This is a supplementary resource for our Best Practices for End-to-End Network Security Webinar which aired on 6/25/2015. The following link is a replay of that webinar. The Network Security Audit/Checklist is shown below.
If you have any questions, please contact us at:
(650) 385-8702 | firstname.lastname@example.org
- There is no magic silver bullet that fixes all the security vulnerabilities.
- Security protection is not a “once and done” thing. It is a process that needs to be continuously evaluated, updated and implemented.
- Think about security holistically – protect against all four vulnerability areas, not just the technology aspect of it.
- Think about security protection in layers – some things are basic, some more intermediate, and some advanced. Some things should be done now before other things can be done.
When approaching problems and searching for solutions consider people, processes, and technologies.
- People – Who has access? Are they educated about best safety practices? Should I only give them limited access?
- Processes – annual security audit, update firmware, update passwords, enforce policies
- Technologies – hardware, software, applications
Network Security Audit/Checklist – Beginning
- Review inventory against last recorded list of equipment. Verify brand, model, serial number, MAC address and IP address (if known) of equipment.
- For equipment added since your last visit (that is not on your list), record brand, model, serial number, MAC address, IP address (if known), and what port it is connected to.
- Review your port list, and verify that the port/device are unchanged. If they have been changed, record it and check to see if it is on the proper VLAN.
- If this is the first time making an audit, record the following:
- Device type, brand, model, serial number, MAC address
- What network device it is connected to, port on network device it is connected to, VLAN device is on, IP address
- Firmware version
- Location and wall port reference number
- Date of audit
- Check and update firmware on equipment as necessary.
- Review the list of latest firmware versions available on the Pakedge dealer portal (for Pakedge network equipment only).
- If there is no firmware update and equipment is known to be vulnerable, replace equipment with newer model.
- Check and review hardware. Replace with new equipment if functionality requires it, if it is obsolete from a security perspective, or if support is no longer provided by manufacturer.
- Check wall ports and unused ports in network equipment. Verify that they are connected to what you expected or to devices that were on your last documented list. Verify no new devices on unused ports.
- Update website access control lists (whitelists, blacklists) as necessary.
- Block unauthorized devices.Scan and identify wireless network for “rogue” devices and block access to network.
- Update port forwarding.Review, add and remove devices that require port forwarding as needed.
- Update Dynamic DNS (including Pakedge DNS) as needed.
- Update Demilitarized Zones (DMZ). For routers with DMZ capabilities, review and update any devices to be placed in the DMZ.
- Scan the network for unauthorized or rogue devices. Remove or block as necessary.
- Disable unused ports. Switches, routers and wall ports.
- Password protect sensitive files and folders. Review and identify files that are sensitive, and compartmentalize those to protected storage devices. Encrypt and password protect those files. Move them over to removable storage device that can be disconnected from the main network as needed.
Usernames and Passwords. Review User Administrator Profile information on devices (routers, switches, access points) and update your security on your devices (i.e. username and password information)
- On 60C and/or 60D router models: verify that User section only has needed User Profiles set up for SSL & PPTP access.
- On WAPs – update passwords as needed.
- Guest networks (wired and wireless) – update guest network username and passwords.
- Update VPN policies and passwords (as needed).
Verify devices connected to guest networks. Confirm that devices meant for guest usage (desktop computers, terminals, televisions, etc.) are still connected to the designated guest ports. If those devices have changed locations, it may be necessary to reassign the ports or update the wiring connection at the switch to the guest ports.
- Determine if guest access is necessary. If not needed, disable guest access.
- Review firewall configurations and reports. Re-subscribe to existing anti-virus, intrusion protection and other security management services (if needed).
- Discuss security network upgrade needs with customer, including:
- Is there any consumer grade equipment in network that may require upgrading for better and scalable and performance, security or increased reliability?
- Will the site be expanding in the next six months? Any construction planned?
- Will the network be supporting more devices in the next six months?
- If there have been more wireless devices being used, consider upgrading to later model WAPsto support the increased wireless connectivity needs.
- Project may need to utilize multiple VLANs – evaluate a change to managed switches if there is multiple home automation systems and devices integrated into the network.
- Discuss network security maintenance needs and planning with customer:
- Review checkup results with customer
- Discuss any security monitoring and maintenance needs, including any automated monitoring needs (with BakPak Cloud Management System).
- Develop, update and add security audits and checks to your network monitoring and maintenance plan.