Network Auditing

[shodge37]

So I just joined this company as a Sr Administrator and it was suggested that to become familiar with the servers' hardware, software, firmware, etc, i perform an audit on each one.

I've never really been tasked with this, so I thought I might pose it to people in the field.

Does anyone have a procedure they use for doing this?

Thanks in advance for any help.

 

[nweaver]

FIrst, I ask to see the existing documentation. I tell them there are 2 reasons for this, 1. I then have a basic idea of how they like documentation to be, i.e. is it a web page, a spreadsheet, a napkin, etc. 2. So I can verify the accuracy of the information (2 birds with one stone)

in reality, it's so that I know if they know what they really have, and have documented it to the degree they should. I don't care as much if a server is a P4 or a Xeon, I care more about if it's an AD controller, what FISMO roles it has, what network services it runs (and which it SHOULD run) etc.

For hardware stuff, I use things like srvinfo, psinfo, etc to get most of the hardware stuff.

 

[p0lar]

Originally posted by: shodge37
So I just joined this company as a Sr Administrator and it was suggested that to become familiar with the servers' hardware, software, firmware, etc, i perform an audit on each one.

I've never really been tasked with this, so I thought I might pose it to people in the field.

Does anyone have a procedure they use for doing this?

Thanks in advance for any help.

Actually, I provide a service for certain fields (R&S and Voice that are IOS-based) for such a thing. Some gotchas to watch out for are software versions, special configuration exceptions, anything that is Internet-facing as well as security/crypto devices as a whole, with the most emphasis probably being on security devices/firewalls.

As for servers and their softwares/versioning/etc... that's a daunting task I would be very leary of, especially if you have a diverse array of operating systems and software revisions that you're being asked to examine. My personal favourite is someone asking for an iptables firewall security audit. I run - fast.

Other than that, it sounds like you're on with a decent place if that's one of their first requests. It's a fast-track to learning about their infrastructure, possibly only slightly paced behind being asked to write documentation for it as well.

 

[shodge37]

Originally posted by: p0lar

Originally posted by: shodge37
So I just joined this company as a Sr Administrator and it was suggested that to become familiar with the servers' hardware, software, firmware, etc, i perform an audit on each one.

I've never really been tasked with this, so I thought I might pose it to people in the field.

Does anyone have a procedure they use for doing this?

Thanks in advance for any help.

Actually, I provide a service for certain fields (R&S and Voice that are IOS-based) for such a thing. Some gotchas to watch out for are software versions, special configuration exceptions, anything that is Internet-facing as well as security/crypto devices as a whole, with the most emphasis probably being on security devices/firewalls.

As for servers and their softwares/versioning/etc... that's a daunting task I would be very leary of, especially if you have a diverse array of operating systems and software revisions that you're being asked to examine. My personal favourite is someone asking for an iptables firewall security audit. I run - fast.

Other than that, it sounds like you're on with a decent place if that's one of their first requests. It's a fast-track to learning about their infrastructure, possibly only slightly paced behind being asked to write documentation for it as well.

Haha...funny you should say that. I think they hired me partly because I've done Quality Systems Documentation for ISO 9001:2000 at my previous job and they're trying to become SOX (actually CSOX up here in Canada) compliant. So documentation at some level will almost definitely be happening.

Thanks for your reply!

 

[p0lar]

P.S. Welcome to AT Networking!

 

[shodge37]

Originally posted by: p0lar
P.S. Welcome to AT Networking!

thanks! i was on here a few years ago, but couldn't remember my login info so i made a new account.

 

[Goosemaster]

Perhaps setup SNMP and a trap (zenoss, cacti etc) in the interm so you at least have some sort of equipment listing before you get serious about auditing.

you will need to enable and configure snmp on jsut about everything for this do do anything though