From time to time, I get projects that include performing network assessments for organizations. The first time I had to do it, I turned to my very good friend – Google – for answers but weirdly enough, I could not find a definitive guide on the steps required to perform a network assessment, just bits and pieces here and there. Therefore, in this article, I will attempt to bring it all together in one place based on my experience and the research that I have done.
CCNA Training – Resources (Intense)
What is a network assessment?
First I need to define what I mean by network assessment because the term is used varyingly. By network assessment, I mean some or all of the following:
Network inventory to discover what network devices are running on the network
Analysis of the network devices to identify obsolete devices, IOS upgrades, and so on
Assessing the performance of the network, e.g. identifying bottlenecks, TCP issues, etc.
Review of the network architecture, for example, to eliminate single points of failure
Security assessment of network devices including security compliant configuration, bugs, vulnerabilities and so on
Notice that I have limited my definition of network assessment to “network devices” such as routers, switches, firewalls, IPS, etc. Therefore, this definition excludes applications, servers, systems, operating systems and so on. The scope of your assessment may include these other devices but I usually limit myself to network devices. In the end, the customer is the one who defines the requirement.
Note: IT in general is meant to be an enabler of business, but management usually sees it as “that thing that gulps money” mainly because of the way we “IT people” handle IT as a purely technical area. Consequently, your network assessment should include the business aspect of IT, instead of being completely technical. However, this article will focus only on the technical aspects of a network assessment.
Generally, I can break down a network assessment into three stages:
Preparing to perform the network assessment
Performing the network assessment using various tools
Post-assessment reports and recommendations
Let’s now take these steps one after the other.
Step #1: Preparing to perform the network assessment
I have found that proper preparation before the actual network assessment goes a long way in reducing the time it will take to perform the network assessment. Preparation includes setting customer expectations like defining scope, length of assessment and so on.
Hint: One common situation that happens is that the network assessment is requested for by management but the network administrators may not have been properly informed and may want to put up some level of resistance. You really don’t want any hindrance to your work so you may want to take your time to explain to the administrators what you want to achieve: help them improve their network. Their reception should improve as opposed to if you are an auditor *yikes.
Preparation also involves making sure that the prerequisites are met. Some of these prerequisites are:
Usually, you need SNMP to be enabled on network devices to be able to perform a network assessment using the tools we will highlight.
You also need SNMP community strings (v1 and v2c) or username/password (v3) to be defined on the devices. Depending on the tool you are using and what data you will be collecting, you will need either read-only access alone or both read-only and read-write access.
Of course, the computer you will be performing the assessment from should have unrestricted access to the network devices. Therefore, access rules may need to be edited. This is very important and should be done before you get on the customer site so that time is not wasted.
Remote-access (Telnet/SSH) credentials should be made available to you. If your customer is using a central authentication server, e.g. RADIUS, they may create access credentials for you on this server. The network administrators may be unwilling to give you this kind of access and that is why communication and buy-in from top management about the network assessment is important.
If you will be assessing the performance of the network, you will probably use a packet capture tool like Wireshark. In such cases, you will need to capture traffic from several points on the network, meaning you will require SPAN ports to be made available to you or you will use a network tap. Whatever the case, you need to confirm what method you will be using.
Hint: Some customers may not have SNMP or other configuration requirements ready for you and if there are a large number of devices, it may take too long without an automation tool. You can refer to this article about using scripts to automate Cisco configuration tasks for a way out.
Step #2: Performing the network assessment
There are a variety of tools you can use to perform network assessments. You probably won’t find the one tool that does everything you need so you will have to use a combination of them. I will divide the network assessment tools into three categories as follows:
Network inventory, analysis, and network diagram
The tools under this category will help you: discover the network devices running in the organization; perform analysis, such as end-of-life, on these devices; and even produce network diagrams automatically from the discovered devices. Solarwinds, NetformX Discovery and neteXpose are all examples under this category. NetformX and neteXpose are better suited for system integrators that frequently carry out network assessments; Solarwinds is more customer-focused.
Note: Solarwinds is a suite of applications rather than a single application. You will need the Solarwinds Network Configuration Manager, Network Topology Mapper and Network Discovery Service tools to perform network inventory and analysis and network diagram generation.
Network performance assessment
A packet capture/analysis tool like Wireshark will come in handy to assess the performance of a network. As the saying goes, “Packets never lie” (I think there’s a saying like that… Hmm). This article explains how Wireshark can be used for analysis.
A NetFlow analyser will also be useful under this category.
Step #3: Post-assessment reports and recommendations
At the end of the network assessment, you need to be able to make sense of all the data you have gathered. More than that, you need to help the company make sense of what you have discovered. For example, are there obsolete devices that should be replaced immediately? Is there an overloaded server on the network that has performance issues?
Tools like NetformX can integrate with the Cisco Discovery Service to provide really great reports such as product lifecycle (EoX) analysis. You can then edit these reports as you see fit. Remember that the really detailed reports may be useful to the techy guys but the management team will need a summary report that explains your findings in a language they can understand.
Below is a snippet of an EoX milestone table in one of the reports generated by NetformX:
Finally, identifying the problem is one thing; providing solutions is another thing. You need to be able to guide your client in the right direction to resolve the issues that have been identified by providing recommendations and highlighting next steps.
In this article, I have attempted to document the steps needed to perform a network assessment including preparing for the assessment, using different tools to perform the actual assessment and providing recommendations at the conclusion of the assessment.
In the next article, I will provide a review of the network assessment tools I have used along with the ones highlighted here. I hope you have found this article useful.