If you work in an organization that is publicly traded, or you are subject to other government regulations, you will be required to perform a periodic network audit. Even if an external entity doesn’t require an audit, it's a good idea to review your network to ensure your environment meets current standards.
In a large network, a full audit may seem like an overwhelming task, but a few regular practices can help at audit time. As with most things, a successful audit begins with planning. The overall health and manageability of your network will dramatically reduce your audit and remediation efforts.
Let’s get a few basics out of the way. You will need an up-to-date inventory of all the devices on your network. There are many ways to maintain this inventory, ranging from a low-tech spreadsheet to a fully automated inventory tool. Regardless of the solution you use, you should track details like hostname, management IP, serial number, and code version. You should keep basic configuration standards and templates to which your device configurations can be compared. Proper standards, correctly defined and applied, will enforce a minimum standard and will help you stay compliant throughout the year.
As you consider your networking standards, appropriate logging is a must. You will need a centralized logging server which will collect syslog from your devices. There are many open source and commercial logging options. Minimally, you will need to log invalid login attempts, hardware failures, and adjacency changes. Firewalls should log ACL denies and other security events. As you build a logging infrastructure, you can add tools to parse logs and alert on relevant events. You will need to carefully control who has write access to your log data. Check internal and external adit standards for retention requirements. Many organizations need to save audit logs for 7 years or more.
In recent years, wireless networks have become a sticking point in network audits. As compared to wired networks, wireless infrastructure has been changing rapidly, the number of devices have proliferated, and vulnerabilities for legacy wireless abound. Many organizations implemented wireless quickly with a pre-shared key without considering the security or audit consequences. In order to meet current wireless security audit requirements, your wireless network will need to authenticate via 802.1X with user credentials or a unique certificate managed by PKI. You will need to log all access to the wireless network. In addition, some standards may require wireless technology to perform roque detection and mitigation.
Its important to remember the purpose of a network audit. Typically, an audit measures how well you comply with established controls. Even if your network is, in your estimation, well run, secure, and well documented, you can fail an audit if you do not comply with established policies and procedures. If you have responsibility for ensuring your network audit, get clear guidance on the audit standards and review any policies and procedures that apply.
Network audits can be challenging and labor intensive. However, with careful planning, the right tools, and diligence over time, the task will become much simpler.