Network Auditing - Technical Challenges

Network Auditing - Technical Challenges

The benefit of remote audits is that the auditing agent only needs to be installed on a single machine (for each network that you manage) rather than on every machine that you want to audit.

However, the information that you are gathering should not be available to the world at large and any discussion about remote auditing would be incomplete without devoting some serious attention to network security, which we'll discuss in detail in section 8 (A strategy for your network).

Additionally, machine audits using Enterprise Server involve the transfer of a certain amount of data between the auditing agent and the machine that you wish to audit. So we will also spend some time in section 8 discussing the performance implications of using network audit agents to perform remote audits as compared with auditing machines locally using machine audit agents such as EntAudit.exe.

First of all however, before addressing the somewhat more advanced topics of security and performance, we'll summarize the basic requirements that must be met in order to be able to audit machines remotely using a network auditing agent such as ENT NetCenter or ENT Network Monitor.

The network auditing agent must either be aware of or be able to discover the machines on the network

The network auditing agent must be able to connect to each of the machines that you want to audit

The network audit agent must be able to interrogate (audit) each machine in order to obtain the information that will eventually be stored in your enterprise inventory.

The network audit agent must be able to store the information that it collects in your inventory. So your ENT Server must be available to the network audit agent.