*** NETWORK AUDIT ****
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 07:53 AM - edited 03-07-2019 04:24 AM
Hi ,
Can some one please advise how to do the network audit. My task is to do the network audit on one of the unorganized network consists of several Cisco Routers and switches and also using MPLS network ISDN lines.
I want to do the network audit that acutally shows the clear picture of the network , what services are running etc .
Can some please guide me from where to start . I dont want to use any tool for this audit . Any templete , book , link that explain how to start network audit will be very helpful.
some one told me to enable the cdp neighbour on all the devices and start from there.....
THANKS....
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 11:25 AM
(not trying to sound rude on this post)
If you're not intimately familiar with routing and switching this task should probably be left for an experienced professional in this field, ESPECIALLY if the network is unorganized. Seeing as i've been doing this for 15 years - it is one of my strong points, I can tell you that even I miss things during an initial network audit... If you're trying to do for this a learning tasks, and it's NOT ASSOCIATED WITH UPCOMING NETWORK CHANGES, use the following commands on most cisco IOS gear:
sh cdp n (will show you interconnected managed Cisco equipment and what port it's connected it)
sh arp (will show IP address, MAC addresses and associated interface/VLAN)
sh vlan (will show each VLAN and which ports are associated)
sh ip route (will show Layer-3 routing tables)
sh run (shows running config output)
There are plenty of tools out there that claim they can create a network map, but I haven't found one which actually creates an accurate representation of how stuff is actually connected.
Now you mentioned "services running" - this opens up an entirely new can of worms; Applications and servers are no longer in the scope of network transport, meaning you'll need a speciality and focus on servers/operating systems and security. Thankfully, there are PLENTY of decent application packages out there to *DO* accurately give you a picuture of services running on servers (just google it, there should be a few million page results to sift through).
Just my two cents, hope it helps!
Thanks,
Sean Brown
(rate this post if it's useful)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 01:44 PM
In addition to the responses that Sean provided, for each device:
code version
SNMP config (is there an access list?)
NTP
addressing
logging
VTP (switches)
circuit inventory - are telco link ids on the interface description ?
login security
syslog config and review
Thats just for starters.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 02:12 PM
muhammad zeeshan wrote:
Hi ,
Can some one please advise how to do the network audit. My task is to do the network audit on one of the unorganized network consists of several Cisco Routers and switches and also using MPLS network ISDN lines.
I want to do the network audit that acutally shows the clear picture of the network , what services are running etc .
Can some please guide me from where to start . I dont want to use any tool for this audit . Any templete , book , link that explain how to start network audit will be very helpful.
some one told me to enable the cdp neighbour on all the devices and start from there.....
THANKS....
Seriously, I 100% agree with Sean - if you're not absolutely confident in your knowledge of networking, pay someone who is to do your audit. There are many, many companies, large and small, who will do so.
If you try it yourself and you're not familiar with the network and the underlying complexities, you're going to leave something out, and you may do more harm than good.
Cheers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2012 10:50 PM
Hi Zeeshan,
Glad to know that you are trying to audit a Network without any tools.
From my experience in audting n/w audit is a job with broad scope.
Typically we use to break down Network Audit further into the following,
1. Router Audit
2. Routing Audit
3. Syslog Audit
4. Lan swithing Audit
5. MPLS Audit
etc...
Before doing any audit you need to have the updated device inventory which is a task that cannot be avoided and you will have to spent time in getting it.
The Device inventory should have the IP address, Hostnames, and Login info if TACACS is not implmented.
Now coming back to the specifics in Network audit, lets take an example for Router Audit. which includes the following,
1. Analysis of Interface ststistics and remedy for fixing it
eg., Increasing CRC errors, runts, carrier drops, Buffer drops etc....
2. Disabling of un necessary services which are enabled by default
DHCP (if not used), finger, ATM, etc..
3. Working of CDP
4. Analysis of interface configuration
eg., bandwidth config, SNMP trap, speed , duplex etc...
The list goes on
Essentially you need to realize one fact that audit is completely based on Show commands.
An audit is not effective unless you provide solution for what has been flagged.
Regards,
Pramod
