OC Security Audit | Infrastructure Security

Router and Switch Security Audit Checklist

Review the routers, switches, VLANs, trunks, management interfaces, firmware, ACLs, logs, and backups that keep users, servers, cloud services, branch offices, and business applications connected.

25+Years of IT, cybersecurity, network, and infrastructure experience.
45Router and switch audit items preserved in the checklist.
14Review domains covering firmware, access, VLANs, ACLs, monitoring, and resilience.
SoCalIrvine, Orange County, Los Angeles County, and Southern California focus.

Executive Summary

Internal network devices can quietly become the path of least resistance.

Firewalls matter, but routers and switches decide how internal traffic moves. A flat VLAN design, exposed management interface, weak SNMP configuration, stale firmware, permissive trunk, or undocumented route can create serious business risk even when the perimeter looks clean.

OC Security Audit helps business owners, IT managers, CISOs, CIOs, and compliance leaders review network infrastructure from both a technical and business-risk perspective. The goal is practical: find gaps, prioritize remediation, collect evidence, and support a cleaner internal security baseline.

What this review helps clarify

  • Which routers and switches are unsupported, unpatched, undocumented, or exposed.
  • Whether management access is limited to approved administrators and trusted networks.
  • Where VLAN, trunk, routing, ACL, or Layer 2 controls need stronger segmentation.
  • Whether monitoring, logging, backups, diagrams, and change controls support incident response.

Audit Coverage

What the router and switch audit covers.

The page is organized around the major internal infrastructure areas that commonly create security exposure in Cisco, HPE Aruba, HP, and mixed-vendor switching and routing environments.

01

Firmware and OS

Patch levels, boot images, vendor advisories, support lifecycle, rollback planning, and update procedures.

02

Management Plane

SSH, HTTPS, console access, management VLANs, allowed admin sources, AAA, and privileged access.

03

VLANs and Segmentation

User, server, guest, IoT, voice, management, trunking, inter-VLAN routing, and route-control review.

04

Switch Port Security

Unused ports, trunk restrictions, MAC limits, NAC/802.1X readiness, and rogue-device prevention.

05

Layer 2 Protections

DHCP Snooping, Dynamic ARP Inspection, BPDU Guard, Root Guard, and storm-control configuration.

06

ACLs and Routing

Router ACLs, management ACLs, route filtering, dynamic routing authentication, and branch connectivity.

07

Monitoring and Backups

SNMPv3, syslog, NTP, configuration backups, alerting, log retention, and performance baselines.

08

Documentation

Inventory, standards, baseline configurations, diagrams, owners, change control, and evidence records.

Router and switch security checklist with network infrastructure controls

Business Risk

A secure firewall does not fix a weak internal network.

Attackers often move through trusted internal paths after a phishing compromise, stolen VPN credential, exposed admin workstation, vulnerable server, or unmanaged device. Router and switch controls help define where traffic can go, who can administer the network, and whether suspicious events can be investigated later.

  • Management interfaces should not be reachable from ordinary user, guest, or IoT networks.
  • VLANs and ACLs should reflect real business access requirements, not old assumptions.
  • Switch ports, trunks, and Layer 2 protections should reduce unauthorized access and disruption.
  • Logs, backups, and diagrams should support recovery, audits, and executive decision-making.

Process

Our router and switch security audit process.

The review turns technical configuration details into prioritized remediation guidance for IT teams and leadership.

Step 1

Discover

Collect inventory, topology, device roles, firmware versions, VLANs, routing paths, and management interfaces.

Step 2

Review

Analyze configurations, management access, passwords, SNMP, ACLs, trunks, Layer 2 protections, and monitoring.

Step 3

Prioritize

Score findings by likelihood, impact, and business risk so remediation is practical and defensible.

Step 4

Validate

Confirm which controls work, which are missing, and which need operational or change-control review.

