Velocity Reviews - Network Security Audit

sample Audit questionnaire...

Routers
1. Who owns and manages your routers?
2. Please add to the network component listing the router's operating system version number.
3. For routers providing connectivity to third-party locations, please provide documentation for all tunnels or ACLs configured in each router.
4. If third-party connections exist, please provide or describe your procedures for reviewing the access-control lists or tunnels with customers. Also, indicate the frequency of these reviews.
5. Please provide or describe your policies and procedures for router access authentication. In other words, what is the process for determining who can access or change the router configuration?
6. Please provide a list of people who know the built-in passwords. Please provide or describe your procedures to change the router's administrator password when someone who knows the passwords leaves the group.
7. Is each router covered by a maintenance agreement? If yes, please describe who is providing the maintenance and the outage response times (either on-site arrival time or replacing broken hardware).
8. Does the maintenance agreement cover software upgrades? If yes, how is the new software obtained?
9. How do you learn of new releases, service packs or hot-fixes?