Tuesday, March 26, 2013

Network Questionnaire for Network Administrators (IT Audit)

Example network questionnaire for Network Administrators:

General

1. Please provide an organization chart(s) for all personnel who will be involved with this audit.
2. Please provide a list of contacts.  This list should include the person's name, telephone number, e-mail address, room number, and job description (Ex. UNIX System administrator).
3. Please provide network drawings identifying all firewalls, 
routers, switches, wireless products and other network infrastructure components.
4. Please provide a list of network infrastructure components (firewalls, routers, switches, wireless products, etc).  The list should include the network infrastructure component's name, IP address, manufacture, model number, location, asset owner and IT contact / administrator.
5. Please provide a list of all Internet and third-party connections within your environment.






Routers 
1. Who owns and manages your routers? 
2. Please add to the network component listing the router's operating system version number.
3. For routers providing connectivity to third-party locations, please provide documentation for all tunnels or ACLs configured in each router. 
4. If third-party connections exist, please provide or describe your procedures for reviewing the access-control lists or tunnels with customers.  Also, indicate the frequency of these reviews.
5. Please provide or describe your policies and procedures for router access authentication.  In other words, what is the process for determining who can access or change the router configuration?
6. Please provide a list of people who know the built-in passwords. Please provide or describe your procedures to change the router's administrator password when someone who knows the passwords leaves the group.
7. Is each router covered by a maintenance agreement?  If yes, please describe who is providing the maintenance and the outage response times (either on-site arrival time or replacing broken hardware).
8. Does the maintenance agreement cover software upgrades?  If yes, how is the new software obtained?
9. How do you learn of new releases, service packs or hot-fixes?
10. What are your policies and procedures for installing / upgrading new software releases?  Are these new releases tested before they are put into production? What are your change control procedures for installing new releases, service packs or hot-fixes?
11. Is spare router equipment available?  Please describe.
12. Is a network management station or some other device monitoring the routers?  If yes, please describe.
    13. Are system and configuration router manuals available?  If yes, where are they located?  
14. Are router events logs being reviewed?  If yes, by whom and what is the frequency of review?   Please describe the process.
15. Are backup copies of the router configuration files stored outside of the router? If yes, where are these files stored - please provide the system name, folder or directory and location?  Also, please provide a contact for this storage system. 
16. Are the routers connected to an UPS system? 





Switches 

1. Who owns and manages your switches?
2. Please add to the network component listing the operating system version number.
3. Please provide or describe your policies and procedures for switch access authentication.  In other words, what is the process for determining who can access or change the switch configuration?
4. Please provide a list of people who know the built-in passwords. Please provide or describe your procedures to change the switch's administrator password when someone who knows the password leaves the group.
5. Is each switch covered by a maintenance agreement?  If yes, please describe who is providing the maintenance and the outage response times (either on-site arrival time or replacing broken hardware).
6. Does the maintenance agreement cover software upgrades?  If yes, how is the new software obtained?
7. How do you learn of new releases, service packs or hot-fixes?
8. What are your policies and procedures for installing / upgrading new software releases?  Are these new releases tested before they are put into production?  What are your change control procedures for installing new releases, service packs or hot-fixes?
9. Is spare switch equipment available?  Please describe.
10. Is a network management station or some other device monitoring the switches? If yes, please describe.
     11. Are system and configuration switch manuals available?  If yes, where are they located? 
12. Are backup copies of the switch configuration files stored outside of the switch? If yes, where are these files stored - please provide the system name, folder or directory and location?  Also, please provide a contact for this system. 

Note: A full audit of the network system will identify where improvements can be made that will have a positive effect on the business:)

No comments: