Are there any backdoors in the system providing potential ability to circumvent security controls, including authentication and audit logging? Were default passwords for all built-in accounts changed?