Audit a Network Checklist Printable Whitepaper

Audit a Network

Printable Whitepaper
Checklist
 Introduction

What is a Network Audit?

Why Audit a Network?

Benefits of auditing a Network

How often should you audit a network?

What’s covered in
Network Audit Checklist

1. Company Policies

this guide:
2. Password security

3. Network/LAN security

4. Workstations

5. Mobile devices

6. Critical Network Infrastructure

7. Routers/Firewalls
 Auditing a network is a hugely important task for MSPs, IT professionals, and
any other service provider. That’s why we wrote a completely free downloadable

Introduction
checklist on auditing a network.

Our handy checklist will help ensure you’ve got the important aspects of
auditing a network covered.
 Check out our free network onboarding template!

Download our MSP onboarding checklist with a free printable template. Our

Need to onboard a free onboarding template covers everything from A-Z you need to consider
when onboarding a new network. Moreover, it’s very useful for onboarding new

new network? networks.

Read on to learn all about Auditing a Network.

What is
a Network A network audit looks at all networked
systems, devices, processes, and policies to

Audit?
minimize potential issues and risks.

Auditing a network involves several

01.
important components that ensure the
overall security and functionality of the
network infrastructure.
General Auditing: Network Auditing (LAN):

General auditing involves assessing the overall security posture of the network. Network auditing for the local area network (LAN) focuses on assessing the
This includes evaluating the network's architecture, identifying potential security and performance of the internal network infrastructure. This involves
vulnerabilities, and assessing compliance with security policies and standards. It reviewing network segmentation, access control mechanisms, and intrusion
may involve reviewing network diagrams, analyzing network configurations, and detection systems (IDS) or intrusion prevention systems (IPS). Network auditing
conducting interviews with network administrators. also includes analyzing network traffic patterns, monitoring for unauthorized
network access, and identifying any potential network bottlenecks or
performance issues.
Password Security Auditing:

Password security auditing focuses on assessing the strength and effectiveness

Workstation Auditing:
of password policies and practices within the network. It involves reviewing
password complexity requirements, password expiration policies, and the Workstation auditing involves evaluating the security configurations and
implementation of multi-factor authentication (MFA) where applicable. practices of individual workstations within the network. This includes assessing
Password auditing may also include checking for the presence of weak or operating system security settings, patch management, and antivirus/anti-
easily guessable passwords, identifying accounts with excessive privileges, and malware solutions. Workstation auditing may also involve reviewing user
ensuring secure password storage mechanisms are in place. permissions, software installations, and ensuring the presence of host-based
firewalls and intrusion detection software.

Device Auditing:
Mobile Phone Auditing:
Device auditing involves evaluating the security configurations and settings of
network devices such as routers, switches, and access points. This includes Mobile phone auditing focuses on assessing the security of mobile devices
reviewing device configurations to ensure they adhere to security best that connect to the network. This includes evaluating the implementation of
practices, identifying any unnecessary services or ports that could pose mobile device management (MDM) solutions, enforcing strong authentication
security risks, and verifying the implementation of encryption protocols. Device mechanisms, and ensuring devices are running the latest firmware and security
auditing also entails checking for firmware updates and patches to ensure updates. Mobile phone auditing may also involve reviewing app permissions,
devices are running the latest secure versions. data encryption practices, and remote wipe capabilities in case of loss or theft.
Critical Network Infrastructure Auditing:

Critical network infrastructure auditing entails evaluating the security and

availability of essential network components such as servers, firewalls, and
routers. This includes reviewing server configurations, patch management
processes, and access controls. Auditing critical network infrastructure
also involves assessing the firewall rules and policies, reviewing network
segmentation, and ensuring proper logging and monitoring mechanisms are in
place.

Server/Firewall Auditing:

Server and firewall auditing specifically focuses on assessing the security

of servers and firewalls within the network. This includes reviewing server
configurations, hardening practices, and access controls. Firewall auditing
involves evaluating firewall rule sets, checking for any misconfigurations
or vulnerabilities, and ensuring that access control policies are effectively
implemented. Server and firewall auditing may also involve reviewing log files
and monitoring for any suspicious activities or unauthorized access attempts.

By performing comprehensive network audits across these different areas,

organizations can identify potential security weaknesses, ensure compliance
with industry standards, and implement necessary measures to enhance the
overall security and functionality of their network infrastructure.
Why Audit
a Network? If you’re managing a network, you should be
auditing it. Auditing a network will help you
look out for threats and ensure compliance
with processes such as CIS controls.
Additionally, auditing a network can help

02.
with performance and detecting issues too.
Even more importantly, it can help with identifying potential areas of a business
that could be at risk of network security issues and cyber attacks.

Moreover, the entire process of auditing a network will help you identify areas
of the network that need proper practices in place. For example, you may be
missing a BYOD policy or alerts on new devices. Auditing a network will help
you identify your weaknesses and what is missing to further improve your
network management and security processes. Check out our handy document
on CIS controls for more details on this.