Step 5

Recommend

Provide secure configuration recommendations for firmware, passwords, VLANs, port security, ACLs, and monitoring.

Step 6

Document

Deliver checklist results, evidence notes, risk scoring, and remediation steps for IT and leadership review.

HTML Checklist

Router and switch security audit items.

Use this checklist as a starting point for internal security audits, infrastructure reviews, network hardening projects, evidence collection, and remediation planning. The full original checklist is preserved below.

CategoryItemDescriptionLikelihoodImpactSecurity RiskHow to SecureStatus
Inventory & OwnershipDevice inventory accuracyDocument all routers, switches, stacks, serial numbers, models, OS versions, locations, owners, and support status.MediumMediumUnknown network assets create blind spots during incidents and upgrades.Maintain an approved inventory and reconcile it during every audit cycle.Open / Review / Complete
Inventory & OwnershipLifecycle and support statusConfirm whether Cisco, HPE Aruba, and HP devices are under vendor support and not end-of-life.HighHighUnsupported devices may not receive critical firmware or security updates.Replace unsupported devices or document compensating controls and upgrade timelines.Open / Review / Complete
Firmware & OSFirmware version reviewCompare firmware and network OS versions against vendor advisories and approved baselines.HighHighOutdated firmware can expose routers and switches to known vulnerabilities.Upgrade through a controlled change window after backup and compatibility review.Open / Review / Complete
Firmware & OSBoot image integrityVerify approved boot images, startup configuration integrity, and unauthorized image changes.MediumHighUnapproved images may introduce instability, backdoors, or misconfiguration.Restrict image changes and validate hashes where supported.Open / Review / Complete
Firmware & OSPatch management processReview how firmware updates are tested, approved, scheduled, and documented.MediumHighUnstructured updates increase outage risk or leave devices unpatched.Create a repeatable patch process with maintenance windows and rollback steps.Open / Review / Complete
Management PlaneSSH-only administrationConfirm Telnet is disabled and SSH is configured using secure versions and approved ciphers where supported.HighHighClear-text management protocols expose credentials and configuration data.Disable Telnet and require SSH from trusted management networks.Open / Review / Complete
Management PlaneHTTPS management reviewConfirm HTTP is disabled and HTTPS uses trusted certificates where web management is required.MediumHighInsecure web management can leak credentials or expose admin portals.Use HTTPS only, restrict access, and disable web management if not needed.Open / Review / Complete
Management PlaneManagement VLAN isolationVerify router and switch management interfaces are isolated from user VLANs and guest networks.HighHighFlat access to management interfaces increases takeover risk.Place management access in a dedicated VLAN or subnet with ACL restrictions.Open / Review / Complete
Management PlaneAllowed management sourcesReview ACLs that limit device administration to approved jump boxes, VPNs, or admin workstations.HighHighBroad administrative access expands the attack surface.Permit management only from approved source IP ranges.Open / Review / Complete
AuthenticationDefault credentials removedConfirm vendor default usernames, passwords, and setup accounts are removed or disabled.HighHighDefault credentials are commonly abused during internal compromise.Remove defaults and use unique named accounts or centralized authentication.Open / Review / Complete
AuthenticationAAA / RADIUS / TACACS+Review centralized authentication, authorization, and accounting for administrators.MediumHighLocal-only accounts reduce accountability and delay offboarding.Use AAA with least privilege, fallback controls, and admin logging.Open / Review / Complete
AuthenticationPrivileged account reviewValidate admin roles, named accounts, emergency accounts, and privilege levels.MediumHighExcessive admin rights can lead to unauthorized network changes.Limit privileges and review access regularly.Open / Review / Complete
