AUDITING ROUTERS,

SWITCHES, AND
FIREWALLS
OLEH:
TOPAN S.P (2.22.12.0006)
&

AUDITING ROUTERS, SWITCHES, AND

FIREWALLS
The network is the fundamental backdrop of your IT operations infrastructure,
allowing data to transverse between users, data storage, and data processing.
Routers, switches, and firewalls work together to enable data transfer while protecting
networks, data, and end users. This chapter discusses how to review these critical
pieces of your infrastructure while helping you to do the following:
Unravel the complexity of network equipment.
Understand critical network controls.
Review specific controls for routers, switches, and firewalls.

ROUTERS? SWITCHES? FIREWALLS?

BACKGROUND

Routers, switches, and firewalls join and protect our networks,

but how did we end up with this interconnected network of
devices?
It started in 1962, when Paul Baran of the RAND Corporation was
commissioned by the U.S. Air Force to study how to maintain
control over aircraft and nuclear weapons after a nuclear attack.
This project was primarily meant to be a military network that
would allow the armed forces to maintain communication with
other commands throughout the United States in the event of a
catastrophe. The new network carried the objective of allowing
the armed forces to maintain control of nuclear weapons needed
to launch a counterattack.

NETWORK AUDITING ESSENTIALS

Networks enable hosts to communicate using specialized
hardware optimized for delivering data from one host to another.
Fundamentally, the hardware is a computer running an
operating system designed to move data. Network devices such
as routers, switches, and firewalls have the basic components
you would find in your typical server, except they are highly
customized. These devices contain specialized processors with
embedded instructions designed to process data movement in a
fast and efficient manner. They also have memory, an operating
system, and a means for configuring the device.

Lets start our review of network auditing essentials with a

discussion covering protocols and the International Standards
Organizations (ISO)Open System Interconnection(OSI) model
to gain a better understanding of routers, switches, and
firewalls. This review will help you work with your network team
to audit your networking environment. We will stick to simple
analogies and examples while avoiding complex issues. It can
take years to master advanced networking concepts. The
purpose of this section is to help an auditor whos completely
new to networking quickly understand the differences between
how routers, switches, and firewalls work.

PROTOCOLS
Hosts communicate with each other by first using a common
language, or protocol. The hardware and software that
handles the communication has to know how to communicate
among the different devices on the network. Protocols define
rules by which devices agree for communication. A simple
analogy might be a friend who speaks in a different language.
For example, if my friend speaks only French, I will either
agree to speak in French or use an interpreter (called a
gateway in network parlance) to communicate with my friend.

OSI MODEL
The seven-layer OSI model describes how data
moves from one system to another system. This
model helps describe how to build applications,
protocols, and equipment that move data from
your application to the physical wire, across
hundreds or thousands of miles, to an
application on the other side.

ROUTERS AND SWITCHES

Two key hardware components of

networks are switches and routers.
Lets take a step back and discuss
routers and switches, starting with
an analogy.

AN OVERSIMPLIFIED SWITCHING AND

ROUTING ANALOGY

AUDITING SWITCHES, ROUTERS, AND

1.
Review
controls
around
developing
and
maintaining
FIREWALLS
configurations.

2. Ensure that appropriate controls are in place for any

vulnerabilities associated with the current software version. These
controls might include software updates, configuration changes, or
other compensating controls.
3. Verify that all unnecessary services are disabled.
4. Ensure that good SNMP management practices are followed.
5. Review and evaluate procedures for creating user accounts and
ensuring that accounts are created only when theres a legitimate
business need. Also review and evaluate processes for ensuring that
accounts are removed or disabled in a timely fashion in the event of
termination or job change.

6. Ensure that appropriate password controls are

used.
7. Verify that secure management protocols are
used where possible.
8. Ensure that current
configuration files.

backups

exist

for

9. Verify that logging is enabled and sent to a

centralized system.
10. Evaluate use of Network Time Protocol (NTP).
11. Verify that a banner is configured to make all
connecting users aware of the companys policy
for use and monitoring.
12. Ensure that access controls are applied to

13. Ensure that all network equipment is stored in a

secure location.
14. Ensure that a standard naming convention is used for
all devices.
15. Verify that standard, documented processes exist for
building network devices.