Auditing a network gives you an entire picture of your network, policies, and
practices. You can use this picture to identify your strengths and weaknesses
and areas that need improvement.
Benefits of auditing
a Network Auditing a network has many benefits
which are relevant to your organization,
customers, policies and procedures. Here
are some of the benefits of regularly

03.
auditing your networks.
Security Asset Management

IT network audits help identify vulnerabilities and weaknesses in the network IT network audits help organizations maintain an accurate inventory of their
infrastructure, systems, and devices. They’ll also help you identify cyber risks: network assets, including servers, routers, switches, firewalls, and other
malware, spyware, phishing, virus threats. This can be done through regular devices. Audits ensure that assets are adequately documented, including their
risk assessments and by implementing security measures such as firewalls, physical location, ownership, and relevant configurations. This information is
antivirus software, and intrusion detection systems.Additionally, regular audits crucial for effective IT asset management, license compliance, maintenance
of your IT systems and processes help you identify risks to accessing sensitive scheduling, and resource planning.
information and data.

Business Continuity
Compliance/maintaining CIS control
Network audits assess the network's resilience and ability to handle
Many industries and organizations are subject to regulatory requirements unexpected events, such as power outages, hardware failures, or natural
and compliance standards, such as the Health Insurance Portability and disasters. By identifying single points of failure, redundant systems, and backup
Accountability Act (HIPAA), Payment Card Industry Data Security Standard strategies, audits help organizations implement robust business continuity
(PCI DSS), or General Data Protection Regulation (GDPR). IT network audits plans. This ensures critical network services and operations can be quickly
help assess whether the organization's network aligns with these regulations restored, minimizing downtime and potential financial losses.
and standards. Audits provide evidence of compliance and help organizations
avoid penalties, legal issues, and reputational damage associated with non-
compliance. Check out our handy document on CIS controls for more details Risk Management
on this. IT network audits play a crucial role in identifying and managing risks associated
with the network infrastructure. Audits help organizations identify and prioritize
risks, develop mitigation strategies, and establish appropriate risk management
Performance and Efficiency
frameworks by assessing the network's architecture, controls, and processes.
Network audits evaluate the network infrastructure, including hardware, This enables organizations to make informed decisions regarding risk tolerance,
software, configurations, and overall architecture. By assessing network investment in security measures, and overall risk mitigation efforts.
performance, audits identify bottlenecks, congestion points, or outdated
components that may hinder network efficiency. Audits also help optimize
network resources, identify opportunities for improvement, and ensure that the
network meets the organization's performance requirements.
Identify Gaps and Improvements

A regular self-assessment can help you identify areas where you excel and
areas where you could improve. This is crucial to improving your networking
operations over time. A regular self-assessment can also help you review
your current policies and procedures to identify any gaps or areas that need
improvement. You can then work with your team to develop new policies and
procedures.

Ensure Functioning and Set-up

A regular self-assessment will help you make sure that everything on your
network has been set-up correctly and is functioning as it should be. Through
each audit, you’ll really dive into monitoring network traffic, ensuring that all
devices are up-to-date with the latest security patches, and implementing
firewalls and other security measures as part of the process. The end result
is that you can ensure the functioning of a network is still being maintained.
Additionally, you’ll be able to regularly check that everything is set-up correctly.

Overall, IT network audits provide organizations with a comprehensive

assessment of their network infrastructure, security posture, compliance status,
and overall performance. By addressing vulnerabilities, ensuring compliance,
optimizing resources, and managing risks, audits help organizations enhance
their network's reliability, security, and efficiency, ultimately contributing to the
business's overall success.
 How often you audit a network depends on
various factors.

How often should CIS controls recommend having in place

you audit a network?

Continuous Vulnerability Management.
As part of your continuous vulnerability
management, you may set a maximum
threshold for auditing a network. For
example, once every 6 months or on an

04.
annual basis.

Regardless of how frequently you’ve chosen

to audit the networks you’re managing, we
recommend auditing a network regularly
and recurringly.
 MSPs

As an MSP, you may perform network audits to onboard a new network. Then
after, you may perform them regularly for your clients.

Internal IT team

If you are part of an IT team, your team may be tasked with continuously
auditing the networks you manage. This could be a single network or multiple,

Who Performs a depending on the size of an organization.

Network Security Audit? External auditors

Even if you are an MSP or part of an Internal IT team, you may choose to have
an external auditor perform a network audit. Having an extra set of eyes
on everything you’re doing is always a good idea. External auditors will be
thorough and objective. They aren’t familiar with the network and will not have
access to any shortcuts or bypassing of rules because they know the system.
Additionally, often Security Frameworks require the need for external auditors
to validate that your security process is being followed and up to the standards
that you have set.
Network Audit
Checklist To undergo a full network audit, we’ve
compiled a checklist with all the steps you
can follow for each area.

