Professional Documents
Culture Documents
Questions
Findings
Yes
No
ISO 27001
Control
Standard/Best Practice
Router Policy
Is a router security policy in
place?
A.5.1.1
A.9.1.2
A.12.1.1
A.9.2.1
A.9.2.2
A.9.2.1
A.9.2.2
Administrator Authentication
Is there a documented procedure
for creation of users?
A.9.4.3
A.9.3.1
A.9.2.3
A.9.4.2
A.9.4.4
A.12.6.1
A.9.4.4
A.13.1.3
A.13.1.1
A.13.1.1
Questions
Findings
Yes
No
ISO 27001
Control
A.9.2.4
A.9.3.1
Standard/Best Practice
limit the addresses that can send SNMP commands to the
device. SNMP v1 or v2c uses the community string as the
only form of authentication and is sent in clear text across
the network.
Default community strings such as public should be
changed immediately before bring the router on the
network.
If SNMP v1 or v2c is being used, the SNMP community
strings should be treated like root passwords by changing
them often and introducing complexity in them.
Configuration Management
How often is the router
configurations backed up?
Is there any technical control to
prevent unauthorized access to
configuration backup?
Is there a documented procedure
for backup of router
configurations?
Is there any procedure for system
reset or recovery from backup?
Are all router configuration
changes and updates
documented in a manner suitable
for review according to a change
management procedure?
Is there any periodically router
capacity review for performance
assurance?
Is the network engineer aware of
the latest vulnerabilities that
could affect the router and aware
of recent updates?
A.12.3.1
A.8.2.1
A.12.3.1
A.12.3.1
A.12.1.1
A.12.1.1
A.12.1.2
A.12.1.3
A.6.1.4
A.12.6.1
A.17.1.1
A.17.1.2
A.17.1.2
A.17.1.3
Business Continuity
Is there a router redundancy in
cold standby or hot standby?
Are disaster recovery procedures
for the router/network
documented and are they tested?
Is the configuration backup saved
to an off-site/DR site?
A.12.3.1
A.17.1.1
Copy of router configuration needs to saved to an offsite/DR site for disaster recovery purpose
A.12.4.1
Questions
tracking/command logging for
the router administrators
enabled?
Is the NTP server service used to
synchronize the clocks of all the
routers?
Are all attempts to any port,
protocol, or service that is denied
logged?
Is logging to a syslog server
enabled on the router?
How often is the router logs
(covering administrator access
/access control) reviewed?
Are reports and analyses carried
out based on the log messages?
Is there any documentation for
course of action to be followed if
any incident is noticed?
Findings
Yes
No
ISO 27001
Control
A.12.4.3
Standard/Best Practice
well as when an administrator logged in or out can be
recorded for audit purposes.
A.12.4.4
A.12.4.1
A.16.1.2
A.12.4.2
A.16.1.2
A.12.4.1
A.16.1.6
A.16.1.1
This work is a derivative work from a document ISO27k Cisco Router Security Audit
Checklist copyright 2007, ISO27k Forum, some rights reserved. It is licensed under the Creative
Commons Attribution-Noncommercial-Share Alike 3.0 License. You are welcome to reproduce,
circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a
commercial product, (b) it is properly attributed to the ISO27k implementers' forum
(www.ISO27001security.com), and (c) if shared, any derivative works are shared under the same terms
as this.
Note: this is NOT security advice. Do not rely on this checklist. Refer to the Mikrotik RouterOS
documentation and take advice from competent network security professionals.