IT Infrastructure health checkup
-
Well we do that
https://darait.co.uk/network-auditing/
On a TLDR level, how it works is like this.
Find out what services you are there to audit, if you don't need to check their mail server, don't touch it. Create a clear scope of what to investigate and check.
Then, you either use tools or check it manually, so if it's a mail server.
Is there a backup SMTP service for mailing out in place?
Are we monitoring blacklists?
Health of the Exchange server as a whole? the DB? Number of accounts?
Exchange Cals in order? Y/NOnce the results are in, explain it to the decision makers, have the conversation with the people who need to know.
Then, what are you going to do about it? What is the action plan?
-
There are SOOOOO many different things you could possibly audit and check on, and the tools to do that are changing all the time.
Come up with a wish list of areas you would like to audit and I'll put together a list for you.
-
Exchange
AD
Switches/network -
We do this quarterly as well as required permissions checks and stuff. We monitor normally with OpManager and sometimes the BPA tool. For Audit we use a number of tools including AD Permission Reporter, AD Info, AD Photo Edit, AD Tidy, NTFS Premissions reporter, Service Credentials Reporter. For the permissions reports they are given to the department heads and they are required to sign off on them.
-
Performance / Capacity Planning checking is good too. As well as log scouring.
-
@scottalanmiller said:
Performance / Capacity Planning checking is good too. As well as log scouring.
What do you use for log scouring, or do you do it manually?
-
@Dashrender said:
@scottalanmiller said:
Performance / Capacity Planning checking is good too. As well as log scouring.
What do you use for log scouring, or do you do it manually?
Depends. At a customer who has no log infrastructure, manually.
-
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
-
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.
-
@thecreativeone91 it's an afternoon for 3 people & good excuse to talk about issues and potential solutions far less formally than weekly meetings
-
@MattSpeller Probably far more productive too since things are not formal.
-
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.
-
@thecreativeone91 said:
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.
Of course, if doing monthly. When you are doing it internally, I think log management is a must. ELK, Splunk, Loggly, whatever. If it is a client that refuses log management, manual might be a requirement.
-
@dafyre said:
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.
If you aren't ready to manage ELK, Loggly is low cost and very nice. I like the product and the team. Good people.
-
While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?
-
@dafyre said:
While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?
-
@coliver Thanks. That one looks pretty slick.
-
-
Lets assume this is a one time job for a client, I would assume the tools would be:
BPA for the corresponding MS product
Lynis for Linux security Audit
For exchange, points mentioned by @Breffni-Potter
AD- tools suggested by @thecreativeone91
OpenVAS or Nexpose or Nessus or GFI Languard
MBSA
Sydi for network documentationNot sure on a one time audit, if we can use some sort of log management
-
Yes you have to check logs for a one time audit, otherwise what's the point?
If the DC is screaming about an easily preventable group policy conflict, how will you pick that up apart from logs?
