100 Network Assessment Checklist

in

  1. Unique user ID and confidential password required    
  2. Additional identification required for remote access
  3. "Help" screen access available to logged-on users only
  4. Last session date and time message back to user at sign-on time
  5. Exception reports for disruptions in either input or output
  6. Session numbers for users/processors that are not constantly logged in
  7. Notification to users of possible duplicate messages
  8. Threshold of errors and consequential retransmission on the network related to management via automatic alarms
  9. Encryption requirements    
  10. Encryption key management controls
  11. Message Authentication Code requirements for nonencrypted sensitive data transmission
  12. System authentication at session start-up (wiretap controls)
  13. Confirmation of host log-off to prevent line grabbing
  14. Downloading controls for connected intelligent workstations
  15. User priority designation process
  16. Transaction handling for classified communications
  17. Trace and snapshot facilities requirements
  18. Log requirements for sensitive messages
  19. Alternate path requirements between nodes
  20. Contingency plans for hardware as well as all usual system requirements
  21. Storage of critical messages in redundant locations
  22. Packet recovery requirements
  23. Physical access for workstations when units are not in use
  24. Control units, hubs, routers, cabinets secured
  25. Environmental control critical requirements
  26. Segregation for sections of the network that are deemed "untrustworthy"
  27. Gateway identification for authorized nodes
  28. Automatic disable of a user/account, line or port if evidence an attack is underway
  29. Naming convention to distinguish test messages from production
  30. User switching application controls
  31. Time-out reauthorization requirements
  32. Password changes (time/length/history) requirements
  33. Encryption requirements for passwords, security parameters, encryption keys, tables, etc.
  34. Shielding requirements for fiber-optic lines
  35. Controls to prevent wiretapping
  36. Reporting procedures for all interrupted telecommunication sessions
  37. Identification requirements for station/ terminal access connection to network
  38. Printer control requirements for classified information
  39. Appropriate "welcome" connection screens
  40. Dial-up access control procedures
  41. Anti-daemon dialer controls
  42. Standards for equipment, applications, protocols, operating environment
  43. Help desk procedures and telephone numbers
  44. Protocol converters and access method converters dynamic change control requirements
  45. LAN administrator responsibilities
  46. Control requirements to add nodes to the network
  47. Telephone number change requirements
  48. Automatic sign-on controls
  49. Telephone trace requirements
  50. FTP access controlled
  51. Are patches tested and applied?
  52. Software distribution current
  53. Employee policy awareness
  54. Emergency incident response plan/procedure
  55. Internal applications control
  56. Proper control of the development environment
  57. Software licensing compliance review
  58. Portable device (laptop/notebook/PDA) handling procedures
  59. Storage and disposal of sensitive data/information
  60. Default password controls and settings
  61. Review of off-site storage for disaster recovery resources
  62. Unnecessary services disabled
  63. Client server data transfer analyzed and secured
  64. Restrict telnet and r-commands (rlogin, rsh, etc.)
  65. Configuration management procedures
  66. Tracking port scans
  67. Review monitoring responsibilities
  68. Separation between test and production environment
  69. Strong dial-in authentication
  70. System administrator training
  71. Voice system protection procedures
  72. Tunneling for all remote access (inbound or outbound)
  73. Encryption of laptops
  74. Management awareness
  75. Program and system change control procedures
  76. Open "inbound" modem access for vendor support
  77. Modem usage policy
  78. Incident event coordination (procedures)
  79. Intrusion detection system (IDS) implementation and monitoring
  80. Monitoring Web site from attack (internal and external)
  81. Domain Name Server monitoring
  82. Hardware maintenance requirements
  83. Hard drive repair, maintenance, and disposal procedures
  84. BIOS (Basic Input/Output System) boot order
  85. E-mail content policy and monitoring
  86. E-mail forwarding policy (hopping)
  87. Spamming controls and testing procedures
  88. Employee termination and credential disablement
  89. After-hours sign-in logs
  90. Network sniffer policy, procedures, and monitoring
  91. Validity of e-mail accounts
  92. Background checks before hiring
  93. Administrator accounts and password controls
  94. Time synchronization procedures
  95. Establishment of a Security Committee
  96. Testing process for LAN applications
  97. Business unit security person designated
  98. Log and review of all Administrator changes
  99. Review and resolution of past audit comments
  100. Audit logs secured

Source: Managing a Network Vulnerability Assessment  by Thomas R. Peltier, Justin Peltier and John A. Blackley ISBN:0849312701  Auerbach Publications © 2003
 


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket

Trackback URL for this post:

http://www.securityprocedure.com/trackback/131
  • 261 reads