Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
3
Replies

Network Auditing

mriyunjay006
Level 1
Level 1

‎01-15-2009 12:14 AM - edited ‎03-06-2019 03:27 AM

friends i have planned to audit a network which contains atleast 7 routers(bgp,QoS,OSPF and other features) with 25 switches(L3,HSRP,MCast etc)so how can i do my job i mean which softwares are required plus what services shoud i target.Please help me out

Labels:
0 Helpful
3 Replies 3

Tshi M
Level 5
Level 5

‎01-15-2009 07:26 AM

CiscoWorks, Solarwinds, MRTG...just to name a few

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to Tshi M

‎01-15-2009 07:48 AM

What type of auditing are you doing? Security audit or "make the network better" audit?

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni

‎01-19-2009 03:43 AM

If you are performng security audit, my recommendation is to use Nessus http://www.nessus.org

Also remember the following;

- Use encrypted port for management (i.e. SSH, HTTPS)

- Shutdown ports not in use.

- Put descriptions on ports being use (i.e. wha they are used for, circuit # of wan ports if possible include the provider service desk number)

- Have an updated (complete) hardware/software inventory list (includes: models, serial numbers, maintenance contract, maintenance provider and contacts, maintenance contract duration and expiry/start dates)

- Network operation guide (for NOC).

- WAN line contracts (expiry/start dates, circuit numbers, provider contacts)

- Hosts permitted to access the devices (should be lesser, some I saw entire Class C network added in the VTY ACL - if I'm auditor this will fail audit)

- BGP should have password (specially multi-hop BGP)

- It is recommended to implement password security in OSPF (this can be complicated to some)

- VTP domain should have password.

- Switch ports not joining VTP domain should be protected "root guard"

- Physical cabling should have proper label (each end of the cable should be labeled as in you know where to plug them back if you unplug both ends)

- Equipment should be labeled front and back includign power cables (in case you call 24x7 operator to shutdown/power cycle a device, they will not make mistake which one to shutdown/power cycle)

- Any ACL for bogons should be checked and make sure up-to-date (some people put bogons ACL but never update it for years)

- It will be good also if there is a blackhole routes (depends on your network)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card