Network Audit Tools for Network Compliance

A network audit is an important way to measure and report on key aspects of a network. It can provide a comprehensive overview of network settings and health to help administrators better assess status and strategy. For external auditors, a network audit can help demonstrate an organization’s compliance with key regulations.

More specifically, a network audit can help you establish which devices are connected to your network, view their current hardware and software settings, and understand whether they’re reaching end-of-service or end-of-life status. Network audits can also focus on network configuration and change management to help illustrate whether configuration deployments were successful, whether out-of-process changes have occurred, whether configuration violations exist, and more, all of which are important to understand to maintain compliance.

Network auditing can also help you address performance, especially for networks with multi-vendor devices. If you don’t have a network audit solution in place, hardware, software, and even end-user devices can be added—and unauthorized changes can be made—to a network without your awareness.

Network audits can also provide visibility so you can understand performance failures or slowdowns across your network, such as when backup jobs or data archiving fail or devices reach end-of-life status. With better insights, you can adjust settings, restore function, and replace components as needed. In short, a network audit is an important way to identify issues with network performance, ensure proper configuration, and maintain compliance.

Though it’s possible to manually perform a network audit, this process requires a lot of effort and is less accurate than automating these tasks. With the right tools, you can perform a comprehensive network audit in just a few steps.

Whether you’re handling your network audit yourself or having a tool do it for you, the basic network auditing steps and strategies include the following:

• Reviewing policies: To help establish the parameters of your audit, make sure you understand compliance requirements and best practices before you start.
• Investigating inventory network infrastructure: Make sure you understand which devices are connected to your network, including end-user devices.
• Looking for default configurations: In many cases, the default settings for components like routers, VPNs, VLANs, and firewalls can put you at risk. Check port lists, timeouts, encryption settings, and passwords to ensure they’re no longer in default mode.
• Paying attention to routers, switches, and firewalls: An audit can help you ensure optimal functionality best practices are set up for network devices and can help you catch any overlooked settings.
• Noting unauthorized changes: User activity can lead to unauthorized adjustments of key settings. An audit can provide a quick overview of potentially problematic changes.
• Providing results to stakeholders: Audits are useful for IT teams, but they’re also important for other business stakeholders, and they may be required to demonstrate compliance to outside auditors.

SolarWinds Network Configuration Manager offers straightforward and comprehensive network auditing features to provide users with real-time and historical insight into configuration settings and changes.

NCM is designed to automatically maintain an up-to-date network inventory with network scanning features capable of importing details from newly discovered devices, including routers, switches, and more from vendors like Cisco, Juniper, HP, and Dell. This unified inventory of devices and locations can make it easier to make informed decisions and identify end-of-life conditions.

NCM also allows you to run reports providing useful overviews of configuration change settings. For example, you can quickly understand where users have made unauthorized changes. NCM offers 53 detailed report templates designed to help you assess your compliance, but you can also utilize custom reports or community-created templates from the SolarWinds THWACK^® community.

The SolarWinds NCM network audit solution comes with dozens of built-in reports falling into ten categories.

The primary category is Network Audit, which includes reports displaying the results of audit checks. The specific reports in this category include the following:

• Config Transfer Audit: This report displays information on config transfers.
• Real-Time Change Detection Audit: This report displays your change notification messages on nodes within the network.
• User Activity Tracking Report: This report displays relevant information on the node activity within your network.
• Vulnerability State Change Audit:This report displays information about changes in the vulnerability state.

In addition to these four essential network auditing reports, NCM also has many other reports for the following categories:

• NCM Brocade Inventory: Reports in this category display information about the agent config modules and physical entities running on the chassis of Brocade devices.
• NCM Cisco Inventory: Reports in this category display information about the system’s physical properties.
• NCM F5 Inventory: Reports in this category provide insight into the physical entities of your discovered F5 systems and GTM and LTM object activity details.
• NCM Inventory: Reports in this category deliver information about network services and physical entities configured on your NCM-discovered devices.
• NCM Node Details: Reports in this category provide details like status, availability, events, response times, and alerts for every node managed by NCM.
• NCM Polling Status: Reports in this category provide information about your network’s polling and rediscovery cycles.
• NCM Security: Reports in this category provide insight into logins and security settings.
• NCM Windows Server Inventory: Reports in this category provide information about the services and software installed on Windows nodes.

With a network audit system like SolarWinds Network Configuration Manager, you can find device configurations not complying with policies using policy reports. From there, all it takes is a couple of clicks to remediate the issue and verify the change was implemented.

To find and remediate policy violations in NCM, you must do the following:

• Make sure your cached compliance information is updated for effective network auditing. To do this, you can view a policy report to see the cached information. If it isn’t up-to-date, you can update it by enabling automated updates or by performing the update manually.
• Once the cached information is up-to-date, you can view a current policy report displaying the current cached policy information and all the policy violations found the last time NCM ran a report. You can see icons representing the violations on each node so you can quickly identify where there are issues.
• If there are violation icons, click on each one to see which rule was violated and if there’s a remediation script available to address it. If the script is available, you can run it automatically to remediate the issue on either a single node or on all the nodes with the same violation. If there isn’t an existing script, you can remediate the issue by editing the file.
• Finally, you can view a new policy report to be sure the issue was actually remediated.

As a network audit solution, SolarWinds NCM has a straightforward process for auditing Cisco routers for policy compliance. The NCM network auditing tools have out-of-the-box policy reports designed to make verifying and maintaining policy compliance simple.

To run a Cisco security audit report on NCM, you must do the following:

• Navigate from your dashboard to Network Configuration to Compliance. From there, you can select a report and click Update Selected.
• Next, click the report name to see the Report Details page.
• If there’s an icon indicating a violation, go to Violation Details and click Execute Remediation Script on This Node.
• Finally, run the report again to make sure the issue has been resolved and isn’t displayed any longer.

There are three main types of alert actions in the SolarWinds NCM network audit tool:

• Backup Running Config: Here, NCM downloads the latest configuration from the context node, writing the results to an alerts table so the data can be used when an alert is processed.
• Execute Config Script: Here, NCM executes the command or commands you entered in the Command Script to Execute field.
• Show Last Config Changes: Here, NCM performs a query to discover the most recent configuration changes and compares those changes either to the next-to-last downloaded config or to the baseline config, depending on how you set up your alert action. When an alert gets triggered, the NCM action’s results are stored to be used as part of the runtime processing of an alert.