Audit and Assurance

Expand all | Collapse all

Routers and switches audit program

  • 1.  Routers and switches audit program

    Posted 14 Jan, 2020 07:35
    Hi all,

    Please can you help with the below query.

    What are the key points to review with respect to routers and switches?

    Does anyone have a routers and switches audit program?

    ------------------------------
    Vikram Raghuveer
    Manager-IT and internal audits
    ------------------------------


  • 2.  RE: Routers and switches audit program

    Posted 15 Jan, 2020 08:13
    Dear Vikram 

    I found CIS Center for Internet Security site helpful. It has most of the benchmarks.

     https://www.cisecurity.org/cis-benchmarks/

    Look for Network Devices If anyone has something better can advise




    ------------------------------
    Rita Kobusinge
    MANAGER SYSTEMS AUDIT
    ------------------------------



  • 3.  RE: Routers and switches audit program

    Posted 16 Jan, 2020 04:32
    @Rita Kobusinge Thank you.​​

    ------------------------------
    Vikram Raghuveer
    Manager-IT and internal audits
    ------------------------------



  • 4.  RE: Routers and switches audit program

    Posted 15 Jan, 2020 09:55
    Hi Vikram,

    Similar discussion on below page.

    https://engage.isaca.org/communities/community-home/digestviewer/viewthread?MessageKey=9dd0ab2f-eaab-4219-8291-a006973deb01&CommunityKey=b4f0c214-8b78-4359-8bd0-8f0e7382b68a&tab=digestviewer#bm9dd0ab2f-eaab-4219-8291-a006973deb01

    ------------------------------
    D Anand
    ------------------------------



  • 5.  RE: Routers and switches audit program

    Posted 16 Jan, 2020 04:33
    @Anand D Thank you​​

    ------------------------------
    Vikram Raghuveer
    Manager-IT and internal audits
    ------------------------------



  • 6.  RE: Routers and switches audit program

    Posted 15 Jan, 2020 13:57
    Hi Vikram.  I would agree with Rita to leverage the CIS benchmarks.  Also, here are two links that help summarize key points:
    • https://searchsecurity.techtarget.com/tip/Week-46-Router-security-tips
    • https://searchsecurity.techtarget.com/tip/Week-47-Switch-security-tips


    ------------------------------
    Dominic Pasqualino
    Director, ISACA Philadelphia Chapter
    ------------------------------



  • 7.  RE: Routers and switches audit program

    Posted 16 Jan, 2020 04:34
    @Dominic Pasqualino Thank you.​​​

    ------------------------------
    Vikram Raghuveer
    Manager-IT and internal audits
    ------------------------------



  • 8.  RE: Routers and switches audit program

    Posted 23 Jan, 2020 13:17
    Dear Vikram, in addition of benchmarks, some times I used Nessus with credentialed to analyze the compliance with guidelines.

    ------------------------------
    Alejandro Ramírez Muñoz
    Information Security Auditor
    ------------------------------



  • 9.  RE: Routers and switches audit program

    Posted 23 Jan, 2020 19:40
    Rules are major areas that often have lacuna.

    Check ACL's
    Routing Rules
    Port Mapping in Switch

    All go by top down approach is applying the rules mentioned, ie if the allow comes first then followed by deny, the allow with work and deny will be ignored.

    hope this gives you a insight

    ------------------------------
    Arvind GK
    IT Consultant
    (CISM,CEH,)CCNA,ITIL, SCSA,SCNA etc..
    ------------------------------