Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Network Monitoring tools

Posted on 2005-03-11
Medium Priority
Last Modified: 2013-12-07
Hello Everyone,

I recently started at a new company with a network that is riddled with spyware. I have been slowly going around and removing it but sometimes they just keep coming back. I want to implement a network monitoring tool that will allow me to pin point specific computers as the culprate. Unfortuantly my netowrk uses unmanged switches and hubs so most SNMP tools may be out of the question.

Does anyone have a suggestion for tools i can put in place to help me out?

Question by:kendingo
  • 4
  • 2
LVL 27

Accepted Solution

pseudocyber earned 1000 total points
ID: 13518487
It sounds like you don't really need network monitoring - what you need is Intrusion Detection System.

Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes refered to as scanning), which is a technology developed to assess the security of a computer system or network.
Intrusion detection functions include:

Monitoring and analyzing both user and system activities
Analyzing system configurations and vulnerabilities
Assessing system and file integrity
Ability to recognize patterns typical of attacks
Analysis of abnormal activity patterns
Tracking user policy violations

If you're using unmanaged network - I don't even know where to start because if a virus or spyware is trying to infect other machines on your network they could easily re-infect a machine which was just cleaned.  The only thing I can think of would be to disconnect all machines from the network and scan/clean one at a time and put the clean ones back.

But it sounds like some serious thought needs to be given to your network - with some analysis about managed equipment, IDS, firewalls, patch & OS management, etc.  It would be a chunk of change, but it would be a step towards preventing what you have now.  I realize the powers that be probably wouldn't approve the $$$ without some kind of cost justification/ROI, but at least it would serve to cover your a__.  

Expert Comment

ID: 13521609
Pseudocyber is right.  Network monitoring will not really help you.  If you can't get the "powers that be" to approve the money for the correct hardware, you can try a software solution.  If you have a virus scanner now, great.  Otherwise, I would look into either Mcafee or Norton.  I know there are other cheaper ones out there, but IMHO, these two are the top of thier class and you really don't want to cheap out when it comes to virus scanning.  Then I would look at Ad-Aware Pro or Spy-Bot on EVERY PC you have.  Make sure to get the full version of these products.  This way, once everything is cleaned up, you can tell by looking at log files when someone is infected.

Good luck.

Author Comment

ID: 13929706
These were not the answers i was looking for. I wanted suggestions on network monitoring tools such as MRTG or Cacti. I was able to implement them and worked like a charm. I just gave the points to the first post i didn't feel like dealing with the refund process.

Thanks for the advice.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 27

Expert Comment

ID: 13929718
Thanks, but why the C grade?
LVL 27

Expert Comment

ID: 13929736
I don't know about Cacti, but MRTG helped you find spyware infested machines?!?

Author Comment

ID: 13934612
Hey pseudocyber,

I gave a C grade because you gave me information that was not relavent to the situation, i my opinion. I guess you could view spy ware as a intrusion, but i view it as more of nuisance then a intrusion. My question specifically asked about network monitoring tools and not intrusion detection, ergo the C.

And yes MRTG did help me find spyware infested machines. I used a managed switch from my home lab to connect all of our various hubs and unmanged switches. This narrowed my search from 150 computers to 12-24 in a specific area. From there i could focus my efforts. Not the best scenario but it did the job. Now i have a tool that will allow me to monitor my network more effectivly as i replace my unmanged network devices with manged ones.

LVL 27

Expert Comment

ID: 13934634
Ok, thanks for the explanation.  I'm glad you figured it out for yourself.  

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question