05.
 DESCRIPTION STATUS

1 Company Policies
Network policy - ensure there is a network security policy. If no policy is available, draft one. Include the rights and responsibilities of
all team members, employees, consultants, contractors, and guests in the policy. Review any existing policy and amend it as needed.

Data sharing policy - ensure there is a data sharing policy. If no policy is available, draft one. Review any existing policy and amend it
as needed.

Acceptable use policy - ensure there is an acceptable use policy. If no policy is available, draft one. Review any existing policy and
amend it as needed.

Bring Your Own Device (BYOD) policy - ensure there is a BYOD policy. If no policy is available, draft one. Review any existing policy
and amend it as needed.

Security training - ensure all employees have completed security training and reviewed and accepted all critical documentation: data
sharing, acceptable use, BYOD, etc.

Information sharing training - ensure all employees have completed training on information sharing.

Vendor policy acceptance - review the vendor security agreement. Ensure that all vendors have signed the security agreement.

Data security/breach plan - ensure there is a plan in place for a data or security breach happens. If no plan is drafted, this is a
great time to draft one.
 DESCRIPTION STATUS

2 Password security best practices

Password security policy - ensure there is a written password security policy. If no policy is available, draft one. Review any existing
policy and amend it as needed.

Password training - ensure all users have completed appropriate password training and know the risks.

Inspect physical environments - physically inspect the workstations of employees and check for passwords that
may be written down.

Documenting password requirements - keep a document of password requirements somewhere accessible anytime for all employees.
 DESCRIPTION STATUS

3 Network/LAN Security
Strengthen the internal network servers.

Remove unused and unnecessary services and applications on the network.

Check server permissions - ensure they are appropriate for all users and circumstances.

Remove unnecessary files.

Check to make sure there are no anonymous users. Remove as needed.

Ensure there is a remote administration policy in place. Review and amend as needed.

Disable remote access when it is not needed.

Disable guest access when it is not needed.

Create appropriate AD-privileged user groups. Monitor them as necessary. You can Monitor AD-privileged user groups with Domotz.

Create appropriate Windows GPOs. Monitor them as necessary. You can Monitor Windows GPOs with Domotz.
 DESCRIPTION STATUS

3 Network/LAN Security
Set up Windows security events and monitor them as necessary. You can Monitor Windows security events with Domotz.

Monitor and audit administrator login attempts.

Track access to files/systems/folders/accounts.

Ensure wireless security protocols are configured and in place.

 DESCRIPTION STATUS

4 Workstations
Lock Screen - ensure there is a lock screen on all computers.

Passwords - ensure all computers require passwords.

Implement two-factor authentication where possible.

Remove unnecessary apps and programs from endpoints.

Ensure that anti-virus software is installed and working for each user.

Ensure that RMM software is installed and working for each user.

Ensure that software updates are automatically implemented on workstations through Windows Update Agent (WUA). You can use
Domotz for WUA monitoring.

Ensure that RMM is implementing OS and security patches.

Enable pop-up blockers.

 DESCRIPTION STATUS

5 Mobile Devices
Ensure that you have new device alerts set up on the network. Get real-time alerts when new devices connect. Hint: you
can use Domotz for new device alerts.

Ensure there is a BYOD policy in place. Review any existing policy and amend it as needed.

Secure Wireless Access points.

Enforce the BYOD policy through new device alerts and blocking devices at the firewall level.
 DESCRIPTION STATUS

6 Critical Network Infrastructure

Ensure that critical network infrastructure is being continuously monitored. You can use Domotz for network infrastructure monitoring.

Ensure network configuration management is in place for critical network infrastructure where possible. You can use Domotz for
network configuration management.

Ensure that firmware upgrades occur regularly.

Document network configurations. You can also use Domotz to back up/restore your network appliance configurations.

Document network topology. You can use Domotz for automated network topology mapping.

Document user accounts and passwords.

Perform LAN perimeter scans and external WAN perimeter scans. You can use Domotz for your LAN/WAN scans.
 DESCRIPTION STATUS

7 Routers/Firewalls
Ensure a firewall is being used.

Ensure all public-facing services are segmented.

Ensure that all external IP addresses are not allowed on the LAN and only on the segmented network.

Configure firewall policies. You can also monitor firewall policies with Domotz using our pre-configured SNMP templates for
Watchguard, Sophos, and Fortinet.

Scan for opened ports and close them as needed. You can use Domotz TCP Open Port Scanner for this.

Identify whether UPnP is enabled on the Router / Modem and whether any device on the network is leveraging UPnP to open ports
and redirect the traffic. You can use Domotz network security scanner for this.

Deny inbound access to unused ports.

Review firewall policies and identify any risks.

Implement NAT configuration where possible.

 DESCRIPTION STATUS

7 Routers/Firewalls
Implement packet inspection of network traffic where possible.

Use network configuration management for router and firewall. Ensure firmware and software are updated regularly and automatically
where possible. You can use Domotz for network configuration management.

Perform penetration tests to identify further weaknesses.

www.domotz.com