You should perform a network audit every time your network changes in any substantial way. But more than that, you should conduct one at regular intervals, and even
A general audit doesn't have to be a full-dress exercise. You can do them in an informal way, building a chart in an Excel spreadsheet; or collecting the data and entering it into a database. One way to ease the chore is to draw up some standardized forms that you can hand out to your clients. They can fill in the blanks and return the form, saving you lots of time and effort in this endeavor.
What should an audit cover? There are several aspects you need to be aware of. Obviously, hardware and software must be audited; Asset-management tools help a lot here. Less obvious though, but still very important, is to have an audit that will help you gauge security mechanisms (which users and groups have which rights and privileges, for example), responses to problems and problem escalation, a list of assignments, and areas of responsibilities.
The site LinuxSecurity has published a list of important network audit issues that focuses particularly on security issues. You'll find an article on asset management tools on the SearchNetworking.com site.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in October 2003