01-15-2009 12:14 AM - edited 03-06-2019 03:27 AM
friends i have planned to audit a network which contains atleast 7 routers(bgp,QoS,OSPF and other features) with 25 switches(L3,HSRP,MCast etc)so how can i do my job i mean which softwares are required plus what services shoud i target.Please help me out
01-15-2009 07:26 AM
CiscoWorks, Solarwinds, MRTG...just to name a few
01-15-2009 07:48 AM
What type of auditing are you doing? Security audit or "make the network better" audit?
John
01-19-2009 03:43 AM
If you are performng security audit, my recommendation is to use Nessus http://www.nessus.org
Also remember the following;
- Use encrypted port for management (i.e. SSH, HTTPS)
- Shutdown ports not in use.
- Put descriptions on ports being use (i.e. wha they are used for, circuit # of wan ports if possible include the provider service desk number)
- Have an updated (complete) hardware/software inventory list (includes: models, serial numbers, maintenance contract, maintenance provider and contacts, maintenance contract duration and expiry/start dates)
- Network operation guide (for NOC).
- WAN line contracts (expiry/start dates, circuit numbers, provider contacts)
- Hosts permitted to access the devices (should be lesser, some I saw entire Class C network added in the VTY ACL - if I'm auditor this will fail audit)
- BGP should have password (specially multi-hop BGP)
- It is recommended to implement password security in OSPF (this can be complicated to some)
- VTP domain should have password.
- Switch ports not joining VTP domain should be protected "root guard"
- Physical cabling should have proper label (each end of the cable should be labeled as in you know where to plug them back if you unplug both ends)
- Equipment should be labeled front and back includign power cables (in case you call 24x7 operator to shutdown/power cycle a device, they will not make mistake which one to shutdown/power cycle)
- Any ACL for bogons should be checked and make sure up-to-date (some people put bogons ACL but never update it for years)
- It will be good also if there is a blackhole routes (depends on your network)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide