Page 167 - Courses
P. 167
Logical Security: The Network Layer
• Account vendor-supplied default passwords are changed. Each person accessing the system uses
his or her own ID. The built-in administrator account is disabled or processes exist to ensure
access to the account’s password is restricted.
• The rules built into the IDS/IPS are the controls, not the software package itself.
Suggested Audit Procedures
Suggested audit procedures include:
• Review the network diagram and validate that it shows the correct placement of network
appliances.
• Test a sample of the changes (vendor-supplied, custom, patches, etc.) to ensure compliance with
change management policy.
• Attempt to log into the network appliance through the built-in accounts using the vendor-
supplied default passwords.
• Test the follow-up timing of recorded events and ensure that false positives are minimized.
• Evaluate whether penetration or vulnerability assessments are performed and timely corrective
action occurs.
• Test to ensure that all network appliance software default settings are changed to a security-
hardened status. If an external operating system is used, test to ensure bare minimum operating
system processes, systems, services, and commands are enabled.
TOPIC 5: NETWORK SERVERS
Network Servers
Servers to consider in an assessment of network security controls:
• DNS.
• FTP Server.
• Proxy Server.
• Mail Server.
• Web Server.
Domain Name System (DNS)
DNS Characteristics
DNS Characteristics:
Domain Name Systems (DNSs) are the internet or LAN equivalent of a phone book. They maintain a
directory of domain names and translate them to Internet Protocol (IP) addresses. Computers and
machines access websites via IP addresses.
A DNS server is hosted on a server with a security-hardened OS (e.g., Windows, Unix). The OS is
usually stripped down to a bare minimum to minimize risk.
Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
