Network Audit Guide
NRegular network audits should be a core part of your network management strategy. They help you identify opportunities for performance optimization and address potential security vulnerabilities before they morph into critical issues.This guide offers an overview of how to perform a network audit. We’ll focus on two main components of networking auditing: infrastructure audits and security audits.
Network Infrastructure Audit
Modern network infrastructure tends to be highly complex. For many organizations, it consists of a mix of physical and virtual devices. Some may run in an on-premises data center, while others are hosted in the cloud. There may be multiple networks in the mix, some public and some private.
Performing regular audits of networking infrastructure helps you ensure that your networking assets are up-to-date. It also provides visibility into your network architecture and identifies bottlenecks that hinder network performance.
When auditing network infrastructure, start with the physical hardware. Identify all of the switches, routers, PCs, servers, mobile devices, and wireless access points that exist on your network.
Be sure, too, to distinguish between on-premises and remote hardware. And keep in mind that many devices (such as an employee’s personal phone) may be connected only intermittently to your network.
All of this data should be entered into a database. In addition to identifying devices and their locations, the database should specify the following:
- The last time the device was updated or replaced.
- The end-of-life date for the device.
- Whether there are any visible physical defects, such as damage caused by overheating.
- Whether the device is properly labeled with a physical ID tag or similar identifier and, if so, what the identifier is.
- Whether the device’s environmental conditions are adequate. For example, is the room temperature controlled properly? Is there enough space to house the hardware and perform maintenance on it?
- The IP address or addresses of the device, if applicable. Note also how IP addresses are assigned (manually or dynamically via DHCP) and any special requirements related to IP address (for example, does the device need to have a specific IP address or be on a certain subnet?).
You should also use audits as an opportunity to update your network map, which is a diagram that shows the physical locations of devices and the networks that connect them.
Further reading Guide to Network Design
On modern networks, the software comes in two main forms. First, there are applications and the operating systems that host them. Second, there may be software-defined networking components or resources such as software firewalls, VPNs, or virtual machines.
Your network audit should assess the state of all of these resources and the fitness of the network to support them. For each entity, record:
- Whether the resource is a software-defined network infrastructure component or a standard software resource (in other words, an application or operating system).
- The last time the resource was updated or replaced.
- How much bandwidth the resource consumes, and whether adequate bandwidth is available to it.
- IP addresses used by the resource, and how they are configured.
- Licensing information for the resource, if applicable, and whether licenses are up-to-date.
Network Security Audit
Because network security is so critical, it’s a best practice to perform network security audits separately from other network audits. Network security audits should focus on the following:
- Network data security: Ensure that data is secure both while in motion on the network and at rest on network endpoints. Is it properly encrypted? Are access controls in place to restrict who can view the data? If any data contains personal information, is that information anonymized to the extent possible?
- Network access control: Which authentication protocols and procedures are in place to protect access to the network? If a new device is joined to the network, does it instantly gain access, or does the user need to enter credentials first? Are the same access controls in place for both wired and wireless connections? Are all of the authentication protocols that you use up-to-date, and are you avoiding protocols with known flaws (such as WEP)? Do you require users to change passwords periodically? Which ports are open on the network, and are any open unnecessarily?
- Physical security: How is physical access to the network secured? Is any networking equipment accessible from spaces that don’t require a key or other access controls to enter?
- BYOD policy: If the organization allows employees to bring their own devices, what are the specifics of the BYOD policy, and are they properly enforced?
Further reading Network Security Best Practices
The information you collect about network security will vary depending on which types of workloads run on the network and how they are configured. For example, if you are dealing only with on-premises workloads, you do not need to collect the same types of access-control details as you would when auditing networks that extend into the public cloud, where cloud-based identity and access management (IAM) systems come into play.
No matter what your security audit entails, the ultimate goal should be to identify configurations and resources that diverge from network security best practices.
Using Network Audit Data
Performing a network audit or network security audit is only half the battle. You must also interpret and react to the audit effectively by identifying risks and opportunities for improvement.
There are a few strategies that can help make this process efficient. One is to compare your most recent audit data to historical audits in order to determine what has changed. This will help you hone in on resources that may not have been properly reviewed since the last audit took place.
You can also use automation tools to identify devices or configurations that are at odds with allowed network policies. For example, you can write regular expressions to search auditing data for port numbers that may be vulnerable to abuse or to find instances where a device or application uses a networking protocol that is known to be insecure.
Finally, assess your overall network architecture to look for bottlenecks and performance weaknesses. Which parts of the network suffer from the lowest bandwidth, for instance? Could an architectural change, such as moving data from on-premises into the cloud, improve performance by placing it closer to the applications that access it?
Network audits involve collecting and analyzing large amounts of data. That takes work, even if you use automation tools to streamline the process. But this is an instance where an ounce of prevention is worth a pound of cure. By helping you identify and address problems early, network audits will save you a lot of time and headaches down the road. It will also keep your users happy and, in turn, bolster your MSP brand.