Monday 13 May 2013

How to do a network audit

     This is a not so detailed solution to how to go about this task. The following is an edited version of the description by an networking Guru on how to go about this task. Who goes by the username steve.freke on techrepublic. I have added some stuff of mine onto what he had shared .

      Use the OSI model. Define what it was layer 1 – that is, all the physical connectivity between the active devices on the network. This includes cable runs between server rooms and wiring closets. This step will take the longest and is the most often ignored because it is the most tedious.

 Move up to layer 2 – document collision domains, STP instances, etc. Move to layer 3 – document broadcast domains, subnets and routing instances, including which routing protocol is being used, interface IP addresses, etc.

"Once you have documented layers 1-3 and understand the network infrastructure, you can start looking at the client/server infrastructure. There are many tools available, but you probably won't have the budget to spend $10K on audit or packet analysis tools. You can manually get this info from examining the active equipment, ARP tables (cross referenced with forwarding tables), and the routing tables. DHCP scopes are also useful.

"Ensure that you have a complete picture of each layer before you look at the next. If you don't have an accurate picture of layer 1, any info you collect about layers 2-3 will be flawed. For example, I once discovered that a cable I thought ran the length of the building was actually two cables connected with an old bridge that was hidden in the ceiling and also happened to be an STP root bridge. Disconnect that and the network would stop.

"Be methodical and take the time that is necessary to complete the task. I once audited a 2,500 desktop site with 80 servers in a farm. Working by myself for 12 hours a day for 4 days of the week, it took me nearly 3 months because I could trust nothing the client said, since he had not conducted a reliable audit using a sound methodology. It turned out he had two STP instances running, which explained why his network stopped working when he disconnected an "unused" segment.

"Never trust what the client says – always confirm any information for yourself. If he was to be trusted, you wouldn't be needed in the first place. Collect your raw data and then use it to produce node lists and physical and logical diagrams."

 
Design by A Solution