General discussion

Locked

NETWORK AUDIT

By REZUMA ·
NETWORK AUDIT
Hi everybody,

I am an IT consultant (I just started as a independent consultant), I am confident in my knowledge solving problems.
Can anybody recommend me a book or online paper about which are the step to follow when auditing a network? I have a new clients who wants me to solve the few problems that they have and also to do a report of things that could be improve. IT is a windows 2000/2003 network with several satellite offices, so I know that I should check router, AD sites configuration, etc, I know already things I would have to check but I am wondering is there is a book or paper that gives you an organize step by step of things to do when auditing a network... I could work on my own protocol of auditing a network but I would prefer to see if somebody has already done this.

Thank you very much

Rezuma

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by dmiles In reply to NETWORK AUDIT

See the following site
http://www.ghostship.com/infosyssec/intdet1.htm

Collapse -

by steve.freke In reply to NETWORK AUDIT

Rezuma,

I would use the OSI model. Define what it was layer 1. That is, all the phys conn'ity between the active devices on your net. This includes cable runs between server rooms and wiring closets. This will take the longest but is the most often ignored becuase it is the most tedious.
Move up to layer 2, document collision domains, STP instances etc. Move to layer 3, document broadcast domains, subnets and routing instances, include which routing protocol, interface IP addr etc.
Once you have documented layers 1-3 and understand the "Network" infrst, you can start looking at the "client/Server" infrst. There are many tools available, but you probably won't have the budget to spend 10k on audit or packet analysis tools. Get all this info from the active equip', arp tables, cross ref'd with forw'ing tables, note the routing tables etc. DHCP scopes are also useful.
Ensure that you have a complete picture of each layer before you look at the next. If you don't have an accurate pict of layer 1, any info you collect about layers 2-3 will be flawed. That cable you thought ran the length of the blding is actually two cables connected with an old bridge that is hidden in the ceiling space and also happens to be your STP root bridge. Disconnect that and your network will stop. Be methodical and take the time that is neccesary. I audited a 2500 desktop site, with 80 servers in a farm, by myself, working 12 hours a day for 4 days of the week and it took me nearly 3 months. Becuase I could trust nothing the client said as he had not conducted a reliable audit using a sound methodology.It turned out he had two STP instances running, which explained why his network stopped working when he disconnected an "unused" segment.
Never trust what the client says, if he was to be trusted you wouldn't be needed in the first place. Collect your raw data and the use it to produce node lists, physical and logical diagrams.

Hope this helps.

Steve

Collapse -

by REZUMA In reply to

Thanks for your help, i will do so.

Collapse -

by REZUMA In reply to NETWORK AUDIT

This question was closed by the author

Back to Desktop Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums