The Weekly IT Security Review
IT SECURITY CHECKLIST
for the week of August 9, 2009


Need more information about
this week's security review?
 
Search the knowledgebase at
(Link in actual email)
or
email examiner@yennik.com.

 

 

 

 

 

 

 

Yennik, Inc.
R. Kinney Williams
President, CFE, CISM, CGEIT
IT Security Auditor
4409 101st Street
Lubbock, Texas  79424
Office 806-798-7119
http://www.yennik.com
examiner@yennik.com

NETWORK SECURITY

Determine if firewall and routing controls are in place and updated as needs warrant.

• Identify personnel responsible for defining and setting firewall rulesets and routing controls.

• Review procedures for updating and changing rulesets and routing controls.

• Confirm that the ruleset is based on the premise that all traffic that is not expressly allowed is denied, and that the firewall’s capabilities for identifying and blocking traffic are effectively utilized.

• Confirm that network mapping through the firewall is disabled.

• Confirm that NAT and split DNS are used to hide internal names and addresses from external users. (Note: Split DNS is a method of segregating the internal DNS from the external DNS.)  

• Confirm that malicious code is effectively filtered.

• Confirm that firewalls are backed up to external media, and not to servers on protected networks.

• Determine that firewalls and routers are subject to appropriate and functioning host controls.

• Determine that firewalls and routers are securely administered.

• Confirm that routing tables are regularly reviewed for appropriateness on a schedule commensurate with risk.



Yennik, Inc.®

Published by Yennik, Inc. the acknowledged leader in independent-Internet auditing.
The Weekly IT Security Review is for educational purposes and is not intended to replace an independent
 IT security audit or to be construed as covering all IT security issues that may apply to your business.

Please be advised that Yennik, Inc. fully respects your right to privacy and will not,
under any circumstance, give or sell your information in any form to another party.
Our privacy statement can be found at http://www.yennik.com/privacy_statement.htm.  
Any  distribution or use of this material is strictly prohibited. 

Some material may be excerpts from FFIEC, HIPAA, NIST, or other federal agencies
.
Copyright - Yennik, Incorporated -  Our logo above is registered with the United States Patent and Trademark Office.

The Weekly IT Security Review is emailed exclusively for {email}, {firstname} {lastname}.