Wireless access is enabled (and not required)? Wireless access is configured with open access? SSID suppressed/not broadcast? not ideal, will confuse users, hackers can find it.
MAC address filtering? not ideal, can be spoofed
Wireless access point uses WEP? Wireless passphrase is easily-guessable?
Bluetooth access is enabled (and not required)? Bluetooth pairing is not configured with authentication?
Does the DNS service allow unauthorized zone transfers? Is the DNS service vulnerable to cache poisoning? Does the DNS service allow unauthorized dynamic updates?
Is the system configured for NTP? Is NTP from an authenticated and authorized source?
Is FTP (21/TCP) enabled? Is anonymous FTP login allowed? Is TFTP enabled and not necessary? Is DHCP enabled and not necessary? Is DNS enabled and not necessary? Are unnecessary routing protocols (e.g. BGP, EIGRP, OSPF, RIP, VRRP, GLBP, VTP, DTP) enabled? Are other unnecessary protocols (e.g. echo, finger, chargen) enabled?
Is Telnet (23/TCP) running on the system? Is HTTP login enabled on the system? If HTTPS is enabled, are weak ciphersand protocols suported? If SSH is enabled, is SSHv1 supported? Is SNMP v1 or 2c supported? Is the administrative interface accessible over other clear-text protocols (e.g. rlogin, rsh)?