I was once involved in a project for a client with quite a large network spanning several locations and cities. The client wanted to know the real state of their network so as to improve the overall performance of the network. Basically, he needed a network audit.
The scope of this project involved:
- Inventory: determining what kind of devices were running on the network;
- Support: if any of those devices were obsolete;
- Architecture: how the devices were connected;
- Security: if there were any security concerns they needed to address; and so on.
What we did on the project I have just described above is known as a Network Audit, the topic of which is the subject of this article. That project was a few years ago and I have gone on to perform many more similar projects to that one.
Network Audit or Network Assessment?
While preparing this article, I thought of which phrase was better to use: Network Audit or Network Assessment? To avoid any confusion, we will assume that they are one and the same in this article.
However, if you want a strict difference between an Audit and an Assessment, I will say that when performing an Audit, you compare what you have to certain “standards” and policies. On the other hand, an Assessment is more investigative – maybe you want to find a problem or just know the state of your network, not necessarily according to any written standards.
Scope of Network Audit
One thing you always want to ask yourself before starting any project is “What is the scope of this project?” This helps set both your expectations and that of the client.
Having said that, in most of the Network Audits I have performed, my scope of work is usually limited to network devices such as Routers, Switches, Firewalls and so on. My audit doesn’t extend to end devices like Servers and user PCs, neither do I audit Applications. In the same vein, we will restrict our discussion to auditing Network Devices.
Why and when do you need a Network Audit?
Organizations do not just wake up one day and decide to do a Network Audit; there is usually a need that drives such a decision some of which are:
- Inventory: As organizations and their demands grow, mergers take place or devices passed from one operational team to another, so does the Network. Devices may be added on the fly to the Network and at some point, administrators may be in the dark as to what is running on their Network – enter Network Audit.
- Network Upgrade/Refresh: Like every other thing, there is a tendency for Networks to just fall into the operational state where administrators are concerned with the day-to-day running of such Networks. To keep up with demands, such Networks will need to be upgraded from time to time. Before upgrading, you will want to perform a Network Audit to know what is really going on in your Network, which devices are still supported by the vendor (both software and hardware), which devices to replace, which ones to upgrade and so on.
- Problem Resolution: I once had a client call me into their office to help resolve a problem they were having with Internet access. This client wasn’t technical savvy – they had had someone come in to help setup the Network and this individual was not accessible anymore. Before I could resolve the problem, I needed to first know what made up their Network and performing a Network Assessment was the way to go.
- Compliance: Depending on the kind of business an organization is into, they may be required to comply with certain standards (e.g. PCI DSS). A Network Audit will be used both by the company (to prepare for the audit) and external auditors (to assess the compliance of the organization).
How to perform a Network Audit
Let’s now get down to the meat of this article: How will you perform a Network Assessment? I typically breakdown a Network Audit into three phases/stages:
- Perform Audit
Let’s take a closer look at each stage.
Planning a Network Audit
There’s a saying that goes, “Proper Preparation Prevents Poor Performance”. This could not hold truer when performing a Network Audit. If you do not get this Planning phase properly, you may end up being frustrated while carrying out the project.
Here are a couple of things to consider during the Planning phase:
- Do you have buy-in from all stakeholders? There are two major groups of stakeholders: Management Team and Technical Team. Even if you have a go ahead from Management, you need to make sure that the Technical team is aware and willing to work with you since they are the ones to give you the access you need.
- What tool(s), if any, will you be using? There is a subsection dedicated to Network Audit tools later in this article.
- Do you have access to the devices? Whether you decided to use a tool or not, you will probably need one of the following methods of access: SNMP, Telnet and/or SSH. You need to make sure that you have the necessary credentials (community strings, usernames, passwords) for these access methods. However, even beyond having the credentials, are the network devices configured for these access methods? This is especially true for SNMP as you may find that the network devices have not been enabled for SNMP. This particular point has been one of the most difficult issues I’ve faced from personal experience and one way to overcome this is through scripting.
- What computer will you be using to perform the Network Audit? Will it be a personal laptop? Is this okay with your client? If the client is the one to provide the computer, does it have the necessary computing power? You need to think about this because some tools require a lot of computing resources.
- What is the observation point? If you will be using a Network Protocol Analyzer on the network, where will you be connecting the computer that will collect and analyze traffic? Is there a switch port available and if there is, can SPAN/port mirroring be configured on this port?
Network Audit Tools
Let’s take a deeper look into the tools that we can use to perform a Network Audit. The first question you probably want to ask yourself is “Do I need a tool?”.
