└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Network Health Checklist 2 | A checklist of items to check, especially when inheriting a foreign network. 3 | 4 | This list is meant to be a prompt sheet for getting an overview of a network 5 | in order to understand and make recommendations, as well as perform basic 6 | health check. It is not a survey that you can get a client to complete. 7 | 8 | ## Servers 9 | - How many servers? 10 | - Is virtualization being used? 11 | - Virtual platform? (VMware/Xen/HyperV etc) 12 | - What operating systems are installed? 13 | - Windows NT4 (!!), 2003 (!!), 2008 (!!), 2008 R2 (!!), 2012, 2012 R2, 2016 14 | - Linux 15 | - Solaris/HP-UX/Other Unix 16 | - File Servers 17 | - NAS devices 18 | - Is there a SAN? Fibre Channel or iSCSI? 19 | - Check disk utilization of File Servers / NAS / SAN. 20 | - Are there UPS units installed? Operational? 21 | 22 | ### All Servers 23 | Check the following items: 24 | - free disk space 25 | - disk health 26 | - RAID health 27 | - RAID level; none (!!), RAID0 (!!), RAID1, RAID5(!), RAID6, RAID10, ZFS 28 | - running processes 29 | - memory utilization 30 | - pending updates 31 | - multi-homing 32 | 33 | ### Windows Servers 34 | Check the following items: 35 | - disk fragmentation 36 | - network file shares 37 | - local admin accounts 38 | 39 | ### Linux Servers 40 | Check the following items: 41 | - distribution and release 42 | - load average 43 | - mountpoints (local and remote) 44 | - listening ports 45 | - logged in users 46 | - host firewall 47 | - uptime 48 | 49 | ### Website 50 | - Website hosting provider? (External/Internal) 51 | - Website developer(s)? 52 | - Deployment stack? 53 | - Web Server 54 | - Database - Scheduled Backups? 55 | 56 | ### Email 57 | - Email hosting platform? (Google Apps, Rackspace, Self-hosted etc) 58 | - Self-hosted platform? (Exchange, Kerio Connect etc) 59 | - Server Address, Ports 60 | - Anti-spam and Anti-virus protection? 61 | - Public MX records? 62 | - SPF records? DKIM? 63 | 64 | ## Active Directory 65 | - Is Active Directory installed? 66 | - What is the: 67 | - Forest: 68 | - Domain(s): 69 | - Is the domain(s) public or private? 70 | - Public: Is the domain registered to the business? 71 | - Is there any OU structure in place? 72 | - How many Domain Controllers are there? 73 | - Is there at least 1 physical Domain Controller? 74 | - What is the state of replication? (`repadmin /showrepl * /errorsonly`) 75 | - What roles are installed on what servers? (eg, DC, DHCP, DNS, Print Server, File Server) 76 | - Where are the FSMO roles held? (`netdom query /domain: FSMO`) 77 | - Are there any domain trusts configured? 78 | - Are there any Group Policy Objects: 79 | - Configured? 80 | - Linked to OU? 81 | - Is there a password policy in place? 82 | - Change every X days 83 | - Complexity? 84 | - Number of passwords remembered? 85 | - Are there DFS namespaces being used for file shares? 86 | 87 | ## Network 88 | - What IP subnet is being used on the LAN? 89 | - Router/Gateway IP address (LAN): 90 | - Internet Connectivity: 91 | - ISP & Connection Type (ADSL, cable, fibre etc) 92 | - Are there static IP Address(es) 93 | - Router - hardware make/model 94 | - Are there VLAN's in use? 95 | - Are there multiple Layer 3 networks on a single Layer 2? 96 | - Any internal routers in-use to segregate internal networks/subnets? 97 | - See *Routing* Section 98 | 99 | ### Firewall 100 | - Is there a permieter firewall in place? 101 | - Is egress traffic filtered? 102 | 103 | ### DNS 104 | - Does the network have DNS redundancy? (2 or more working DNS servers) 105 | - Locally authorative DNS zones: 106 | 107 | ### DHCP 108 | - DHCP server: 109 | - DHCP scope: 110 | - Check for rouge DHCP servers. 