CyberSecurityBeginner – Network Security Checklist

Network Security Checklist

Firewalls (Hardware/Software)

  • Default Credentials Changed (admin/admin → strong password)

  • Latest Firmware/Software Installed

  • Only Required Ports Opened (block unused)

  • Ingress and Egress Rules Defined Clearly

  • Geo-IP Filtering (if needed)

  • Rules Ordered from Most to Least Specific

  • Logging Enabled and Monitored

  • ICMP Echo Request Filtering (if needed)

  • NAT and PAT Configured Properly

  • Access Control Lists (ACLs) in Place

  • VPN Traffic Segmented and Restricted

  • Fail2Ban or IDS/IPS Integration

  • Firewall Management Interface Restricted by IP or Network

  • Backup of Firewall Configuration Stored Securely

  • Time-Sync Enabled (NTP) for Logging Accuracy

  • Multi-Zone (DMZ, Internal, External) Segregation Used

Routers

  • Change Default Login Credentials

  • Disable Unused Interfaces and Services (e.g., Telnet)

  • SSH Enabled, Telnet Disabled

  • Secure SNMP Configuration (use v3)

  • ACLs to Limit Management Access

  • OSPF/EIGRP/RIP Authentication Enabled

  • No Public IP Assigned to Internal Interfaces

  • VPN Setup Uses IPsec or SSL

  • Logging and Monitoring Enabled

  • Regular Firmware Updates

  • Routing Tables Audited for Anomalies

  • Use Secure NTP and DNS Servers

  • Syslog Remote Logging Configured

  • Router Boot Configuration Stored Securely

Switches

  • Management VLAN Separated from User VLANs

  • Unused Ports Disabled

  • Port Security Enabled (MAC Address Binding)

  • BPDU Guard Enabled on Access Ports

  • STP (Spanning Tree Protocol) Configured and Tuned

  • 802.1X Port Authentication Configured

  • DHCP Snooping Enabled

  • Dynamic ARP Inspection Enabled

  • Private VLANs (if applicable) Used for Isolation

  • Logging to Central Syslog Server

  • SSH Access Only for Management

  • SNMPv3 or Disable SNMP if Unused

  • CDP/LLDP Disabled on Access Ports

  • Regular Backup of Switch Configs

Linux Servers

  • All Packages Up-to-Date (apt/yum/dnf)

  • Only Required Services Running (systemctl, chkconfig)

  • Firewall Configured (UFW, firewalld, iptables/nftables)

  • SSH Hardening:

    • Disable root login

    • Use key-based authentication

    • Change default port (optional)

    • Fail2Ban or SSHGuard installed

  • User Accounts Reviewed

  • Sudo Access Limited

  • Audit Logs Enabled (auditd, rsyslog)

  • Intrusion Detection (e.g., OSSEC, AIDE)

  • File Permissions Audited

  • SELinux or AppArmor Enabled

  • Login Banners and Legal Notices in Place

  • Automatic Security Updates Configured

  • Sensitive Data Encrypted (at rest and transit)

  • Cron Jobs Audited

  • Monitor Processes and Open Ports (ps, netstat, ss)

Windows Servers

  • Windows Updates Applied Regularly

  • Antivirus and Antimalware Active (Defender or 3rd-party)

  • Local Firewall (Windows Defender Firewall) Configured

  • SMBv1 Disabled

  • RDP Access Restricted:

    • Use Network Level Authentication (NLA)

    • Use VPN or IP whitelisting

    • Two-Factor Authentication (Duo, etc.)

  • Event Logging Enabled and Reviewed

  • Group Policy Hardened:

    • Password policies (length, history, lockout)

    • Disable anonymous logins

    • Remove local admin access from users

  • PowerShell Logging and Auditing Enabled

  • Unused Roles and Features Removed

  • Active Directory Hardening (if domain controller):

    • Audit logons and privilege use

    • Disable legacy protocols (NTLMv1, LM)

    • LAPS configured for local admin password management

  • BitLocker or EFS for Disk Encryption

  • USB and External Device Policy Controlled

  • Remote Admin Tools Access Logged and Restricted

  • Backup System and Restore Testing Verified

  • Use of Security Baselines (CIS, Microsoft Security Compliance Toolkit)