Network Audit Checklist
The following items should be included in every network audit. The auditor should note any deficiencies identified in each area, but should not be making any modifications of any kind to the existing network during the audit process.
1.
Network topology and physical infrastructure documentation in Visio or similar electronic format.
2.
Network addresses and names are assigned in a structured manner an d are well documented.
3.
Network wiring is installed in a structured manner and is well labeled.
4.
Network wiring between communications closets and end stations is generally no more than 100 meters.
5.
Network availability.
6.
Network security for basic security, including the fol lowing: passwords are reasonable; passwords are protected from casual observation in config files; dialin ports are protected.
7.
Inventory of all routers and switches. Include the following for each device:
8.
Location (city, address, building, floor, wiring closet, rack, slot-in-rack - as detailed as is reasonably possible).
9.
Security of physical location.
10. Configuration. 11. Model and serial number (if easily available) 12. Software version loaded 13. Routing table 14. Routing protocols in use 15. Neighbor table (CDP if Cisco gear) 16. ARP table 17. CAM table (for switches) 18. Spanning tree information for switches 19. Memory utilization (at multiple points during a day, if possible) 20. CPU utilization (at multiple points during a day, if possible) 21. If Cisco routers, output of 'show ip access-list' (and other access lists if routing other protocols) 22. Passwords for all equipment (if encrypted passwords are used) 23. Special redundancy measures (HSRP, etc) 24. Link information. Make sure that the corresponding data volume on an interface is captured at the same time that other supporing data is captured so that they can be correlated.
25. Traffic volume (bytes) every 5 minutes during at least one business work day. Best if this information is taken for several days in e ach of several weeks and reports of average/max values on each segment. Highlight segments with high levels of utilization for the technology in use on the segment. Report number of bytes sent/received on the interface, and the bytes/sec on the interface 26. CRC errors of each segment. Report total errors and errors/Mbyte. 27. Report errors on each segment. Breakdown of error types according to the media (collisoins an d late collisions on Ethernet, soft errors and beacons on Token Ring, etc,) For each error type, report total errors and error/Mbyte of transferred data on the interface. 28. On Token Ring segments, number of soft errors not related to ring insertion and the total amount of data. Number of beacon frames. Report total errors and errors/Mbyte. 29. Volume of broadcast traffic traffic on each network segment. 30. Number of dropped packets (in and out). 31. Report frame size. Report on any frame sizes less than the optimum for that link. 32. Identify WAN links that terminate in routers outside the AS 33. Contact at external AS 34. Method of route sharing with the external AS (static routes, BGP, IGP, etc) 35. WAN link physical clocking rates (e.g. T1, 56K, etc. Warning - do not depend on Cisco 'bandwidth' statements) 36. CIR for Frame Relay circuits 37. WAN Circuit ID and carrier and contact phone number 38. Document physical interconnecting media for each segment (10BT, Fiber, etc) 39. Identify locations of major servers 40. Locate network management stations 41. Identify and locate all firewalls and respective topologies 42. Contact information at each remote site (primary and secondary contact person name, email address, and phone number). 43. Document the services and clients that exist at each site and their relative importance to the business. 44. Document the charges for each WAN circuit.