AuthenticationPassword policyReview password complexity, rotation expectations, encrypted secrets, and local account storage.MediumHighWeak or reusable passwords can lead to device compromise.Use long unique credentials, encrypted secrets, and vault-based access.Open / Review / Complete
SNMP & MonitoringSNMP versionConfirm SNMPv1 and SNMPv2c are disabled unless there is an approved exception.HighHighWeak SNMP versions can expose device data and community strings.Use SNMPv3 with authentication and encryption.Open / Review / Complete
SNMP & MonitoringCommunity string exposureReview SNMP community strings, ACLs, and read/write permissions.HighHighExposed or writable community strings can reveal or change device configuration.Remove public/private strings and restrict SNMP to monitoring servers only.Open / Review / Complete
SNMP & MonitoringSyslog forwardingConfirm logs are forwarded to centralized syslog/SIEM systems.MediumHighLocal-only logs may be lost after reboot or compromise.Forward logs to a protected logging platform with retention.Open / Review / Complete
SNMP & MonitoringNTP configurationVerify devices use trusted NTP sources and consistent time zones.MediumMediumIncorrect time breaks incident timelines and log correlation.Configure reliable NTP and document time settings.Open / Review / Complete
SegmentationVLAN design reviewReview VLANs for users, servers, voice, printers, guest, IoT, cameras, and management.HighHighPoor segmentation allows unnecessary lateral movement.Separate sensitive zones and document VLAN purpose and ownership.Open / Review / Complete
SegmentationInter-VLAN routing controlReview routing between VLANs and confirm only required flows are permitted.HighHighOverly permissive inter-VLAN routing exposes critical systems.Use ACLs, firewall policy, or routed segmentation for controlled access.Open / Review / Complete
SegmentationGuest network isolationConfirm guest and visitor networks cannot reach internal resources.HighHighGuest access can become an entry point into the corporate network.Isolate guest VLANs and route them directly to internet-only access.Open / Review / Complete
SegmentationVoice VLAN securityReview voice VLAN separation and whether phones can bridge into data networks.MediumMediumVoice networks can become a lateral movement path.Apply voice VLAN controls, DHCP options, and port-level restrictions.Open / Review / Complete
Switch Port SecurityUnused ports disabledConfirm unused switch ports are administratively disabled and assigned to an unused VLAN.HighMediumOpen ports allow unauthorized internal access.Disable unused ports and monitor link-up events.Open / Review / Complete
Switch Port SecurityPort security / MAC limitsReview MAC address limits, sticky MAC policies, and violation actions where appropriate.MediumHighUnauthorized devices can be connected to active ports.Enable port security for access ports based on operational needs.Open / Review / Complete
Switch Port Security802.1X / NAC readinessEvaluate support for 802.1X, MAC authentication bypass, or NAC integration.MediumHighUncontrolled network access increases insider and rogue-device risk.Implement phased NAC for sensitive or high-risk areas.Open / Review / Complete
Switch Port SecurityTrunk port reviewConfirm trunk ports are approved, documented, and restricted to required VLANs.HighHighMisconfigured trunks can expose multiple VLANs to one connection.Limit allowed VLANs and disable trunk negotiation where appropriate.Open / Review / Complete
Layer 2 ProtectionBPDU GuardReview BPDU Guard on access ports to reduce rogue switch risk.MediumHighRogue switches can disrupt spanning tree and network availability.Enable BPDU Guard on access ports.Open / Review / Complete
Layer 2 ProtectionRoot GuardReview root bridge placement and Root Guard on appropriate ports.MediumHighUnexpected root bridge changes can destabilize switching paths.Define root bridge strategy and enforce it with guard features.Open / Review / Complete
Layer 2 ProtectionDHCP SnoopingReview DHCP Snooping for user VLANs and trust boundaries.MediumHighRogue DHCP servers can redirect or disrupt user traffic.Enable DHCP Snooping and trust only legitimate uplink/server ports.Open / Review / Complete
