Network Documentation and Auditing

Steps to document the network

1. Obtain or construct a building diagram/foor plan.
2. Obtain or construct a physical network diagram.
3. Obtain or construct a logical network diagram. (Software
packages can research and... record all hardware information.)
4. Hardware information should include make, serial numbers,
numbers of ports as well as !" and #$" numbers.
5. %esearch and record all con&guration, protocol and '#S
information.
6. (rint copies of con&gurations &les, keep those copies on tape for
remo)able disk.
7. 'ocument speci&c software con&gurations.
8. %esearch and record all corporate contact and )endor
information.
9. (roduct and maintain de)ice log sheets for all applicable network
de)ices.
10. (roduct and maintain a network cabling labeling scheme. 'o not
base the labeling on names of users.
11. (roduct and maintain procedure documentation.
12. (roduct and maintain computer and network acceptable use
policies.
13. (roduct and maintain computer and network security policies.
14. (roduct and maintain a disaster reco)ery plan.
15. Schedule to update and maintain these items on a regular basis.
16. #e)er share these documents with unauthori*ed indi)iduals ++
e)er,
Steps to audit a network
1. -se outside )endors to conduct and audit. .his will ensure that
there is no fa)oritism or politics in the results, and pro)ide
credibility with senior management. /nsure the )endor or
contractor you use co)ers the items listed below as a minimum.
0ind out who will be conducting the audit and re)iew resume and
references from past audited companies. /nsure goals of the
audit are adhered to.
2. $t is highly recommended that you perform an internal audit prior
to outside audit so you can compare results.
3. /stablish and document baseline performance of all network
components.
4. %e)iew, document and analy*e controls o)er $nternet, intranet
and network resources.
5. %e)iew and document all network connections, client/ser)er,
1!#, 2!#, etc.
6. %e)iew and document controls o)er network operations and
management, load/tra3c management and problem reporting
and resolution.
7. %e)iew and assess network segmentation and identify and audit
any internal &rewalls.
8. %e)iew and assess a single point of failure analysis. How is your
network a4ected by critical e5uipment6 'o you ha)e backups
installed and ready6
9. (repare a risk assessment and de)elop and implement a risk
mitigation plan.
10. %e)iew and document all software licenses re5uired/possessed
for all locations.
11. 7erify and record all installed software. %emo)e all unauthori*ed
software and secure hardware and software to pre)ent future
downloads or installations.