Logical Security: The Network Layer

            Controls

            Controls include:
            •  Account vendor-supplied default passwords are changed. Each person accessing the system uses
               his or her own ID. The built-in administrator account is disabled, or processes exist to ensure
               access to the account’s password is restricted.
            •  Policies and rules comply with the organization’s policies or documented configuration.
            •  Changes adhere to the organization’s change control process.
            •  Systems containing OSs (e.g., Windows, UNIX, etc.) should be hardened so the bare minimum
               essential system services, modules, and features are enabled.
            •  Access is restricted to a minimal number of users.

            Suggested Audit Procedures

            Suggested audit procedures include:
            •  Obtaining a sample of changes and test to ensure the changes were managed through the
               organization’s change process.
            •  Obtaining evidence that the number of users is limited and users who access the system is
               appropriate.
            •  Testing to ensure that identified events (based on policies and rules) are logged and reviewed.
            •  Testing to ensure that all network appliance software default settings are changed to a security-
               hardened status. If an external operating system is used, test to ensure bare minimum operating
               system processes, systems, services, and commands are enabled.

            Intrusion Prevention System





























            IDS/IPS Characteristics




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.