111 | 112 | ### Routing 113 | - How many routers are installed? 114 | - Make/Models 115 | - Any configured in High Availability (HA)? 116 | - Are they edge or internal routers? 117 | - Is there firewalling between internal subnets? 118 | - Interfaces 119 | - Names (system and friendly names) 120 | - Capabilities (Speed, Media etc) 121 | 122 | ### Switches 123 | - How many switches are installed 124 | - Make/Models 125 | - Utilization (port usage) of each switch 126 | - Speed/capabilities 127 | - 10/100mbps -- Gigabit? 128 | - Copper -- Fibre? 129 | - SFP's or Media Converters in place? 130 | - Switch topology: 131 | - Star 132 | - Daisy-chain 133 | - Mesh 134 | - Managed Switches: 135 | - Check interfaces for: 136 | - Dropped packets. 137 | - CRC errors. 138 | - Forced speed/duplex. 139 | - Is there any Port Security enabled? 140 | - Check STP is enabled 141 | - Is the STP root set correctly? 142 | - Is BPDU Guard enabled? 143 | - DHCP Snooping - Enabled? Required? 144 | - Uplink Design: 145 | - Single port uplinks between switches? 146 | - LACP/LAGG uplinks? 147 | - Redundant Paths? 148 | 149 | ### Wireless 150 | - Wireless network installed? 151 | - What are the SSID's? 152 | - Security: 153 | - Open / No Security (!!) 154 | - WEP (!!) 155 | - WPA/WPA2 PSK 156 | - WPA2 Enterprise (802.1x) 157 | - Mac Filtering 158 | - Hardware: 159 | - Make/Models 160 | - 802.11a/b/g/n/ac 161 | - Management method (individual AP's, central management etc) 162 | - Is coverage sufficient? 163 | - Check for Rogue Access Points (on or off SSID) 164 | - Check channel spacing with surrounding SSID's 165 | 166 | ## Security 167 | - Do users have Local Admin rights? 168 | - Do any users have remote access? 169 | - Remote Desktop 170 | - Citrix 171 | - Are there VPN services in place? 172 | - Site-to-site 173 | - Road warrior 174 | - IPSec / PPTP (!!) / SSL 175 | - Are there SSL/TLS protections in place for: 176 | - Corporate website 177 | - Email retrieval (POP3/IMAP/ActiveSync) 178 | - Email sending (SMTPS) 179 | - Public or self-signed certificates? 180 | - What are the SSLLabs test results? 181 | - Are logs centrally stored (Splunk/Greylog/Logstash etc)? 182 | - Is there any form of NAC (eg, 802.1x)? 183 | - Auditing; are there any compliance requirements? (PCI, SOX etc) 184 | - Have patches for major vulnerabilities been applied to: Servers? Desktops? Others? 185 | - Meltdown 186 | - Spectre 187 | - Heartbleed 188 | - Shellshock 189 | 190 | ### Active Directory 191 | - Do users have Domain Admin rights? 192 | - Are there additional enterprise/domain admin accounts besides "Administrator"? 193 | - Are old users/computers disabled/deleted from Active Directory? 194 | 195 | ## Backups 196 | - What backup processes are in place? 197 | - Have test restoration of backup been done? 198 | - Are there off-site backups being made? 199 | - Shadow Copies enabled on Windows file servers? 200 | 201 | ## End-user Devices 202 | - How many: 203 | - Desktops 204 | - Laptops 205 | - Tablets 206 | - Smartphones 207 | - Is there any MDM in place for Phones/Tablets etc? 208 | 209 | ### Software 210 | - Operating systems: 211 | - Windows XP (!!) 212 | - Windows Vista (!!) 213 | - Windows 7 (!!) 214 | - Windows 8 215 | - Windows 10 216 | - OS X 217 | - Linux 218 | - Productivity software (eg Microsoft Office)? 219 | - Anti-virus protection? 220 | - Business/Industry specific applications? 221 | - Are there any instances of Dropbox, OneDrive, Google Drive etc? 222 | - If yes, is it authorized or is it Shadow IT? 223 | - Are there any instances of TeamViewer, LogMeIn etc? 224 | - If yes, is it authorized or is it Shadow IT? 225 | --------------------------------------------------------------------------------