The truth is that most companies do not have trustworthy inventory of things enabled on their network, period.
Or they think they do until some kind of datacenter migration comes, or security audit, which reveals forgotten virtual servers, non-accounted test databases, default SNMP communities, and many other bugs from the wild wild rain forest. Just FYI – the rain forest has the biggest variety of them.
So sometimes, the need arises to get the picture enlarged and with all details revealed. There are many tools on the market that perform some sort of automatic discovery on your network. What exactly can it bring to you?
Here are just few highlights.
- In the traditional inventory of your datacenter it may take weeks to find all services enabled there. Automatic host and port scan will reveal it within a day. You may be surprised to discover, for example, twice as many instances of FTP service enabled as you expected.
- If your network drawings are out of date, your network devices can be “crawled” and the exact network topology will be reconstructed. Along with full inventory of all devices being checked.
- Sometimes, users blaming network “being slow” do have the point. Having Quality Of Service configured on your network does not really mean it works as expected. Traffic Flow discovery may reveal that some traffic categories are oversubscribed while the others are nearly empty.
Last by not least,- any kind of “discovery” is the admission of fact that organization lacks proper tools or processes or procedures to be aware of all its assets. In the long term, this is what needs to be fixed.
Alex Mavrin, CCIE #7846
Visit http://www.apteriks.com and use FREE ONLINE tools for network professionals.