Layer 2 ProtectionDynamic ARP InspectionReview ARP protection where DHCP Snooping bindings are available.MediumHighARP spoofing can enable traffic interception or disruption.Enable Dynamic ARP Inspection on supported access VLANs.Open / Review / Complete
Layer 2 ProtectionStorm controlReview broadcast, multicast, and unknown unicast storm-control thresholds.MediumMediumLayer 2 storms can create outages.Configure storm control on access ports with tested thresholds.Open / Review / Complete
Access Control ListsRouter ACL reviewReview inbound and outbound ACLs on routed interfaces.HighHighOverly broad ACLs may expose sensitive networks or management services.Apply least privilege and document business justification.Open / Review / Complete
Access Control ListsManagement ACLsConfirm management services are protected by explicit ACLs.HighHighAttackers on internal networks may attempt direct device access.Restrict SSH/HTTPS/SNMP to approved management hosts.Open / Review / Complete
Access Control ListsAny-any rulesIdentify permissive allow-all rules and undocumented exceptions.HighHighBroad rules undermine segmentation and increase blast radius.Replace with specific source, destination, and service rules.Open / Review / Complete
Routing SecurityStatic route reviewValidate static routes, default routes, and route ownership.MediumHighIncorrect routes can expose traffic or create black holes.Document route purpose and remove stale routes.Open / Review / Complete
Routing SecurityDynamic routing authenticationReview OSPF, EIGRP, BGP, or other protocol authentication where used.MediumHighUnauthenticated routing can allow route injection or disruption.Enable protocol authentication and route filtering where supported.Open / Review / Complete
Routing SecurityRoute filteringReview route redistribution and filtering between sites, WAN, VPN, and internal zones.MediumHighUncontrolled redistribution can leak routes between environments.Filter routes and document accepted prefixes.Open / Review / Complete
Site ConnectivityWAN and branch linksReview routers/switches supporting branch, data center, and cloud connectivity.MediumHighWeak inter-site controls can allow compromise to spread across locations.Validate routing, ACLs, monitoring, and redundancy for site links.Open / Review / Complete
Site ConnectivitySite-to-site VPN interfacesReview router interfaces, routes, ACLs, and monitoring tied to VPN connectivity.MediumHighVPN-connected networks often have excessive trust.Limit reachable subnets and monitor tunnel health.Open / Review / Complete
ResilienceConfiguration backupsConfirm scheduled configuration backups are captured and protected.HighMediumNo backup increases downtime after failure or misconfiguration.Automate backups and test restoration.Open / Review / Complete
ResilienceChange controlReview change tickets, approval workflow, and post-change validation.MediumHighUntracked changes make incidents harder to diagnose.Require documented changes for routing, VLAN, ACL, and firmware updates.Open / Review / Complete
ResilienceHigh availability linksReview stack members, uplinks, LACP, redundant power, and failover paths.MediumHighSingle points of failure can interrupt business operations.Document redundancy and test failover scenarios.Open / Review / Complete
Physical SecurityRack and closet accessReview physical access to network closets, MDFs, IDFs, and data center racks.MediumHighPhysical access can bypass logical controls.Restrict access, lock cabinets, and log entry where feasible.Open / Review / Complete
Physical SecurityConsole port controlReview console access procedures, adapters, and local recovery controls.MediumMediumUncontrolled console access can allow device reconfiguration.Control physical console access and protect emergency credentials.Open / Review / Complete
DocumentationNetwork diagramsValidate current logical and physical diagrams.MediumMediumOutdated diagrams slow troubleshooting and audits.Update diagrams with VLANs, uplinks, trunks, and routing paths.Open / Review / Complete
DocumentationStandards and baseline configsReview standard templates for Cisco, HPE Aruba, and HP devices.MediumHighInconsistent configs create security gaps and support issues.Create approved baseline configurations by device role.Open / Review / Complete

