Securing Network Infrastructure Through Automated Configuration Auditing and Compliance Checks

Network misconfigurations remain one of the most common causes of security breaches, yet manual configuration auditing is time-consuming and error-prone. This paper presents an automated framework for auditing network device configurations against industry-standard security baselines such as CIS Benchmarks and NIST SP 800-53. The framework parses router and switch configurations from vendors like Cisco and Juniper, then matches them against defined compliance rules using a policy engine developed in Python. Key areas audited include SNMP community strings, access control lists, VLAN segmentation, password encryption, and interface hardening. We apply the framework to a real-world university network spanning 150 devices, identifying misconfigurations such as exposed SNMP v2 strings, unused open ports, and weak password policies. The system generates remediation suggestions and integrates with ServiceNow for ticket creation. Additionally, we simulate attack paths enabled by these misconfigurations using the MITRE ATT&CK matrix to assess potential impact. Results show that automated audits reduce average compliance review time by 70% and uncover misconfigurations often overlooked in manual reviews. This paper demonstrates how infrastructure security can be significantly enhanced through repeatable, policy-driven configuration validation. The proposed approach supports continuous compliance and proactive hardening in enterprise-scale networks.