6.3: Auditing Network Infrastructure Flashcards

1
Q

Auditing Network infrastructure includes:

A
  • Enterprise architecture
  • Network architecture
  • Security architecture
  • Standards
  • Change management
  • Capacity Management
  • Configuration Management
  • Administrative access management
  • Network components
  • Log management
  • User access management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Examine SECURITY ARCHITECTURE of Network infrastructure

A

Examine security architecture documents, including critical and sensitive data flows, network security zones, access control devices and systems, security countermeasures, intrusion detection systems, firewalls, screening routers, gateways, anti-malware, and security monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Examine STANDARDS of Network infrastructure

A

Examine standards documents and determine whether they are reasonable and current. Examine a sample of devices to see whether they conform to these standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Examine CHANGE MANAGEMENT of Network infrastructure

A

All changes to network devices and services should be governed by a change management process. Auditor should review change management procedures and records, and examine a sample of devices and systems to ensure that changes are being performed within change management policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examine CONFIGURATION MANAGEMENT of Network infrastructure

A

Determine whether any configuration management standards, procedures, and record exist are used. Examine the configuration of a sampling to see whether configurations are consistent from device to device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Examine ADMINISTRATIVE ACCESS MANAGEMENT of Network infrastructure

A

Examine access management procedures, record, and configurations to see whether only authorized persons are able to ACCESS and MANAGE network devices and services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Examine NETWORK COMPONENTS of Network infrastructure

A

Examine several components and their configuration to determine how well the organization has contracted its network infrastructure to support business objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Examine LOG MANAGEMENT of Network infrastructure

A

Determine whether administrative activities performed on network devices and services are logged. Examine the configuration of logs to see if they can be altered. Examine logs to determine whether any unauthorized activity are taking place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Examine USER ACCESS MANAGEMENT of Network infrastructure

A

Examine user ID convention, password controls, inactivity locking, user account provisioning, user account termination, and password reset procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly