stored separately

Social security numbers or medical records should be stored in a different location with differing levels of access to other less personal data. 

Make sure access logs are in place for this data and are maintained.

Check the policy determining the methodology for classifying and storing sensitive data is fit for purpose.

You can also consider employing a privileged password management process for highly sensitive data. 

Encrypt company laptop hard disks

Sensitive data should ideally never be stored on a laptop. However, often laptops are the focus on many people's work lives so it is important to be able to account for them.

Less sensitive data which may be stored on a laptop can be encrypted to provide increased security.

You can review different options available here: Best Encryption Software 2017

Check wireless networks are secured

It is important to try to use up to date technology to secure your networks, otherwise, you leave them vulnerable. Avoid WEP or WPA and make sure networks are using WPA2.

Make sure all equipment on the network can support WPA2, or upgrade the equipment. 

Use the form field below to record any equipment which may need upgrading.

Scan for unauthorized access points

There may be access points present which differ from what you expect to find. 

For example, when scanning for access points you may be looking at the 2.4 GHz band - the band your corporate WLAN might use. 

However, it is possible that someone could set up access points not on that band. If you scan only the 2.4 GHz band you could miss access points which have been installed on a 5 GHz band

It is important to make sure your scan is comprehensive enough to locate all potential access points. 

Use the form fields below to record your findings.

Review the process for monitoring event logs

Most problems come as a result of human error. In this case, we need to make sure there is a comprehensive process in place for dealing with the monitoring of event logs. 

One option is to have a regularly occurring process in place which makes sure the logs are checked on a consistent basis.

To help you with this process, it's recommended to use Security Incident and Event Management software. 

You can find a selection of options here: Top 22 Security and Event Management Software 2017.

Or you can watch this video below for an introduction.

Security Information and Event Management

Compile your report and send it to the relevant people

Once you have completed your report, you can compile it and use the form fields below to upload the report and to send a copy of the report to the relevant stakeholders. 

Sources:

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.