This checklist is for initial guidance and planning. It does not replace a professional cybersecurity audit, compliance assessment, penetration test, or legal/compliance review.

Monitoring Applications

Tools commonly used to monitor routers and switches.

Monitoring tools can support availability, interface health, bandwidth usage, SNMP metrics, alerting, configuration awareness, and faster incident response. Vendor fit depends on network size, budget, skill level, and operational requirements.

Platform Focus

Cisco, HPE Aruba, and HP router/switch environments.

OC Security Audit can help review common configuration and operational risks across mixed-vendor environments, including older HP switching, HPE Aruba access layers, and Cisco routing and switching platforms.

Cisco routers and switches

Review IOS/IOS XE configuration hygiene, SSH/AAA, ACLs, SNMPv3, routing controls, VLANs, trunking, spanning-tree protections, configuration backups, and logging.

HPE Aruba switching

Review AOS-CX or ArubaOS-Switch settings, management access, VLAN design, port security, firmware, SNMP, syslog, role-based access, and uplink controls.

HP legacy networks

Review lifecycle risk, older firmware, insecure protocols, switch closet exposure, undocumented VLANs, missing backups, and migration or hardening priorities.

After the Audit

From router and switch findings to implementation support.

OC Security Audit identifies security gaps, risk priorities, and evidence needs. When the next step is operational implementation, remediation coordination, network maintenance, monitoring, firmware planning, or ongoing infrastructure support, the related IT Perfection service is network infrastructure management.

This keeps the two companies clear: OC Security Audit performs the specialized security review; IT Perfection can help with practical network infrastructure work when a business needs managed IT support after the assessment.

Related operational support

  • Router and switch configuration maintenance, troubleshooting, and documentation.
  • Firmware update planning, maintenance windows, and operational handoff.
  • Network monitoring, alert review, log collection, and visibility improvements.
  • Branch, VPN, wireless, firewall, and network infrastructure support.

View IT Perfection Network Infrastructure Management

Ali Hassani CISO and cybersecurity consultant in a data center

Ali Hassani, CISO

Senior-level network security, compliance, and infrastructure guidance.

Ali Hassani is a CISO and cybersecurity consultant with 25+ years of experience across IT operations, cybersecurity, compliance auditing, Microsoft infrastructure, Microsoft 365 security, network security, firewall security, vulnerability management, cloud security, and infrastructure leadership. His practical background helps organizations connect executive risk, technical controls, and compliance readiness. Learn more about Ali's experience at OC Security Audit's Ali Hassani profile.

CISSPCCISOCCNPCCNAMCSEMCSA SecurityMCITPMCPMCTS

FAQ

Router and switch security audit questions.

What is included in a router and switch security audit?

A professional review usually includes inventory, firmware and lifecycle status, management access, AAA, password controls, SNMP, logging, VLANs, trunk ports, ACLs, routing, Layer 2 protections, backups, diagrams, change controls, and remediation priorities.

Is this different from a firewall audit?

Yes. A firewall audit focuses on perimeter and zone policy, VPN, NAT, logging, and rulebase exposure. A router and switch review focuses on the internal network paths, management plane, VLANs, trunks, access ports, routing, and switch-layer controls that support internal security.

Which platforms can be reviewed?

OC Security Audit can review common Cisco, HPE Aruba, HP, and mixed-vendor environments. The review can be adapted for small-business networks, branch offices, larger switching environments, and data-center or campus-style designs.

Can this checklist help with compliance readiness?

Yes. Router and switch evidence can support cybersecurity risk management, internal control validation, audit preparation, cyber insurance conversations, and compliance readiness where network segmentation, access control, logging, and change management matter.

Can OC Security Audit help prioritize remediation?

Yes. Findings can be prioritized by likelihood, impact, business exposure, and operational difficulty so technical teams can address the highest-risk items first without turning the review into a generic checklist exercise.

Need help reviewing router and switch security?

OC Security Audit helps organizations identify infrastructure security gaps, prioritize remediation, and improve internal network resilience across routers, switches, VLANs, site connectivity, management access, monitoring, and documentation.