NETWORK AUDIT CHECKLIST

AUDIT PHASE DESCRIPTION NOTES\ACTIONS

Planning phase Hold meetings to discuss customer objectives: Discussions must be
held on a regular basis to discuss business objectives, customer
expectations, and any known issues.
Customer meeting to discuss scope: Understanding the customer's
business objectives and document any known issues.
Scope and schedule: This includes documenting the customer scope
to be assessed and the customer NDA (a non-disclosure agreement is
a legal requirement for conducting the assessment and signing the
master services agreement).

Design and architecture review
Network overview architecture: Conduct reviews for the modularity,
scalability, and capabilities of the network.
Traffic flow: Assess the application's traffic flow, data center, internet
edges, client access, WAN, cloud, and so on.
Services and OLAs: Assessment of high availability, if Operational-
Level Agreements (OLAs)/Service Level of Agreements (SLAs) have
been defined. MPLS/VPN service: Remote office and client access
capabilities.
QoS Standards: Deployment methods used.
Layer 2 optimization: Assess spanning tree security/optimization and
distributed layer 2 attributes.
Layer 3 routing: Review that the routing is dynamic, optimized, and
secure.

Physical inventory It includes the following:

Hardware inventory spreadsheet: Document and review physical
hardware inventory and serial numbers if possible
Layer 1-2 diagrams/documentation: Assessment with respect to
physical interconnectivity
Layer 3 diagrams/documentation: Assessment with respect to routing
connectivity, gateway management, summarization, and route
entrances/exits Rack elevation diagrams/documentation: Assessment
of the physical rack diagrams
Environmental capabilities: Power, cooling, cable management, and
so on

Network infrastructure security This includes the following:

Misconfiguration or design flaws: Assess and review all the
configurations of the network devices, such as firewall design review,
IDS/IPS, and switches.
Weak authentication or encryption protocols: Review VPN, wireless,
and 802.1x authentication methods.
Centralized authentication, authorization, and accounting.
Attack Awareness (IPS/IDS): Assess the IPS/IDS design and conduct a
log review.
Control plane policing/security: Attributes such as infrastructure
device access, CoPP, and rogue detection (both wired and wireless).
Infrastructure physical security: Review policies and the
implementation of cameras, locks, and restricted physical access.

Infrastructure for monitoring and management They include the following:

Central monitoring/alerting capabilities: Assessment of management
platform utilization/capabilities
Syslog capabilities: Assessment of controls, retention, and
management
Host-end monitoring/management: Assessment of host
detection/monitoring Software management: Assessment of
deployment processes for upgrades/patches
Configuration validation capabilities: Assessment of the lab
environment EOL/EOS hardware and licensing: Assessment of the
process for life cycle and licensing compliance

Configuration management The focus here is on attributes such as backup, automation, and
change management:

Centralized configuration backup and automation: Review

configuration backups and automation capabilities.

Configuration change management workflow: Assess change control

management.

Performance monitoring and analysis This includes the following:

Netflow and packet capture capabilities: Assess bandwidth planning
and packet capture capabilities.

Network performance capabilities: Assessment of L4-L7 visibility and

baseline
Documentation The documentation includes the following:
Executive summary documentation: Review the overall summary
review.
Principle architect review: Review architecture-engineering
documentations. Detailed documentation book/audit report:
Everything gathered in a single place.