If you are performing an audit for a small network (and depending on why you are performing the audit), you may decide not to use any tool – just connect to the devices one after the other and get the information you need manually.
However, from my experience, you are probably better off using a Network Audit tool. You will be amazed at some of the information these tools can provide including:
- Device inventory: Device Name, capacity, interfaces, etc.
- Network diagrams: These devices can determine the connection between devices and save you the trouble of producing network diagrams.
- Milestones: Some of these tools have the capacity to connect to Original Equipment Manufacturers’ (OEMs’) websites and retrieve milestone information such as End-of-Sale, End-of-Life, End-of-Support and so on. These milestones are quite important because you can determine if your device is obsolete and how much risk you run keeping such devices.
- Configuration best practices: For example, tools like Nessus can assess how secure the configuration running on your network devices are and proffer best practices.
- Reports: The culmination of any Network Audit will be a report in some form and these tools can actually generate reports for you! That is every Engineer’s dream – not having to write reports.
Before we move on from this subsection, let’s highlight a few tools that can be used to perform a Network Audit. It’s good to mention now that you may need to use a combination of tools as there may not be a one-size-fits-all tool for your needs.
We can categorize Network Audit tools depending on what we want to achieve:
- Network inventory, network diagram, analysis: Solarwinds, Open-AudIT, NetformX are examples under this category. These tools will perform inventory, provide network diagrams and even generate reports for you.
- Security Assessment: Nessus and Nipper are tools under this category that will assess the configuration on your devices and give you report not only for the issues, but also show you how to resolve them.
- Performance assessment: Wireshark is probably king in this domain although there are other tools like iperf, ntop and NetFlow analyzers.
Personally, if I wanted to perform a one-off Network Audit today, I will probably use Solarwinds because they offer a 30-day free unlimited trial available to anyone. I may not need to buy the full product unless I do a lot of audits.
If you want to use Solarwinds to perform a Network audit, you will need:
- Solarwinds Network Configuration Manager (NCM)
- Solarwinds Network Discovery Service Tool (NDST)
- Solarwinds Network Topology Mapper
You are now ready to perform your Network Audit. The kind of information you will be interested in at this stage will depend on your end goal. For example, if you are troubleshooting a problem, you may not be interested in End-of-Sale date of a device.
If you are using a tool, performing a Network Audit is as simple as configuring some base settings in the tool such as:
- SNMP community strings (v1 or v2c) or usernames/passwords (v3)
- Telnet/SSH usernames/passwords
- Enable passwords
- Seed device/Network range: When using a seed device, the tool will start with this device and then hop to other devices on the network using information retrieved from the seed device. You can also configure a range of IP addresses/subnet for the tool to probe.
With this basic information, your tool is ready to go to work discovering devices. Depending on the size of the network, your audit can take hours or in some cases, days. I once left my audit computer running all night at a client site because the tool was still working.
Performing a Network Audit is all well and good but what do you do with the result of your audit? That’s what this phase deals with and it will depend on your reason for performing the audit.
Generally speaking though, there are two things that should have at the end of a Network audit:
- Report: You need to be able to make sense of all the information that you/your tool pulled up. Like I already mentioned, some of these tools can provide reports for you but you will probably need to present management with a special report that addresses the issues from a business angle, not from a technical point of view.
- Recommendations: This is where you highlight next steps. For example, if you discover obsolete devices, you need to make a case for replacing those devices with newer models. Some of your recommendations can be carried out as “quick fixes” – something that can be done immediately to improve the network. For example, during a performance assessment, I discovered that the interface on the router that terminates the ISP’s link was faulty. We moved the link to a different interface and there was significant improvement on the client’s network.
Tip: Even though most tools will create reports for you, this article comes with a downloadable sample “Network Assessment Detailed Report Template” which you can use to report Milestones. This template was generated from the Solarwinds Network Discovery Service Tool.
This brings us to the end of this article where we have discussed Network Audit. We began by describing what a Network Audit is and then went on to highlighting when and why we need audits – compliance, network upgrades, device inventory and so on.
We then talked about the three stages of a Network Audit: Planning, Performing the Audit and Post-Audit. During the planning stage, we said it is important to get the buy-in of all stakeholders including the management and technical teams. We also mentioned some tools that we can use to perform Network Audits including Solarwinds, NetformX, Wireshark and Nessus.
We discussed some of the things you will need to actually perform the Network Audit, like configuring SNMP community strings and Telnet passwords on the tool you will be using.
Finally, we discussed that you will probably need to provide a report and recommendations after the Network Audit is complete.
If you have questions, please feel free to drop us a line in the comments section below.