Networks degrade silently. Not all at once, not dramatically — just gradually, over time, as configuration drift accumulates, firmware falls further behind current releases, and undocumented changes layer on top of each other. A switch gets added without updating the topology diagram. A firewall rule gets created for a one-off project and never removed. The Wi-Fi access points in the south wing haven't been touched since the fit-out in 2019 and are running firmware from 2020.

You find out about these problems in one of two ways: by auditing the network proactively, or by inheriting the consequences. A new IT manager walking into an unfamiliar estate, a business preparing for a cloud migration, a compliance audit requiring documented network controls — all good reasons to do this properly before someone else does it for you. This checklist covers what to look at.

DOCUMENTATION AND TOPOLOGY

The first question in any network audit isn't technical — it's whether the documentation reflects reality. In most SMBs, the honest answer is somewhere between "partially" and "not really."

Start by establishing what exists and whether it's current:

  • Network diagram — does a current topology diagram exist? Does it show the actual Layer 2 and Layer 3 structure, or is it a placeholder from the initial install five years ago? A diagram that doesn't show VLANs, uplinks, and inter-device connections isn't a network diagram — it's decoration
  • IP address management (IPAM) — is there a documented record of what's allocated from each subnet? Or do you discover devices by running a subnet scan and seeing what responds? Most SMBs manage this in a spreadsheet, which is acceptable — but it needs to exist and be maintained
  • VLAN register — every VLAN in use should have a documented name, purpose, and associated subnet. If you can't tell what VLAN 40 is for without logging into a switch, the documentation is inadequate
  • Configuration backups — is there a current backup of every managed network device's configuration? If a switch failed today and you had to replace it, could you restore it from backup in under an hour? If the answer involves logging into a device, pulling the config manually, and hoping it's recent, that's a gap
  • Physical cabling records — for structured cabling, does a patch schedule exist showing what connects to what? In a comms room that's been in service for several years, the answer is often "sort of"

HARDWARE AND FIRMWARE

Document every active piece of network equipment — switches, routers, firewalls, wireless access points, and any network-connected appliances. For each device, record:

  • Make, model, and serial number
  • Current firmware version
  • Vendor's current released firmware version for that model
  • End-of-support or end-of-life date
  • Physical location
  • Warranty status

In most SMB environments, this inventory will surface several issues. Common findings include: switches running firmware that's two or three major versions behind current, access points that have reached end-of-support status (meaning no further security patches from the vendor), and at least one consumer-grade device — a home router or consumer switch — that's been pressed into production service because someone needed something quickly and it was available.

Firmware gaps are particularly important because vendors release security patches, not just feature updates. A switch running a version from 2021 will be missing several years of CVE fixes. For devices handling firewall, VPN, or authentication functions, this is a meaningful risk — not a theoretical one.

Flag any hardware that is end-of-life (no longer manufactured) or end-of-support (no longer receiving security patches) as a priority for replacement planning. Budget cycles are real; the point of flagging is to get it into a remediation plan, not to demand immediate replacement.

SECURITY POSTURE

The security section of a network audit is where the most consistently embarrassing findings appear. Not because the people running these networks are careless — but because defaults persist, and nobody revisits them once the initial deployment is complete.

Audit these specifically:

  • Default credentials — are any managed devices still using factory-default usernames and passwords? This sounds basic, but it's a finding in a significant proportion of SMB network audits. Check switches, access points, management interfaces, and any out-of-band access tools
  • SNMP community strings — SNMP v2c with community string "public" is effectively unauthenticated read access to device information. Either change the community string to something non-default, or disable SNMP v1/v2c and migrate to SNMP v3 with authentication
  • Unused interfaces enabled — on managed switches, every unused port should be administratively disabled. An enabled, unassigned port in a reception area or meeting room is a physical access risk — someone can plug in and reach the network
  • Management interfaces accessible from user VLANs — the management IP of every network device should only be reachable from a dedicated management VLAN or jump host. If your switches and firewall management interfaces are reachable from the general user LAN, that's a network design gap
  • Firewall rule review date — when were the firewall policies last reviewed? Rules accumulate. Old policies for systems that no longer exist, temporary rules made permanent, broad "allow all" rules for troubleshooting that were never removed. A rule review should be annual at minimum
  • VPN cipher suites — if your site-to-site VPNs or remote access VPNs are using deprecated encryption (3DES, RC4, MD5 authentication, DH group 1 or 2), those need updating. Most modern firewalls flag this; check the VPN configuration directly rather than relying on dashboard summaries

PERFORMANCE AND CAPACITY

Performance findings in SMB networks are often not about headline bandwidth — they're about mismatches between what's been installed and what devices actually need. Common issues:

  • Uplink utilisation during peak hours — review interface counters on your core and distribution switches during business hours. If your uplinks are regularly hitting 70-80% utilisation, that's a planning item. If they're at 30%, you have headroom
  • Speed mismatches — gigabit-capable devices connected to 100Mbps switch ports is a surprisingly common finding, particularly on older access layer switches. Check the negotiated speed on every port connected to a server, NAS, or primary workstation
  • Wi-Fi coverage gaps — walk the site with a Wi-Fi analysis tool. Coverage maps from the initial deployment don't account for changes in office layout, additional meeting rooms, or the shift to hybrid working that's moved people around buildings. Look for areas with RSSI below -75dBm or consistently poor SNR
  • QoS configuration — if the business uses VoIP or video conferencing, is QoS configured end-to-end? An unconfigured switch will not prioritise voice traffic over a bulk file transfer happening on the same uplink. Check DSCP markings, trust boundaries, and queue configurations on the switches handling voice traffic
  • Internet circuit headroom — what is the average and peak utilisation of the internet circuit? Most ISPs provide utilisation data in the portal or via SNMP. If you're regularly hitting 80% of your circuit capacity during business hours, that's a procurement item

THE AUDIT CHECKLIST

Use this as your working checklist during or after a network audit:

  • Current topology diagram — exists, shows L2/L3 structure, reflects actual state
  • IP allocation documented — IPAM spreadsheet or tool maintained and current
  • VLAN register complete — every VLAN has a documented name, purpose, and subnet
  • Config backups verified — all managed devices have a current configuration backup in a recoverable location
  • Hardware inventory complete — every device documented with firmware version, EOS/EOL date, and warranty status
  • Firmware gaps identified — devices running behind current release are listed and risk-assessed
  • EOL hardware flagged — devices no longer receiving security patches are in a remediation plan
  • Default credentials eliminated — all managed devices use non-default credentials stored in a password manager
  • SNMP community strings changed — or SNMP v1/v2c disabled
  • Unused switch ports disabled — particularly in public-facing or unmonitored areas
  • Management interfaces access-controlled — reachable from management VLAN or jump host only
  • Firewall rules reviewed — within the last 12 months, stale rules identified and removed
  • VPN ciphers reviewed — no deprecated algorithms in active use
  • Performance baselines recorded — uplink utilisation, internet circuit usage, Wi-Fi coverage documented

WANT A PROFESSIONAL NETWORK AUDIT?

We carry out network infrastructure audits for UK businesses — documenting what you have, identifying risks, and recommending practical improvements. See our network engineering services or get in touch to book an assessment.