Auditing
Now that the basics about the network have been put together, should a problem arise there is at least a minimum amount of information on hand to troubleshoot with. However, the specifics about the network are still largely a mystery. The auditing phase of the documentation process is one that will take some time. While larger networks have more equipment there are some software solutions that are going to be cost effective to get the job done. Smaller networks will obviously have less equipment but the tools that you would use for larger networks are going to be too costly to use and therefore some if not all of the auditing will have to be done manually, which will take some time. Either way the information that you want to gather is essentially the same. Details about the infrastructure is invaluable not just for troubleshooting, but for improving and securing the network in the future. Because of its critical nature, it is wise to start with the network audit first.
Network Audit
The network audit is a detailed look at the backbone infrastructure of the network, how it is connected together, and how the individual pieces are configured. This is needed not just so that troubleshooting can be made easier, though that is a concern, but knowing the details of the network also allows for a more secure and controlled network. Some of the different sections of the process will be done at the same time, but it is broken up into sections in order to make it easier to understand what needs to be.
Hardware
The best, and most obvious, place to start is with the hardware. Beginning with the modem and working inward each piece of hardware can be documented in detail. Using the templates as a jumping off point and customizing them to meet the needs of the network a clear picture of what is where will emerge. It is in the middle of this process that the other sections of the network audit can be performed.
Network Mapping
Creating a visual map of the network while documenting the hardware will simplify the process a great deal. While ultimately a more professional map can be drawn up using a program like Visio, a hand drawn map may be much easier to work with until all the major components are accounted for.
Subnetting Scheme
This particular part of the audit will become better known as the different routers and switches are audited. Smaller networks will likely all be on the same subnet but even in those networks it is possible that some subnetting is in place. An important configuration to note is whether or not the network is using a VLAN as opposed to standard subnetting. If this is the case then the documentation on the switches and routers will need a little more attention.
Access Rights
Some hardware, like servers and managed switches, can allow for multiple administrators and even different levels of administrative control. While these systems are being audited a review of the different logins and which users have access to them should take place. Depending on the reasons the last administrator left it may be necessary to change the passwords to the logins for the sake of security.
There is also the possibility that the logins simply aren’t known. This is more likely to happen in a medium to small network where there isn’t a standardized practice already in place. In these instances some extra planning is going to be needed to fix the problem. If it is simply the case that the defaults were never changed then getting that information from the manufacturer is a quick and easy fix. However, if the passwords were set by a previous administrator and that information hasn’t been passed on then it potentially involves resetting the hardware and configuring it back up from its factory defaults. While this has the advantage of knowing how it is configured, the likely extended downtime and lost productivity from the unknown issues it will cause is a concern. Investigating the configuration of the devices connected to it before making any changes will cut down on surprises but ultimately access to that piece of equipment will become necessary. It will be better for the process of getting that access be a planned and controlled event instead of a rushed emergency.
Computer Audit
The workstations and laptops of an organization will take up the most time in an auditing process by sheer volume since they will outnumber the networking equipment by quite a bit unless it is an extremely small organization. Unlike the networking equipment, there are some good software solutions for gathering data on the computers attached to the network but it will be the size that determines how to proceed on this portion of the audit. For a small network with a handful of computers it will be more time consuming to setup the software and get the needed information from that than it will be to get it manually. A good rule of thumb would be that if a network has a domain controller then it probably should be done using software if possible for the sake of time to be followed by a manual audit over time.
Auditing using software
The software solutions available for auditing use a couple of different methods to find the computers on the network. One method is to monitor the traffic on the network along with IP addresses to discover what is on the network and then use that to query what is found more directly to get more information. The other method is to distribute a client using group policy which in turn sends information about the system it is installed on to the server application. The costs of the applications vary from free to the thousands of dollars, though the more expensive applications offer more functionality than just asset discovery. Dell’s KACE for example is actually a management system that incorporates inventory, software distribution (via GPO), helpdesk tickets, and task management but the cost is high enough that it is out of the question for most small or medium organizations. Here is a short list of applications to consider using.
- SpiceWorks (Free)
- Lansweeper (Free for basic , $400 for Premium, $1000 for Enterprise)
- KACE (3000+ depending on number of nodes and locations)
- Altris (Licensed per client and servers)
- LANDesk (Quotes based on equipment)
- Microsoft SMS
Manual Auditing
If the process needs to be done manually there then the first decision that should be made is one of what information is truly valuable to the administrator. The automated solutions will gather a great deal of information that may not be of any use but since it is automated there is no real problem with having it. When it is being gathered by hand then time doesn’t need to be wasted on data that will serve no purpose. Even though the process is “manual” it doesn’t mean that some of the information gathering can’t be automated. Writing a script that can be run on workstations to gather some if not all the desired information and putting it into a text file is not out of the question. Experience and expertise will determine if that is worth the effort. Regardless, some templates are attached with this document that will cover much of the desired information and can be filled out either on a computer or printed and filled out by hand.
Peripheral Devices
Keep in mind that whether the audit is automated or done manually some of the equipment that you should know about and have documented are not going to be workstations. Copiers, scanners, faxes, printers, and other peripheral devices should be included in the audit process as they will need troubleshooting and replacement as well.
Legacy Systems
Legacy systems should receive special attention because they truly represent a category all their own. These are critical systems that for whatever reason cannot be replaced or upgraded. In some cases it is because the software that they are using is only compatible with an older operating system or that they are dependent on outdated hardware. In more extreme cases it is both. Noting the specific reasoning is import because it will determine how to best protect this particular asset going forward. If the system is only dependent on an outdated operating system then it may be possible to move it to a virtual machine without losing functionality. However, if it is hardware related in any way then finding a more up to date solution that can replace the system needs to be investigated or at the very least replacement parts need to be found and purchased in order to keep the system functional.
Software Audit
The software that is present and used in the network environment by both the administrators and the general users should also be audited for reasons of security, updating, and support. This is especially helpful in larger environments where a great deal of software can be “pushed” using the domain tools cutting down on the number of manual installations and updating. Obviously not all software warrants being kept track of but any primary use software should be.
Special Software
Most organizations will have certain users that require special software that is not distributed to all workstations. This software should especially be noted. Special software will likely mean a need for specialized support for that particular user. There is also the matter of licensing and the legal issues involved with specialized software.
Licenses
While any specialized software will almost certainly have a license which needs to be kept track of for legal and reinstallation purposes, there is also going to be software that is distributed among all the users that often will entail some kind of annual fee or contract. Site and volume licenses for things such as Windows and Microsoft office installations will need to be kept on file and current. Servers, especially domain controllers, will involve licenses that are based on the number of users. These also will need to be kept current.
Group Policy Controlled
If the network does have a domain controller then it is possible that some of the software that is found on the workstations is being pushed via Group Policy and is managed centrally instead of individually. Knowing which ones are handled in such a way can help speed up this portion of the audit process. It can also provide a leg up in getting some of the day to day operations under control and out of the way.
Physical Access
Lastly, if an organization has reached a size where the networking equipment and servers are kept in secure rooms then determining who has access to these rooms should be part of the audit. Keys are easily duplicated, frequently lost, and there is often no clear record kept of who has a key to what. If it is found that there are several keys missing or unaccounted for changing the locks to the secure areas is recommended.