| 1: | Does the network have a written security policy? |
| 2: | What is the security policy concerning devices that are attached to the network? |
|
A2:
| Answer: Does a device that is connecting to the network need to run or employ specific protocols or techniques? For instance, is some form of Layer 2 authorization employed to prevent unauthorized connections to the network? Does a policy exist about open ports or other ways to prevent unauthorized access to the network? |
| 3: | What is the security policy concerning routing within the network? |
|
A3:
| Answer: Has a specific policy been designed to thwart attacks against the routing system? |
| 4: | What mechanisms are in place to react to a security breach or a security incident? |
| 5: | Should access be restricted to specific devices in the network? How should this restricted access be achieved? |
