On small networks, the auditing process is almost always carried out manually. This is usually accomplished by issuing commands on various network devices to view their configuration, status, and so on. While this is a practical solution for environments that are relatively small, such a method would be exceptionally time consuming on a network that includes hundreds of network devices or more. Depending upon the equipment in use on the network, scripting can often to be to help automate the process, although this depends on the relative skill set of the network designer working on the project.
On larger networks, a variety of tools and utilities are typically used to gather auditing information. In some cases a customer may already have these tools deployed, while in others, specific utilities may need to be purchased or downloaded and installed just for this purpose. Examples of common utilities used to gather network audit information include:
- Network management systems like HP OpenView, Sun Solstice, IBM Tivoli, TNG Unicenter, CiscoWorks, and What’s Up Gold. Network management systems typically provide a wide variety of data about the current network including physical and logical topology maps, information about the configuration of network equipment, and so forth.
- Network diagramming and data collection tools like Microsoft Visio Enterprise Network Tools.
- Security tools like Cisco Secure Scanner to test for security vulnerabilities and issues.
- SNMP data-gathering utilities like the free Multi Router Traffic Grapher (MRTG).
Although network auditing using the tools listed is very effective and usually highly accurate, some of these applications can be very expensive, and therefore not practical in all situations. The good news is that another highly effective way of auditing a network is by using information provided by existing equipment. For example, accurate information about a network can also be gathered by analyzing the configuration of network devices.
On Cisco equipment, this information is usually gathered through the use of a few key commands.
Some of the common commands used to gather information about existing Cisco equipment include:
- show running-configuration. When issued on Cisco switches and routers, this command displays the configuration of a device that is currently being used.
- show version. When issued on Cisco switches, routers, and PIX firewalls, this command displays information about the model in use, system specifications, the device’s IOS version, and more.
- write terminal. When issued on a Cisco PIX firewall, this command displays the current running configuration of the system.
- show tech-support. When issued on a Cisco switch, router, or PIX firewall, this command displays complete information about the configuration of the device, aggregating the information provided by various show commands.
- show processes. This command displays information about all of the processes currently running on a system, including CPU utilization information for the last 5 seconds, 1 minute, and 5 minutes.
- show buffers. This command displays information about how a system is allocating RAM for the purpose of buffering packets. A high level of buffer misses may mean that the system does not have sufficient memory to function effective on the network.
When attempting to characterize a customer’s existing network, using the configuration of existing equipment (Cisco or otherwise) represents a very accurate method of obtaining information for analysis purposes.